As the cyber-threat makes the leap into orbit, satellite operators and users are focusing increased attention on the security of their communications systems.
Once effectively isolated, and so protected, from outside intrusions, SATCOM networks today have largely completed the transition from circuit- to Internet Protocol-based technology, as integral parts of broader networks operated by the Department of Defense and industry. With that shift have come not only improvements in efficiency and interoperability, but also greater potential vulnerability to the advanced, persistent and apparently state-supported cyber-attacks that have become increasingly pervasive.
Reports in 2011 that NASA satellites had been hacked a few years before have added to concerns that vital government and private SATCOM systems linking military and intelligence forces worldwide could be degraded or mined for secret information.
The SATCOM industry is responding by ramping up efforts to comply with security standards, such as those developed by the National Institute of Standards (NIST), and introducing new products and services, such as a recently announced satellite cybersecurity assessment service.
In addition, key government programs such as the Defense Information Systems Agency/General Services Administration’s Future COMSATCOM Services Acquisition program are featuring enhanced information assurance requirements.
A number of factors have come together to heighten the importance of SATCOM cybersecurity, noted Stuart Daughtridge, vice president of advanced technology at Kratos Defense & Security Solutions.
“Obviously, the threat has changed--cyber-threats have become much more significant,” Daughtridge explained. “But there also have been a lot of changes in the satellite world that have impacted this as well. First, satellite systems used to be very stand-alone and isolated, relying on the ‘air gap’ as their security mechanism. That’s changing both on the network side, where they’re connecting more and more to IP networks and are now a piece of a bigger network, and on the control side, because to drive efficiency in operations, they have remote engineers being able to call in to support the system. So you have to make allowances in your air gap solution to enable people to have remote access. The other challenge is that air gap solutions have now been proven to be able to be breached, so they are no longer the end-all security feature that they once were.
“SATCOM equipment used to be very unique in its command and control protocols. But most of the monitor and control functions for RF networks are moving to standard IP, which is great for interoperability and efficiency, but is not good from a cybersecurity perspective, because now it’s just another node on the network that can be attacked,” he said.
Assessing the Risk
To address the increasing threats and unique requirements of the satellite industry, Kratos recently introduced the SATCOM Cybersecurity Assessment service. With cybersecurity legislation expected soon to require the application of NIST information assurance standards for all U.S. critical infrastructure, including satellite communications, company executives note, the assessment will help ensure compliance readiness for these forthcoming security regulations.
“Our view is that you need to have a clear assessment of your risk posture. Every system has vulnerabilities, and there is always risk associated with operating networks. The key thing is to do a deep dive on where you stand relative to your risk posture across the spectrum, from end to end,” said Christopher Fountain, senior vice president of Kratos’ SecureInfo. “We advocate a robust assessment of risk, leveraging the control frameworks that are being required by systems used by the government and Department of Defense,” he said.
In addition, RT Logic, a Kratos company, offers CyberC4, its family of products for the SATCOM environment that deliver situational awareness, system hardening, insider and external threat protection, and active defenses. Components include CyberC4:Alert, which it bills as the first Security Information Event Management system specifically for satellite networks; CyberC4: Armor, which provides anti-tamper protection for mission-critical devices used in satellite ground networks; CyberC4:Capture, which counters insider threats; and CyberC4:Guard, a cross-domain solution for controlling the transfer of information between different security levels.
Satellite operators also are moving to address cyber- and related security concerns. Intelsat General, for example, offers roundthe- clock monitoring and proactive security in the Intelsat Secure Operations Center, defense-in-depth design and delivery from IA experts, operations support at each teleport, and emergency response teams. “IP-based networks raise the risk level for cyber-threats, so we take a number of precautions to make sure that our network and customer services stay safe. The risk applies across the board, possibly affecting network operations, network infrastructure, IT infrastructure, and flight operations. So it is an area that Intelsat takes very seriously, with a world-class cyber-protection program in place,” said Mark Daniels, vice president of engineering and operations for Intelsat General.
“Intelsat has taken all of the information assurance standards that are out in the market for both commercial and government networks and applied the most stringent parts of those across the Intelsat network to make sure it’s been hardened against cyberthreats. We’ve been very successful with this approach. It includes third-party penetration testing, where we hire someone to try to break into our network, to certify that we don’t have any holes,” Daniels said.
Part of the information assurance process that the company goes through on government contracts involves certifying that it is adhering to the required levels of security, including encryption of the command signals sent to satellites. Most of Intelsat’s satellites are designed with that capability, which gets turned on when a government task order requires it.
“Security is absolutely important to our business and customers,” Daniels said. “In protecting ourselves from cyber-threats, we use a defense-in-depth approach to protecting the network. It’s a multi-layer approach that protects the IT infrastructure through a hardening of our systems, as well as physical security at our teleports and offices.” ♦
- Issue: 5
- Volume: 17