CISA and FBI experts have warned CI operators about possible threats to satellite communications networks (SATCOM) in the United States and around the world.
Successful hacking of the SATCOM network can create a risk for the client environments of SATCOM network providers. CISA and the FBI strongly recommend that critical infrastructure organizations and companies that are suppliers or customers of the SATCOM network consider and implement protective measures to enhance cybersecurity.
Two federal agencies advised SATCOM network providers to add additional monitoring of incoming and outgoing traffic to detect abnormal activity, and also shared common measures to prevent exploitation of vulnerabilities:
-
Use of secure authentication methods, including, if possible, multi-factor authentication.
-
Applying the principle of least privilege with authorization policies.
-
Review of existing trust relationships with IT service providers in order to eliminate potential attack vectors.
-
Implementation of encryption on all communication channels leased or provided by the SATCOM provider.
-
Providing reliable fixes and auditing of the system configuration.
-
Tracking suspicious activity logs.
-
Ensuring the availability of incident response plans, sustainability and continuity of operations.
The warning came after the KA-SAT network of the American satellite communications provider Viasat was subjected to a cyberattack that led to disruptions in satellite communications in Central and Eastern Europe.