I’m pleased to announce that I have obtained a new certification: Kelley School of Business Executive Education Space Cybersecurity from Indiana University – Kelley School of Business !
I’m very proud to took part of this program dedicated to cybersecurity of space systems provided by the top-ranked Indiana University – Kelley School of Business.
I took part in this program on my own time and as an evening course.
As a cybersecurity professional and space passionate, my wish was to develop my knowledge and skills in order to better understand cybersecurity for space systems.
It was a 10-week synchronous teaching and interactive webinar series that will provide participants with in-depth understanding of the cyber threats to space systems and the tools to develop and implement effective strategies for managing cyber risks to space-based infrastructure.
The Kelley Space-Cybersecurity program is one of the first program in the United States, and indeed globally, to offer specialized focus on protecting the cybersecurity of space assets.
At the end of this program, I have now the capability to develop and implement effective strategies for managing cyber risks to space-based infrastructure. I also gained in-depth understanding of cyber threats, and how to manage related issues including supply chain security.
It was a great opportunity for me to explore cybersecurity challenges specific to space systems.
I would like to thank for creating this program:
Scott Shackelford JD, PhD as the JD Executive Director in the IU Center for Applied Cybersecurity Research; and Provost Professor in the Kelley School of Business – IU
Eytan Tepper as Visiting Assistant Professor & Director, Space Governance Lab at Indiana University Bloomington
I would like also to thank for their contribution and presentation:
Gregory Falco, LEED AP, Professor at the Cornell University
Henry Danielson, Professor at the California Polytechnic State University-San Luis Obispo
Brandon Bailey, cybersecurity senior project leader at The Aerospace Corporation
Nick Saunders, Chief Cybersecurity and Data Officer, Government Systems at Viasat
Scott Nelson, Senior Advisor Space-Cyber Nexus
Michael Campanelli, Aerospace Practice Manager – Worldwide Public Sector
In this paper, I choose to investigate the Viasat cyber attack that occurred on 24 February, 2022. First, I will summarize the chronology of events (Chapter 1). Then, I will try to critique the organization’s response to the cyber attack (Chapter 2). After that, I will suggest additional steps that could have been taken to further mitigate the impact moving forward (Chapter 3). Finally, I will think about what the attacked organization could have done beforehand to prevent the attack (Chapter 4).
Disclaimer, details and references
To do this analysis of the Viasat cyber attack, I used 3 articles, documents or papers detailed below:
First, I used the open-source intelligence (1) of the team composed by Nicolò Boschetti (Cornell University), Nathaniel Gordon (Johns Hopkins University) and Gregory Falco (Cornell University). In their open-source intelligence, they reconstructed the lifecycle of the attack. They specified that however, without first-hand knowledge of ViaSat’s systems, they cannot be certain about their hypothesis.
Viasat’s statement (2) on Wednesday, March 30th, 2022 provides a somewhat plausible but incomplete description of the attack. In a statement disseminated to journalists (3), Viasat confirmed the use of the AcidRain wiper in the February 24th attack against their modems.
At the DefCon 31, Mark Colaluca and Nick Saunders from Viasat presented a talk named Defending KA-SAT. During this talk, they argued not to believe everything that you can read on the internet. It’s often simply inaccurate. They told that there is no evidence or proof of the claims. There is no evidence of any compromise or tampering with Viasat modem software or firmware images and no evidence of any supply-chain interference. Regarding, the possibility that wiper-malware was deployed and erased the hard drives of the modems, they answered that modems don’t have hard drives.
1. Summary of chronology of events
The Ukrainian conflict shown the potential and temptation of targeting space assets during an armed conflict between two states. Telecommunications satellites are vital to both national security and the economy. But unfortunately, they are also increasingly vulnerable to cyber-attacks and increasingly targeted by malicious actors.
Regarding the Ukrainian conflict, one example is the cyber-attack on the Viasat satellite company.
The Viasat attack was a cyberattack on American communications company Viasat affecting their KA-SAT network, on 24 February, 2022. Thousands of Viasat modems got hacked by a deliberate cyber event. Thousands of customers in Europe, especially in Ukraine, have been without internet for a month since.
