Russian-Ukrainian war highlights cyber threats to satellite communications

On February 24, the first day of the Russian invasion of Ukraine, large parts of the KA-SAT network of high-speed satellite services of the American company Viasat experienced disruptions leading to partial network outages throughout the country. Ukraine and several European countries. Tens of thousands of endpoints suffered permanent damage and many were still offline more than two weeks later. Viktor Zhora, deputy head of Ukraine’s State Service for Special Communication and Information Protection, described the satellite failure as “a really huge loss in communications at the very beginning of the war”. Ukrainian military, intelligence and police units rely, among other things, on KA-SAT.

Other countries were also affected, including Germany, Greece, Hungary and Poland. Germany has acknowledged that around 5,800 wind turbines, presumably those operated remotely via a satellite communications link (SATCOM) in central Europe, were taken offline by the outage. According to SentinelLABS, the turbines themselves were intact, but “remote monitoring and control” was impossible due to satellite communication problems. In addition, many domestic customers of Eutelsat’s broadband service in the affected countries have lost internet access (KA-SAT and its associated ground stations were purchased last year by Viasat from the European company Eutelsat and are operated by a subsidiary of Eutelsat). The Spiegel reported that German government agencies were investigating the incident as a cyberattack carried out via an automatic software update installed at 5 a.m. on February 24, notably coinciding with the start of Russia’s invasion of Ukraine. .

These events should draw attention to two related issues. One is the cyber threat to satellite communications. The second is the potential role of the private sector in combating this threat. At first, cybersecurity researchers believed that network outages could be the result of a Distributed Denial of Service (DDoS) attack. The head of the French Joint Space Command, General Michel Friedling, confirmed that the incident stemmed from a cyberattack, but also provided a key detail indicating that it was another type of attack. According to Friedling, “the terminals have been damaged, rendered unusable and probably cannot be repaired.” This suggested a remotely exploitable vulnerability in a SATCOM terminal.

Russia is also very aware of the cyber threat to space systems. In early March, Dmitry Rogozin, the head of the country’s space agency Roscosmos, reportedly made an unequivocal statement that any hacking of Russian satellites would be treated as justification for war. The warning followed reports from a non-state hacking group that claimed to attack Russian satellite imaging systems in response to the invasion of Ukraine. Rogozin denied this information.

The criticality of satellite communications connectivity was again underscored when SpaceX CEO Elon Musk responded to a request from Ukrainian Deputy Prime Minister Mykhailo Fedorov and sent Starlink system terminals to Ukraine to assist him. maintain continuous Internet connectivity.

After attempts to disrupt Starlink terminals deployed in Ukraine were identified, Musk noted that SpaceX intends to focus on improving its cybersecurity capabilities and preventing Starlink system signal disruption. This could lead to delays in the Starship launch vehicle development program and the launch of the second generation Starlink satellite (Starlink V2). Gen. James Dickinson, commander of U.S. Space Command, who testified at a Senate Armed Services Committee hearing on March 8, said he was impressed with SpaceX’s ability to provide continuous internet access in war-torn areas in Ukraine. Dickinson said this demonstrates the inherent advantages of operating large satellite networks or a multi-platform space architecture in terms of redundancy, robustness and the provision of advanced capabilities.

Analysts from the US National Security Agency, ANSSI, the French government cybersecurity organization, and Ukrainian intelligence services are investigating whether the remote sabotage of KA-SAT was the work of backed hackers by the Russian state. A Viasat official said a misconfiguration in the “management section” of the satellite network allowed hackers to remotely access modems, knocking them offline. He said most of the affected devices would need to be reprogrammed either by a technician on site or at a repair depot, while some would need to be replaced completely.

This highlights the importance of the private sector in this context, in particular private cybersecurity companies and the private space sector. Cybersecurity firms played an important role in analyzing this intrusion and attributing it to Russia. For example, SentinelLabs researchers discovered new malware called “AcidRain” designed to wipe out modems and routers. They identified, with a moderate degree of confidence, similarities between this malware and another discovered in 2018, which the FBI and the Ministry of Justice had attributed to the Russian government. In a statement released to reporters, Viasat confirmed that the AcidRain wiper was used in the Feb. 24 attack on its modems. And, as previously reported, SpaceX played a vital role in helping Ukraine deal with the aftermath of the cyberattack and restore communication in the region.

General Dickinson also underlined the importance of the private space sector. At the same March 8 hearing, when asked if there was a “legal framework” for U.S. commercial space companies getting involved in contested situations like SpaceX’s involvement in Ukraine, he said : “We are working in close collaboration in our commercial integration cell on this same question”. .” The Commercial Integration Cell (CIC) is a group of ten commercial satellite operators who work with US Space Command. It was originally created to share intelligence on space threats and other areas of concern, given the military’s reliance on commercial space services. Cyber ​​threat is one of the main ones on this list.

After nearly two months of Russia’s invasion of Ukraine, the ongoing war demonstrates that hypothetical scenarios of cyberattacks crippling satellite communications are already taking place with a multitude of consequences. Civilians are also casualties on this front, and the private cybersecurity and space sectors have a critical role to play in providing assistance and mitigating damage. They must prepare for the future accordingly.

Dr. Gil Baram is an expert in cyber strategy and policy. Currently, she is a Fulbright Post-Doctoral Fellow in Cybersecurity at Stanford University’s Center for International Security and Cooperation (CISAC). His postdoctoral research focuses on national decision-making during cyberconflicts. Dr. Baram is a research associate at the National Security Center of Excellence at Nanyang Technological University in Singapore and a senior researcher at the Blavatnik Interdisciplinary Cybersecurity Research Center at Tel Aviv University. Previously, Dr. Baram served as head of the cyber and space research team at the Israeli think tank Yuval Ne’eman’s Workshop for Science, Technology and Security.

Image: Flickr/US Air Force.

Comments are closed.