Laura Galante on Where Politics and Cybersecurity Collide
In her role as senior fellow at the Atlantic Council, Laura Galante often looks at cybersecurity through the lens of politics and policy. During the CyberSat 2017 Summit on Nov. 7, Galante will moderate a panel titled “Fact Vs. Myth: What We Know So Far As It Relates to Cyberattacks in Aerospace and Satellite.” Via Satellite spoke with Galante ahead of the panel to get her perspective on the biggest cybersecurity issues driving concern in the geopolitical sphere, and how nation-states plan to respond to them.
VIA SATELLITE: Would you say the U.S. government has a good awareness of its cybersecurity vulnerabilities?
Galante: I think that the sense of what’s vulnerable has been a big discussion at the Department of Defense (DOD) for years. The various and many pieces of the DOD have always been the tip of the spear in terms of thinking through the threat. What gets scarier and creates more vulnerability is the number of different assets out there, particularly in space, that are in private hands. Intelsat is a great example. Intelsat started out as a government effort getting satellites in the air, and got sold off and privatized. What this speaks to is that the government can be thinking through threats and vulnerability — but is the broader ecosystem of communications and satellite providers with enormous amount of skin in the game thinking through the risk?
VIA SATELLITE: How big is the cybersecurity threat in the modern era? How worried should satellite operators be?
Galante: I think it’s an area that’s worthy of more attention. The financial sector has obviously over the last 15 years been at the forefront of thinking about vulnerability. They’ve had an enormous amount of incidents that have been well covered, from retailers to banks to the stock market. The other area that’s gotten a ton of coverage is how nation-states have gone about espionage online and where that has crossed into different types of activities: see Russia 2016.
But the area where we haven’t had the same level of nuance in discussion is in backbone and overriding infrastructure vulnerability, whether that’s satellite, Industrial Control Systems (ICS), etc. — the not-as-glitzy parts of the internet that are the skeleton for a lot of our modern communications. Look at shipping — [the industry] is massively dependent on GPS, which has been jammed many, many times. Thinking about redundancy and vulnerability is the next step that needs to be taken when it comes to these industries.
VIA SATELLITE: What are the consequences we face in becoming complacent about cybersecurity threats?
Galante: With satellite communications in general, when you have escalatory situations in geopolitics one of the first things militaries have wanted to do since the beginning of time is cut off the communications of the other side. And we saw a preview of this in Ukraine in 2014 in Crimea. The bigger picture is, if you’re not putting the vulnerabilities of communications networks up front and center, you really risk losing an enormous strategic advantage at the beginning of a conflict.
|Don’t miss our CyberSat Summit on Tuesday, Nov. 7 and Wednesday, Nov. 8 in Tysons Corner, VA, where leading experts on cybersecurity will share the best practices for achieving end-to-end protection within the satellite ecosystem. Register now!|
VIA SATELLITE: Who are the actors the U.S. government is or should be most worried about?
Galante: I think China is the key adversary to focus on when it comes to threats to satellite and the broader communications network. There were a variety of incidents where China has been very interested in getting details about GPS, and part of this is domestic growth in their own national security and military needs. They need to have the technology that everybody else is playing with to be able to modernize their existing military, so there’s definitely been a push to figure out how to get that information, whether it’s through industrial espionage, which was rampant out of Beijing for years, or figuring out how to implement what they know in the South China Sea, which is where China is exercising power.
China just recently stated it is a global military, and when you zoom out the U.S. is one of the few, if only, countries that has a military presence in all domains: space, air, sea, [land], and now of course cyberspace. Russia is the other.
And China is willing to challenge the U.S. on that — not loudly, like Russia is — but smartly.
VIA SATELLITE: You’ll be moderating a panel on myths vs. facts in the cybersecurity arena. What’s one myth you’re hoping to break down?
Galante: One of the big questions that’s out there is spoofing. For a long time, jamming GPS or any sort of communications’ radiowave was not very hard because the signals are so weak. But the bigger question [is] that June 2017 incident in the Black Sea. What looks like happened is a variety of shipping vessels were redirected somewhere. This wasn’t jamming, this was spoofing, which is telling them that they were somewhere that they weren’t.
If you’re able to cover your hand up in how you’re manipulating Command and Control (C&C), you’re able to create confusion and chaos. That’s going to be really scary. What I can’t wait to get good read on from the panelists is how worried do we need to be about this? How much do they think is true out of that June 2017 incident, and do they think that [it] was a one-off?