Viasat is an American communications company based in Carlsbad, California, with additional operations across the United States and worldwide. Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.
This attack began approximately one hour before Russia launched its major invasion of Ukraine. UK and US intelligence assesses that Russia was almost certainly responsible for the attack.
According to Viasat, the attacker used a poorly configured virtual private network appliance to gain access via internet to the trusted management part of the KA-SAT network.
The vulnerability used by the attackers is CVE-2018-13379, corresponding to a vulnerability in the Fortinet firewall discovered in 2019.
Once on the trusted management segment of the KA-SAT network, the attackers issued commands to select specific beam spots and then signal to the modems.
They overwrote part of the flash memory in modems, making them unable to access the network, but not permanently damaged. The satellite itself and its ground infrastructure were not directly affected.
With their open-source intelligence, the team [1] (Nicolò Boschetti, Nathaniel Gordon and Gregory Falco) schematized the entire attack lifecycle in the diagram below.
Figure 1 : The anatomy of the ViaSat attack broken into seven levels of escalation. From : Nicolò Boschetti (Cornell University) and Gregory Falco (Cornell University) – 2022
2. Criticism of the organization’s response to the cyber attack
ViaSat seems to be a company with dual-use satellites – satellites that can serve both civil and military. Presumably, Viasat was not prepared to be a military target in. I think that dual-use commercial space companies must be aware and prepared to be a military target in.
Viasat also appears to be a geographically dispersed organization. The ground segment of Viasat is called KA-SAT Network. Launched and owned by Eutelsat, the KA-SAT network was acquired by ViaSat in 2020. During the acquisition transition period, the management of the ground segment was still in the hands of the Eutelsat subsidiary Skylogic. Each subsidiary is responsible for different elements of the KA-SAT infrastructure.
This organizational complexity makes challenging to have homogenous security controls and the geographic dispersion of the organizations and their integration through corporate acquisition did not help with the managerial coordination of the attack response. When responding to the attack, there was an apparent lack of coordination of ViaSat, Eutelsat, and Skylogic.
3. Additional suggestions that could have been taken to further mitigate the impact moving forward
As additional steps that I can suggest is the need for an agile and software-enabled strategy to quickly respond to attacks. Indeed, the AcidRain wiper malware resulted in the development of a lot of inoperable modems. Shipping tens of thousands of modems is undoubtedly time-intensive and costly.
Given the critical nature of the satellite communication system, it is unacceptable for such a delay. Viasat need to deploy a better agile response to attack like the possibility to deploy a software update that was developed to restore access for users.
4. What the attacked organization could have done beforehand to prevent the attack
This attack is a concrete example of malicious operations carried out by a group of adversaries during a space-cyber war.
To combat cyber-attacks on space systems, states should adopt national policies to defend against threats to space-based assets and applications. This won’t prevent space-cyber hostilities, but it could provide protections against space-cyber threats.
Verification and Validation before launch are also very important. Space systems, once launched and deployed, are subject to limitations around structural modifications. For example, Terminals, Modems or End User Equipment are not easily replaced or modified.
Viasat should also do penetration testing in order to test robustness before deploying their equipment. They also need to ensure there equipment are hardening as the good security level.
Viasat need to do threat modelling for Space Systems. Threat modelling plays a crucial role in risk mitigation. Threat modelling helps to identify the security requirements of a system or process and is far more cost-effective than reacting to a breach or attack
Viasat need also to do security risk analysis. Risk analysis allows to identify risk and their likelihood and impact on a system. Risk analysis allows also to identify mitigation plan to reduce risks.
Viasat as satellite providers must be concerned about its supply chains and vendor ecosystems. Given the critical nature of the satellite communication system, Viasat need to monitor its supply chain. Supply chain has been identify by ENISA, the European Union Agency for Cybersecurity, as the mainly attack threat vector in 2021. Viasat should engage in supply chain security best practices such as conducting extensive vendor cybersecurity evaluations.
Finally, Viasat should establish a strong patch management program in order to maintain a regular security update.
