Between 7,5001 and 9,200 active satellites2 orbit the Earth every day. Yet, losing a single satellite can have more of an impact than ever before. Satellites are now integral components in our economies, governments and telecommunications networks; losing even a single satellite can have disastrous consequences. Case in point, in early 2022 a cyber-attack on one satellite, KA-SAT, cut internet access for more than 40,000 internet modems across Europe, taking offline thousands of wind turbines in Germany, impacting emergency services in France and leaving remote communities without any means of contact to the outside world.3
The cybersecurity of satellites is a well-documented but long-overlooked issue. This brief examines the Russian attack on KA-SAT and considers what Australia and the region can learn from this event, particularly as satellites become an increasingly vital component of regional communications networks. It also considers the role of satellites in broader digital connectivity as well as their complex supply chains and dual-use nature.
While there is no silver bullet to addressing cybersecurity flaws — including with satellites — there is a set of practices that countries should have in place to improve their resilience and responsiveness. This brief proposes the following steps for the Australian Government to undertake, including the Department of Home Affairs in coordination with the Department of Defence and other relevant departments:
- Encourage its allies and partners to follow its lead in adding satellite systems — as part of the space technology sector — to its set of critical infrastructure sectors, thereby mandating important cyber measures.4 While some of these measures are yet to be activated for satellites in Australia, overseas key allies like the United States and European Union have not yet designated satellites in their entirety as critical infrastructure (although some parts are captured by other legislation).
a. Ensure the appropriate monitoring and assessment processes are in place to guarantee ongoing adoption of best practices. This can be included in contracts, requiring partners throughout the satellite supply chain to meet certain cyber standards and authorising monitoring mechanisms to ensure ongoing compliance. - Ensure a ‘one is none’ approach to involving private-sector actors in defence satellite networks to build redundancy capability and spread risk in a manner that does not excessively increase exposure by offering additional attack surfaces for malicious actors.
- Expand threat intelligence-sharing networks between providers and agencies in national and international contexts, building on the Information Sharing and Analysis Centres (ISACs) used in other cybersecurity areas, to help thwart attacks and build best practices.
a. The recent Memorandum of Understanding between the Australian Cyber Collaboration Centre with the Space ISAC5 is a welcome step. Space ISAC also counts US, Japanese, Israeli, Greek, French and UK government agencies amongst its partners as well as private-sector members. However, with the European Union also recently launching the EU Space Information Sharing and Analysis Centre,6 there is a need for coordination and collaboration between and amongst these different ISACs and their members to ensure rapid and expansive threat and information sharing. Cyber threats do not respect regional boundaries, and information-sharing mechanisms must be similarly flexible. - Promote pathways for international intelligence sharing after cyber-attacks between governments and the private sector to improve preventative responses and allow for accelerated joint attributions against perpetrators. This can include improving the measuring and accounting of cyber harms and violence to evaluate the impact of different actors.
a. Accelerate cyber attributions after events — including involving as many willing partners as possible to continue promoting responsibility and international norms, as well as adding pressure on malicious actors. - Closely monitor the concentration and integration of satellite capabilities into large technology companies, particularly those used for defence purposes. Clearer contracts when using civilian technologies in defence contexts will be important to avoid some of the tension seen in Starlink’s use in Ukraine and to protect critical civilian satellite networks.
How satellites work
At its launch in 2010, Eutelsat’s new KA-SAT communications satellite network — which sits in a geostationary high-Earth orbit (HEO) — promised to lower the cost of satellite-provided internet access for up to two million European customers.15 In the years following its launch the KA-SAT system amassed clients spanning government, commercial and individual users. However, on the morning of 24 February 2022, access to the KA-SAT satellite network, purchased from Eutelsat by American company Viasat in 2020, began to cut out. Approximately one hour after the outage started, Russia’s invasion of Ukraine began.16
The loss of internet connection impacted individual and corporate users in Ukraine and across Europe17 and marked one of the most prominent, large-scale attacks on a satellite network to date.18 In total, between 40,000 and 45,000 modems were taken offline,19 with users left with no way to reconnect — severing the only form of communications for some in remote regions.20 While Viasat “largely stabilized [the network] within hours,”21 the nature of the attack meant recovery times were significant. Due to the way modems were integrated into broader systems, for some customers the aftermath took months to be resolved. This included over-the-air updates, shipping replacement modems and manually replacing faulty modems, including restoring the capabilities of 5,800 wind turbines in central Germany whose modems were knocked offline.22 The attack also impacted critical first-responder services in France, including ambulance and firefighting services.23
More than two years later, the degree to which the attack impacted Ukrainian military communications is still unclear. Shortly after the attack in early March 2022, Viktor Zhora, the deputy head of Ukraine’s State Service of Special Communications and Information Protection, was quoted saying: “It was a really huge loss in communications in the very beginning of war.”24 Media reported25 that the Ukrainian Government and military had contracts with Viasat for their satellite networks.26 However, Viasat emphasised that no government users were affected by the attack.27 Additionally, in an interview about six months later, Zhora contrasted his earlier statement, suggesting Viasat’s KA-SAT was only used as a ‘backup service’ for military communications. He noted that the attack “didn’t impact the process of coordination between forces and between state leaders and forces” on the day of the Russian invasion.28
In May 2022, following a month-long US-led diplomatic effort, the United States,29 alongside the EU,30 the United Kingdom,31 Australia32 and several other countries, publicly attributed the Viasat attack to the Russian Government. In particular, the UK’s National Cyber Security Centre stated that “the primary target [was] the Ukraine military” and Russia was “almost certainly responsible.”33 In both the UK and the EU statements, the timing of the attack was emphasised, noting it took place “one hour” before the Russian invasion, “facilitating the military aggression” or invasion of Ukraine in a manner that appeared to coordinate with the military’s actions.34 All four statements also emphasised that the attack had “spillover impacts into other European countries,” affecting those beyond the direct, intended targets.35
The nature of this attack and the response to it raise important considerations for policymakers and the communications industry, with satellites now a core part of the infrastructure that supports the modern digital economy, connects remote communities and provides vital interconnectivity.
With satellites integrated into critical infrastructure across the globe, including in Australia, it is critical to seize all opportunities to improve their cybersecurity. As highlighted by the Volt Typhoon campaign where Chinese hackers have targeted US critical infrastructure,36 the vulnerabilities of these vital assets are a target for adversarial actors. As in all cases, including with satellites, cybersecurity is only as strong as its weakest link.
Comments
Post a Comment