“This week the European Union Aviation Safety Agency (EASA) has issued a Safety Information Bulletin to warn of intermittent Global Navigation Satellite Systems (GNSS) outages near Ukraine conflict areas amid the ongoing conflict. The European Agency jamming and/or spoofing attacks against GNSS have intensified in geographical areas surrounding the conflict zone and other areas” (Security Affairs, 2022).
The Kaliningrad region, surrounding Baltic sea, and neighboring states have been impacted according to the EASA. Eastern Finland, The Black Sea, and the Eastern Mediterranean near Cyprus, Turkey, Lebanon, Syria, Israel, and Northern Iraq have reported impacted communications. In some cases, the attacks lead to re-routing or even to change the destination due to the inability to perform a safe landing procedure. Nearly 9,000 subscribers of a satellite internet service provided by its subsidiary Nordnet in France were offline following a “cyber event” that took place on February 24 at Viasat, the US giant satellite operator that provides services to the European carriers. Around one-third of 40,000 subscribers of the bigblu satellite internet service in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were impacted by the same cyber event.
“VIASAT and international intelligence agencies investigated the incident, the NSA told CNN that it’s “aware of reports of a potential cyber-attack that disconnected thousands of very small-aperture terminals that receive data to and from a satellite network.” VIASAT confirmed that the incident was caused by a “deliberate, isolated and external cyber event” and added that its network is still facing problems as confirmed by Netblocks.
The risk of cyber attacks is growing with services in any industry increasing reliance on satellite-dependent technologies” (Security Affairs, 2022).
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) also published a joint advisory that warns of possible threats to U.S. and international satellite communication (SATCOM) networks. The US agencies state that intrusions into SATCOM networks pose s severe risk in SATCOM network providers’ customer environments. CISA and FBI strongly encourages critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in this CSA to strengthen SATCOM network cybersecurity.
Even more alarming is that Russia has the capabilities to destroy satellites. Back in November of 2021, U.S. officials detected dangerous debris after Russia destroyed one of its old satellites in a test of anti-satellites weapons.
“Russia launched an anti-satellite test that destroyed one of its older satellites. The satellite broke up and created thousands of pieces of debris in orbit, ranging in size from tiny specks up to pieces a few feet across. This space junk will linger in orbit for years, potentially colliding with other satellites as well as the International Space Station. The space station crew has already had to shelter in place as they passed near the debris cloud.” reported the The Conversation.
”A similar weapon type, called co-orbital anti-satellite weapons, are first launched into orbit and then change direction to collide with the targeted satellite from space. A third type, non-kinetic anti-satellite weapons, use technology like lasers to disrupt satellites without physically colliding with them” (Security Affairs, 2022).
Below are the mitigation actions recommended by the US agencies to customers and providers:
- Use secure methods for authentication
- Enforce principle of least privilege through authorization policies
- Review trust relationships
- Implement encryption across all communications links leased from, or provided by, your SATCOM provider
- Strengthen the security of operating systems, software, and firmware, by ensuring robust vulnerability management and patching processes and implement rigorous configuration management programs
- Monitor logs for suspicious activity
- Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan