In recent weeks the subject of cyber threats and cyber security related to satellite communications has emerged again. Was it triggered by the recent IOActive report: ‘A Wake-up Call for Satcom Security’ by Ruben Santamarta, or the IntelCrawler report in January 2014 stating that VSAT terminals are open for targeted cyber attacks? Or the request from international space agencies (e.g., ESA) for technology studies on cyber security, to improve the resilience of cyber incidents and reduce the cyber threat? In any case, cyber security for satellite communications is a hot topic.
It is no coincidence that cyber security is now a focus for the satellite market. Networks around the world are becoming more hybrid and connect terrestrial (fiber, wireless) and satellite communication infrastructures. In order to secure the entire network, all weak points need to be identified, audited and overcome.
Satellite communications are increasingly moving towards net-centric end-to-end IP networks. The advantage of this conversion to an IP environment is the increased interoperability, the more efficient workflows and the reduced CAPEX costs. On the other hand, the IP infrastructure opens up to cyber threats that are also encountered by the terrestrial communication counterparts. No wonder NATO decided during the Chicago Summit Declaration in 2012 that the protection of the Alliance information and communication systems had to become a priority.
Investing in cyber security and mitigating the risks is comparable to acquiring insurance. Companies and governing bodies do not like to, as it brings additional costs without immediate return on investment. Yet, when the satellite network of a company or government organization is subject to a cyber attack, the economic damage can be severe.
For example, in the energy industry, satellite networks are often used for supervisory, control and data acquisition (SCADA) applications. To tamper with these communication lines could lead to incorrect decisions being made, which lead to serious consequences. Stealing sensitive data or blocking a party from the Internet can significantly improve another party’s economical or strategic position.
If a broadcast feed from the upcoming FIFA World Cup final was disrupted, publicity revenue losses would be severe and the broadcaster would need to have a good explanation in order to win back the millions of upset television viewers. Then consider, what if a military operation was compromised and human lives were at stake as a result of a cyber attack?
The issue here is that although the topic of cyber threat for SATCOM systems is quite specific, the number of security measures to be taken is still very wide. We can identify four main threats when considering satellite communication security.
There are the attempts to infiltrate the satellite network ground infrastructure remotely through the Internet or private network connection. Here we need to consider teleport uplink and remote downlink sites.
The importance of the human factor cannot be neglected when people with malicious intent obtain physical access to the satellite communications equipment, or can plug in foreign devices (laptops, USB sticks) into the local network.
The satellite link itself needs to be secured against eavesdropping, jamming or (un)intended interference.
The satellites themselves need proper protection in order to facilitate maximum availability for commercial and mission critical links.
As with cyber security for terrestrial communication infrastructures, if you take some basic rules, procedures and guidelines into account, the majority of cyber threats in satellite communication environments can be mitigated. The ISO (International Organization for Standardization)—IEC (International Electrotechnical Commission) 27000-series documents on Information Security Management and the NIST (National Institute of Standards and Technology) Executive Order 13636: “Improving Critical Infrastructure Cybersecurity, a Preliminary Cybersecurity Framework” might provide some practical guidelines. The latter document specifies a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks.
The cyber threat risks are organized around five core activities that must be performed when dealing with security risks: identify, protect, detect, respond, and recover. For each of these activities, the framework sets out a number of methods, practices, and strategies it recommends for effectively minimizing cyber risks.
The four main threats for satellite communications can be matched with the five core activities in order to set up a security policy—for
example, a satellite network ground infrastructure that could be intruded on from outside of the teleport or remote site premises. The most common way of hacking is through the automated port scans, where individuals or programs operating in the Internet will scan the ports of all IP addresses in certain IP ranges, including VSAT terminals, and depending on the ports, try to log in.
With this activity, we see a massive flood of TCP connections and IP ping messages to terminals and any device behind those terminals. Generally, when logging in does not succeed, the scan software hops to the next IP address and continues the search along the Internet.
If hackers eventually do locate a poorly secured VSAT terminal, they can intercept data, block the service (Denial of Service) or release malicious software in the form of trojans or viruses. The additional risk here is that the hackers, through this compromised VSAT terminal, could acquire access to the complete satellite network. It offers the hackers a platform for snooping on any passing Internet traffic and stealing credit card data or passwords.
To come back to the NIST cyber security policy (identify, protect, detect, respond, and recover), the identified threat here are the automated port scans. It is possible to protect the VSAT terminals against these scans and malicious login attempts by not allowing the VSAT terminals direct connectivity to the Internet. You can remotely connect to the VSAT terminal, but only if you bypass the VSAT hub, using the hub as an intermediate hop. The non-used ports of the VSAT should be shielded off in order for them to not be exploited by hackers.
You can also protect the devices in the customer premises network by filtering, blocking or detecting if they are subject to hacking attempts. In this scenario, the VSAT hub or terminals are considered on equal terms as any other critical IT network equipment and are part of the organization’s general IT security policy (including network security planning, intrusion detection systems, firewalls, anti-virus etc.). Raising the awareness and the training of the organization’s personnel, at the teleport uplink as well as at the customer site at the remote end of the satellite link, will decrease the cyber security incidents drastically.
A hacking attempt is not usually a singular incident. It is important to detect and document the various attempts in a timely manner in order to understand the impacts and the effectiveness of the protective measures.
Whenever the satellite network is hit by a cyber attack, it is crucial to respond quickly and to inform the appropriate internal and external stakeholders. This is quite important when passwords or bank card numbers are stolen so access to their numbers can be immediately blocked.
Additionally, activities need to be performed to prevent the expansion of the security breach, mitigate its events and eradicate the incident. Finally, a recovery plan is executed and the protection levels are upgraded with the lessons learned.
The previous example only depicts one of the many possible security incidents and how to deal with them. VSAT manufacturers today are already taking measures in order to limit and mitigate cyber threat risks. However, this is not enough—in order to adequately secure a satellite network, a general cyber security policy must be put in place. Only by closing all the IT security gaps the integrity and safety of the information flow can be maintained in a hybrid net-centric network environment.
About the author
Koen Willems is Market Director Government and Defense at Newtec (http://www.newtec.eu), a market leader in satellite communication technologies. Joining Newtec in 2008, he has been in charge of the launches of many of Newtec’s newest products and technologies including professional IP modems, the all new Newtec Dialog Platform, FlexACM® and DVB-S2X technologies. He also has also been responsible for the development of the government and defense market for Newtec.
Please follow Koen via twitter (@WillemsKoen) or contact via mail (firstname.lastname@example.org).