The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation are warning of possible threats to satellite communication networks.
The agencies “are aware of possible threats to U.S. and international satellite communication (SATCOM) networks,” CISA and FBI officials stated in a joint cybersecurity advisory Thursday. “Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments.”
The advisory comes after a cyberattack partly disrupted satellite operator Viasat Inc.’s broadband satellite internet service in Ukraine and other countries. The cyberattack coincided with Russia’s invasion of Ukraine. Last week, Reuters reported that Western intelligence agencies are investigating whether the sabotage was the work of Russian state-backed hackers.
The cyberattack disabled tens of thousands of modems connected to Viasat’s KA-SAT satellite. Last week, the company told Reuters in a statement that “the network is stabilized and we are restoring service and activating terminals as quickly as possible.” Viasat stated that the cyberattack exploited a misconfiguration in the “management section” of its satellite network to access the modems and disable them.
In the joint advisory, CISA and FBI recommended that operators of satellite communication networks take steps to improve their cybersecurity.
The agencies pointed to user account security as one area where network operators can take steps to strengthen their cyber defenses. CISA and FBI recommend the implementation of multifactor authentication and suggest requiring that users choose strong passwords. Additionally, the agencies advise organizations operating satellite networks to check for “unauthorized use of local or backup accounts” within their infrastructure.
The joint CISA and FBI advisory also contains cybersecurity recommendations for satellite network operators’ customers. One step that customers can take to reduce the risk of a breach, the advisory states, is to “implement independent encryption across all communications links leased from, or provided by, your SATCOM provider.” Organizations are furthermore advised to more thoroughly monitor their satellite-connected systems for threats.
The advisory also contains more than a dozen other cybersecurity recommendations for both network operators and their customers. The recommendations span areas such as network traffic monitoring, configuration management and vulnerability patching, among others.
“CISA and FBI strongly encourages critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in this CSA to strengthen SATCOM network cybersecurity,” the agencies stated.