FBI, CISA, and the European Union Aviation Safety Agency (EASA) warn of possible threats to international satellite communication (SATCOM) networks.

Satellite communication (SATCOM) networks are critical infrastructure for modern society, US and EU agencies warn of possible threats to them.

Victor Zhora, Chief Digital Transformation Officer at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, speaking about the VIASAT attack, said “it was a really huge loss in communications in the very beginning of war”.

Follow up on our reporting about a cyber operation that affected ViaSat and knocked out +100K satellite modems across Europe, including Ukraine: Ukrainian cyber offical Victor Zhora said: “It was a really huge loss in communications in the very beginning of war.”— Chris Bing (@Bing_Chris) March 15, 2022This week the European Union Aviation Safety Agency (EASA) has issued a Safety Information Bulletin to warn of intermittent Global Navigation Satellite Systems (GNSS) outages near Ukraine conflict areas amid the ongoing conflict.

The European Agency jamming and/or spoofing attacks against GNSS have intensified in geographical areas surrounding the conflict zone and other areas.

“Eurocontrol, Network of Analysts and open-source data reports analysed by EASA indicate thatsince 24 February 2022, there are four key geographical areas where GNSS spoofing and/or jamming has intensified” states the bulletin. “namely:

Kaliningrad region, surrounding Baltic sea and neighbouring States;Eastern Finland;The Black Sea; andThe Eastern Mediterranean area near Cyprus, Turkey, Lebanon, Syria and Israel, as well as Northern Iraq”
GPS/GNSS interference worldwide, 2022-03-17. The major change is that the interference that started 2022-03-11 around Kaliningrad, affecting Poland, Lithuania, and Lativa, stopped. pic.twitter.com/X5B3y9drRY— John Wiseman (@lemonodor) March 18, 2022In some cases, the attacks lead to re-routing or even to change the destination due to the inability to perform a safe landing procedure.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) also published a joint advisory that warns of possible threats to U.S. and international satellite communication (SATCOM) networks. The US agencies state that intrusions into SATCOM networks pose s severe risk in SATCOM network providers’ customer environments.

“Given the current geopolitical situation, CISA’s Shields Up initiative requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity. To that end, CISA and FBI will update this joint Cybersecurity Advisory (CSA) as new information becomes available so that SATCOM providers and their customers can take additional mitigation steps pertinent to their environments.” reads the advisory published by CISA. “CISA and FBI strongly encourages critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in this CSA to strengthen SATCOM network cybersecurity.”

Below are the mitigation actions recommended by the US agencies to customers and providers:

Use secure methods for authenticationEnforce principle of least privilege through authorization policiesReview trust relationshipsImplement encryption across all communications links leased from, or provided by, your SATCOM providerStrengthen the security of operating systems, software, and firmware, by ensuring robust vulnerability management and patching processes and implement rigorous configuration management programsMonitor logs for suspicious activityCreate, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations planIn early March, Orange confirmed that “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France were offline following a “cyber event” that took place on February 24 at Viasat, the US giant satellite operator that provides services to the European carriers.

Around one-third of 40,000 subscribers of the bigblu satellite internet service in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were impacted by the same cyber event.

After the incident, VIASAT announced on Wednesday that the “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.

VIASAT and international intelligence agencies investigated the incident, the NSA told CNN that it’s “aware of reports of a potential cyber-attack that disconnected thousands of very small-aperture terminals that receive data to and from a satellite network.” 

VIASAT confirmed that the incident was caused by a “deliberate, isolated and external cyber event” and added that its network is still facing problems as confirmed by Netblocks.

Update: Satellite operator Viasat’s KA-SAT network in Europe remains heavily impacted 18 days after it was targeted by an apparent cyberattack, one of several incidents observed as Russia launched its invasion of Ukraine on the morning of 24 Feb https://t.co/S0qJQ7CbNv pic.twitter.com/nLNlquYQF9— NetBlocks (@netblocks) March 15, 2022

The risk of cyber attacks is growing with services in any industry increasing reliance on satellite-dependent technologies.

Not only cyber attacks

Have Russia weapons to destroy satellites? On Nov. 15, 2021, U.S. officials detected a dangerous new debris field in orbit near Earth. Later, it was confirmed that Russia had destroyed one of its old satellites in a test of an anti-satellite weapon. 

“Russia launched an anti-satellite test that destroyed one of its older satellites. The satellite broke up and created thousands of pieces of debris in orbit, ranging in size from tiny specks up to pieces a few feet across. This space junk will linger in orbit for years, potentially colliding with other satellites as well as the International Space Station. The space station crew has already had to shelter in place as they passed near the debris cloud.” reported the The Conversation. ” A similar weapon type, called co-orbital anti-satellite weapons, are first launched into orbit and then change direction to collide with the targeted satellite from space. A third type, non-kinetic anti-satellite weapons, use technology like lasers to disrupt satellites without physically colliding with them.”

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, satellite communication)

The post EU and US agencies warn that Russia could attack satellite communications networks appeared first on Security Affairs.