Who’s keeping satellites safe from cyberattacks?
Intelsat’s Network Operations Center mages and monitors its customers’ satellite traffic. Credit: Intelsat
IoT will present enormous challenges for people who offer satellite communications products and services because each connected device from refrigerators to tractors offers hackers a point of entry into the network and a way to target other elements of the network.
This article previously appeared in the April 10 issue of SpaceNews magazine.
WASHINGTON Vinit Duggal was updating his family s home wireless network recently when he noticed 39 connected devices, including phones, laptop computers, printers, alarms and a couple of televisions. Even Duggal, director and chief information security officer for satellite fleet operator Intelsat, was surprised by the number of connections. I thought, How do I have all these things, he said.
Vint Duggal, Intelsat director and chief information security officer. Credit: Intelsat
That s just the beginning. In the next few years, the number of connected devices in homes, offices, farms and transportation hubs is expected to skyrocket. The Internet of Things (IoT) promises to simplify life by offering a way for people to remotely control appliances and maintain broadband connections while traveling in cars, trains, ships and aircraft. At the same time, IoT will present enormous challenges for people who offer satellite communications products and services because each connected device from refrigerators to tractors offers hackers a point of entry into the network and a way to target other elements of the network.
The more we integrate, the more vulnerabilities we see, Donna Bethea-Murphy, global regulatory senior vice president for telecommunications satellite operator Inmarsat, said March 8 during a cybersecurity panel at the Satellite 2017 conference.
That threat was illustrated in October when hackers used connected cameras and digital video recorders to take down Amazon, Twitter, Netflix and other popular internet sites. That is the risk, Duggal told SpaceNews. Your connected fridge could attack you. To fight back, satellite equipment and service providers are taking a variety of steps, including updating their own security procedures, carefully selecting partners and sharing threat information.
We have to stay vigilant, said David Henning, Hughes Network Systems director of network security. There are always going to be a variety of groups out there that are going to try to go after us. For satellite and teleport operators, those groups include individual hackers trying to disrupt communications as well as sophisticated nation states.
We are not only subject to the classic commercial-threat actors, but because we carry communications that are mission critical, we are targeted by nation-state actors, said Andrew Tomaszewski, chief information officer and chief information security officer for VT iDirect, a VSAT equipment manufacturer based in Herndon, Virginia.
For iDirect, defense begins with testing and repairing the products it sells rather than relying on customers to perform that work. iDirect also hires third-party experts to evaluate its software code and the firm runs an incident response program.
If our customer or partner reports incidents or security issues, we have a response protocol that s built into the company, Tomaszewski said during the panel. Everyone knows what to do when one of those calls comes in. Vigorous incident response protocols are becoming more widespread. ITC Global, which offers satellite communications for remote energy, mining and maritime customers, is owned by Panasonic. The company operates a security operations center around the clock with a team purely focused on security, Chris Hill, ITC Global chief technology executive, said during the panel. Increasingly, satellite communications firms also are taking a close look at the security procedures employed by their partners and customers because any weak link can compromise the network.
Intelsat, for example, pays cybersecurity firms to assess the VSAT equipment its customers use to gain access to satellite links.
We pay for that ourselves, Duggal said. There is an automatic, default expectation that security is built into VSAT platforms. It s not. When we go to market as an industry there are a lot of moving parts. Overall, Intelsat spends about five percent of its technology budget on information security. If you address security up front and make it a part of your engineering cycle, it reduces the cost dramatically, Duggal said. For those that complain security is expensive, it s because they are addressing it after the fact. It s expensive to reengineer systems, solutions and software. Companies also evaluate their component suppliers. Hughes Network Systems, for example, turned down business in the past when a customer explicitly requested equipment from a manufacturer the U.S. government cited as a potential threat.
When I raised the security red flags, it very quickly became clear that we didn t want to touch this, Henning told SpaceNews. He declined to name the customer or equipment manufacturer.
Customers and partners respond in dramatically different ways to conversations about cybersecurity.
With NATO, it s the first part of the discussion and all the way through the discussion, Simon Gray, humanitarian affairs vice president for satellite fleet operator Eutelsat, said during the panel. If you are dealing with any military customer, that is one of their first questions. The same is true for customers who oversee critical national infrastructure, like pipelines, said Dave Rehbehn, Hughes Network Systems international division vice president. They take security to an extreme, he told SpaceNews. Other customers pay little attention. Some customers are set up to absorb information and act on it, Hill said. Other customers eyes glaze over and they say, I m not sure what you are talking about. In those cases, the service provider needs to help them understand the problem and what is at stake, Hill added.
Those discussions are an important element of cybersecurity. As cyber threats proliferate across systems and networks, our industry is responding to ensure stability, said Bethea-Murphy, who led the Satellite Industries Association and Global VSAT Forum s joint cybersecurity working group. We do this through communications. We have to talk to each other at every level, whether it is directly with customers, with manufacturers, with government agencies.
Staying a step ahead of a cyberattack
Satellite operators are adopting safeguards to ensure the same features that enable communications satellites to respond quickly to changing demand don t make spacecraft vulnerable to cyberattack.
Skynet 5 satellite. Credit: Airbus
Britain s Skynet 5 military satellite telecommunications system, managed by Airbus Defense and Space, offer customers the ability to change the shape and power levels of communications beams. Intelsat may incorporate such beam-shaping technology on future EpicNG satellites.
You can change the shape of the beam whenever you want to from the ground, said Mark Daniels, Intelsat General Corp. s vice president for new technologies and services. You can start with a beam shaped for a particular region but if demand changes or there are problems with jamming, you can reconfigure the beam to increase the coverage area or notch out an area to avoid jamming. The same flexibility that helps operators mitigate jamming problems, could pose a hazard if an attacker took control of a satellite. Anytime you have something up there with that much flexibility, you need more cybersecurity around it because someone might take advantage of that flexibility, Daniels said. To prevent that, satellite operators who already encrypt their command uplinks are starting to encrypt telemetry downlinks.
There is a desire to see spacecraft that support U.S. national security also encrypt the telemetry downlink, said Patrick Rayermann, director for space and national intelligence, surveillance and reconnaissance at Semper Fortis Solutions, a technology consulting company based in Leesburg, Virginia. That s because even if you ve encrypted your command uplink, people might be able to replicate an encrypted signal. If the telemetry downlink is unencrypted, they could tell if they succeeded in inserting a command.
By encrypting telemetry, satellite operators also safeguard information on the location of steerable beams, which in the case of military communications, could signal the location of warfighters, Daniels said.