US Critical Organizations Alerted of Threats to SATCOM Networks by CISA and FBI
What Should SATCOM Network Providers and Customers Do?
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) announced yesterday that they are aware of potential threats to satellite communication (SATCOM) networks in the United States and around the world.
The security advisory issued yesterday also notified US critical infrastructure entities about the risk of SATCOM providers’ customers being affected as a result of network breaches.
Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments.
CISA and FBI strongly encourage critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in this CSA to strengthen SATCOM network cybersecurity.
In light of the current geopolitical situation, CISA’s Shields Up initiative requires all companies to lower their threshold for reporting and sharing signs of cybercrime.
The new warning comes after the KA-SAT network of US satellite communications provider Viasat, which is “intensely used by the Ukrainian military,” was hit by an attack. Satellite services in Central and Eastern Europe were disrupted as a result of the cyberattack.
According to BleepingComputer, the outage also disconnected roughly 5,800 wind turbines in Germany and affected customers from Germany, France, Italy, Hungary, Greece, and Poland. The outage also impacted approximately 5,800 wind turbines in Germany, as well as customers in Germany, France, Italy, Hungary, Greece, and Poland.
Mitigations for SATCOM Network Providers and Customers
Critical infrastructure organizations and other entities that are SATCOM network providers are strongly recommended by CISA and the FBI to review and apply mitigations such as putting in place additional monitoring at ingress and egress points to SATCOM equipment to look for anomalous traffic.
Also, both SATCOM Network customers and providers should:
- Use secure authentication methods, including multi-factor authentication where possible, for all accounts used to access, manage, and/or administer SATCOM networks.
- Implement the principle of least privilege through authorization policies.
- Review existing trust relationships with IT service providers. Threat actors are known to exploit trust relationships between providers and their customers to gain access to customer networks and data.
- Use independent encryption on all communications links leased from or offered by your SATCOM provider.
- Improve the security of operating systems, software, and firmware. Make sure that strong vulnerability management and patching practices are in place, and that, following testing, known exploited security flaws included in CISA’s living catalog of known exploited vulnerabilities are immediately patched.
- Keep an eye on network logs for unusual behavior and unauthorized or suspicious login attempts.
- Develop, maintain, and exercise a cyber incident response plan, a resilience plan, and a continuity of activities plan to ensure that critical functions and operations can continue to run if technology systems are disrupted or must be forced to shut down.
All organizations are urged to report incidents and anomalous activity to CISA 24/7 Operations Center at firstname.lastname@example.org or (888) 282-0870 and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.