In February 2022, Russia launched an attack not only on the ground in Ukraine but also in space, targeting Ukraine’s data connections. The satellite services provider, Viasat, reported that the attack resulted in a partial interruption of its consumer-oriented satellite broadband service known as KA-SAT. The cyber-attack impacted several thousand customers in Ukraine and tens of thousands of other fixed broadband customers across Europe. Among the affected customers were the remote monitoring and control systems of Germany’s Enercon, which owned 5,800 wind turbines with a total capacity of 11 gigawatts.
After conducting an investigation, Sentinel Labs determined that the threat actor behind the attack used the KA-SAT management mechanism in a supply-chain attack. This allowed them to push a wiper called AcidRain, which was designed to target modems and routers. AcidRain would overwrite key data in the affected devices’ memory, rendering them inoperable. Viasat, however, did not confirm this characterization of the attack and maintained that there was no evidence of a supply-chain attack.
The cyber-attack primarily affected the Ukrainian civilian population, preventing them from accessing reliable information from the government during the conflict. Some individuals were without internet access for up to two weeks. In response, Viasat worked with the operator to implement immediate updates to stabilize the network and defend against additional tactics. Their in-house cyber expertise and capability allowed them to maintain the safety and security of the majority of KA-SAT users and quickly restore internet connectivity for impacted users.
Satellite communications satellites are attractive targets for hackers due to the wide range of services they provide to various users. These satellites can be attacked through different points of vulnerability, such as the onboard control software, data links between satellites and Earth stations, and ground-based data networks and equipment like modems. Attacks on satellite communications are not limited to blocking internet access but can also involve jamming or spoofing navigation signals.
According to Randall K. Nichols, a vice-chair of an IEEE subcommittee, space vehicles requiring navigation assistance are essentially SCADA systems with vulnerabilities that can be targeted by cyber threats. Both government and commercial networks defending against cyberattacks on space assets and services have seen an increase in frequency and sophistication. As a result, defense strategies need to adapt to combat evolving threats.
The dual-use nature of many satellites exacerbates the risk of attacks. Satellites that provide services to both commercial and military clients may be seen as legitimate targets in conflict zones. Russia’s state-owned news agency TASS reported that US commercial satellites may be targeted if used in the conflict in Ukraine. SpaceX’s Starlink satellite broadband service in Ukraine experienced jamming of its terminals near conflict areas. These threats and actions can be expected as space becomes increasingly militarized.
CSOs must analyze and assess the weak links in their communications chains and develop contingency plans. This includes evaluating their own enterprise’s systems and those of third-party satellite service providers. It is crucial for CSOs and senior program management to perform risk assessments to ensure due diligence. Taking a full system, end-to-end view of satellite communications systems, including all connection points and data access points, is essential. Backup data routes should also be prepared to enable a quick switch in case of disruption.
The threats to space communication include cyber-attacks, disruption of ground infrastructure, RF interference, and direct attacks against spacecraft. While the focus of cyber-attacks in space is often on the network itself, the satellite/spacecraft and ground station infrastructure may also be vulnerable. Insider threats should also be considered as a potential risk. Cyber threats targeting space communications share similarities with those targeting traditional communications networks and other service providers.
In conclusion, the cyber-attack on Viasat’s KA-SAT network during the conflict in Ukraine highlighted the vulnerabilities of space-based data systems. The attack impacted thousands of customers and disrupted internet access for the Ukrainian civilian population. As space becomes militarized, satellites and satellite services are increasingly targeted by hackers, necessitating the adaptation of defense strategies. CSOs must assess the weak links in their communications chains and develop contingency plans to mitigate the risks associated with cyber threats in space.