Following the cyber attack on the Viasat internet services in Ukraine and other parts of Europe, many have been on high alert. While Viasat has said that the attack did not compromise customer data or affect U.S. government customers, the situation has pushed the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to respond. Both CISA and the FBI say they are aware of possible threats to U.S. and international satellite communication (SATCOM) networks.
Cyber Attacks not a Coincidence
Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments. Additionally, the fallout from the Viasat attack has taken weeks to recover from, and it will take time to review future security repercussions. The Viasat attack was just one of several cyber intrusions as Russia invaded Ukraine.
“Russia’s aggression, the intensity of cyber-attacks against Ukraine’s vital information infrastructure hasn’t decreased,” the State Service of Special Communication and Information Protection of Ukraine said in a bulletin. “While Russian missiles are targeting physical infrastructure of communication and broadcasting, Russian hackers are targeting our information infrastructure.”
CISA Says Shields Up
Given the current geopolitical situation with Russia’s invasion of Ukraine, CISA’s Shields Up initiative requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity. CISA and FBI will update their joint Cybersecurity Advisory (CSA) when and if new information becomes available so that SATCOM providers and their customers can take additional mitigation steps pertinent to their environments.
CISA and FBI are strongly encouraging critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in their CSA to strengthen SATCOM network cybersecurity.
actions and mitigations for SATCOM network Providers
The following actions were provided as immediate steps to take:
- Use secure methods for authentication.
- Enforce principle of least privilege.
- Review trust relationships.
- Implement encryption.
- Ensure robust patching and system configuration audits.
- Monitor logs for suspicious activity.
- Ensure incident response, resilience, and continuity of operations plans are in place.
CISA and FBI also provided specific mitigations for critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement.