CISA, FBI Warn US critical Orgs of Threats to SATCOM Networks
CISA and the FBI said today they’re aware of “possible threats” to satellite communication (SATCOM) networks in the US and worldwide.
Today’s security advisory also warned US critical infrastructure organizations of risks to SATCOM providers’ customers following network breaches.
“Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments,” CISA and the FBI said.
“CISA and FBI strongly encourages critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in this CSA to strengthen SATCOM network cybersecurity.”
While the two federal agencies advised SATCOM network providers to add extra ingress and egress monitoring to detect anomalous traffic, they also shared common mitigation actions that should be implemented by both customers and providers, including:
- Using secure methods for authentication, including multifactor authentication where possible
- Enforcing principle of least privilege through authorization policies
- Review existing trust relationships with IT service providers to remove potential attack vectors
- Implement encryption across all communications links leased from, or provided by, your SATCOM provider
- Ensure robust patching and system configuration audits
- Monitor logs for suspicious activity
- Ensure incident response, resilience, and continuity of operations plans are in place
KA-SAT satellite network sabotage
Today’s warning comes after the KA-SAT network of US satellite communications provider Viasat — “used intensively by the Ukrainian military” — was affected by a cyberattack that led to satellite service outages in Central and Eastern Europe after
The outage also disconnected roughly 5,800 wind turbines in Germany and affected customers from Germany, France, Italy, Hungary, Greece, and Poland.
Viasat officials told CNN that satellite modems belonging to tens of thousands of European customers, including Ukrainians, were disabled in a “deliberate, isolated and external cyber event,” following a cyberattack on February 24, roughly around the time when the Russian army invaded Ukraine.
The Viasat hack is now also investigated by the US government as a potential Russian state-sponsored cyberattack, according to an NSA statement noting an inter-agency and allied effort (including French ANSSI and Ukrainian intelligence) to “assess the scope and severity of the incident.”
The NSA confirmed that it’s “aware of reports of a potential cyber-attack that disconnected thousands of very small-aperture terminals that receive data to and from a satellite network,” as first reported by CNN.
Victor Zhora, CDTO (Chief Digital Transformation Officer) at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, said the satellite hack “was a really huge loss in communications in the very beginning of the war.”