Both U.S. and international critical infrastructure organizations and other organizations that are SATCOM network providers are now advised to heed the latest security recommendations laid out in CISA’s new cybersecurity advisory.
Intrusions Could Pose Risk to SATCOM Environments
Potential intrusions in the form of cyberattacks on international SATCOM networks “could create risk in SATCOM network providers’ customer environments,” CISA said. At least eight million Americans use SATCOM networks to access the internet, together with a wide range of businesses such as media, government, aviation, and the military as well as critical infrastructures like energy and gas. Given the current geopolitical crisis and abundance of cyber incidents stemming from the crisis, CISA’s Shields Up initiative is requesting that “all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity,” CISA added. In addition to the CISA and FBI warnings, the British and French governments have both also warned of the current risks relating to SATCOMs as a result of DDoS and malicious firmware update cyberattacks last month on Viasat Inc’s KA-SAT satellite internet modems emanating from the Russia-Ukraine crisis. The cyberattacks disrupted customers in Ukraine and wider Europe, even causing thousands of wind turbines to shut down in Germany. These modems also supply the internet to millions of customers across Europe and in Ukraine.
Mitigation Recommendations
At the moment, cyber risks affect not only satellite communications but optical communications, radio, and mission control station transmissions all over the world. For these reasons, security recommendations were released by both CISA and the FBI for critical infrastructure organizations and SATCOM network users. The list is as follows:
Putting in additional monitoring at ingress and egress points for SATCOM equipment to look for anomalous traffic Referring to the ODNI’s Annual Threat Assessment for specific state-sponsored SATCOM cyber threat activity Using complex passwords and multi-factor authentication where possible that align with NIST guidelines Auditing accounts and credentials Enforcing principles of least privilege throughout authorization policies Reviewing trust relationships Implementing independent encryption Strengthening the security of operating systems, software, and firmware Monitoring logs for suspicious transmissions Creating cyber incident response plans, resilience plans, and continuity of operations plans
All organizations may contact the FBI, or the CISA 24/7 Operations Center to report incidents or anomalous activity at report@cisa.gov.