Aviation technology is vulnerable to a wide range of cyber threats. Hackers can easily spoof “ghost” aircraft into the sky.
In order to tackle this issue, Angelina Tsuboi, a pilot and a cybersecurity researcher developed a device called Fly Catcher to detect instances of aircraft spoofing on ADS-B. She also flew it on a plane over the coast of Los Angeles.
Fly Catcher monitors the ADS-B 1090MHz frequency to detect spoofed aircraft by ground-based hackers using a custom AI model and neural network.
The device consists of a 1090MHz antenna, FlightAware SDR, a custom 3D chassis and a Raspberry Pi, and scans nearby ADS-B messages and runs them through a neural network to detect fake aircraft transmitted by bad actors.
Nicolò Boschetti, as Security Professional who is helping secure the future by shaping the IEEE P3349 Space Systems Cybersecurity International Standard. Consider learning more about this emerging standard today and how you may be able to contribute as well.
L’aéronautique et le spatial sont à l’aube de plusieurs révolutions. Pour relever ces défis environnementaux et technologiques, L’AÉRO RECRUTE.
Notre filière est spécialisée dans l’étude, le développement, la réalisation, la commercialisation et la maintenance de tous programmes et matériels aéronautiques et spatiaux, civils et militaires, ainsi que de systèmes de défense et de sécurité.
De l’ingénierie à la production, en passant par la maintenance, plus de 25 000 recrutements sont prévus en 2023 partout en France, tendance qui devrait se confirmer les prochaines années.
Talents de tous horizons, du CAP au Bac+8, ouvrez-vous à de nouvelles opportunités dans des métiers de pointe et de passion où l’innovation est partout.
The videos of the 2023 edition of the SpaceSec workshop have recently been uploaded, and you can view them for free and get an overview of current space security research topics! Also, in case you missed the excellent keynote by James Pavur this is your chance to view it again, where he gave us an extensive overview of open research topics.
SpaceSec will be co-located with the Network and Distributed System Security Symposium (NDSS) in San Diego on March 1, 2024.
You can space submit your security research project.
They will have two deadlines:
– December 7, 2023
– January 12, 2024.
They accept 4-page and 8-page papers on all aspects of space security. This is the perfect opportunity to publish your insights, vetted by a rigorous peer review of academic experts on the subject.
They are accepting papers from an extensive spectrum of space security topics, including space system security, networks and communication security, privacy and usability of space systems, and space security strategies.
DroneSec is a private intelligence agency for drone threats. DroneSec provides drone threat intelligence solutions to protect people and drones from malicious drones and people.
DroneSec provides the Notify UAS Threat Intelligence Platform for real-time visibility of drone threats. DroneSec solutions allow to put organizations 10 steps ahead of the threat.
DroneSec are pioneers in UAS Threat Intelligence. Their leading intelligence subscription service provides organizations with the latest emerging trends, threat actor TTPs, technology types and component analysis.
Drone Threat Intelligence Platform (DTIP)
DroneSec provides also drone security and C-UAS training. Their courses have helped train organisations in offensive and defensive drone operations.
DroneSec Courses and training
Find below the Featured Courses. This includes three courses : Drone Security Fundamentals, Regulations and SECOPS. These three courses can be taken individually, or together as a bundle (recommended) to achieve certification.
This bundle courses cover the entire drone ecosystem. Fundamental drone security concepts, counter-drone essentials and actionable playbooks based on threat-intelligence, and DroneSec case studies are included.
DroneSec Conferences
The State of Drone Security: Analysing 1000+ drone incidents – Mike Monnik (DroneSec) GDSN #2
Global Drone Security Network #2
AAUS RPAS in Australian Skies 2022 – Unique Trends in the Malicious use of RPAS
In 2023, during the CYSAT conference, Thales presented a live demonstration of a satellite hacking scenario, a milestone event that shed light on the...
We are pleased to announce that the 2nd International Conference on Gravitation, Astrophysics and Cosmology (ICGAC2026) will be held on April 16-18, 2026, in...
In the following article, discover the major advancements announced with the release of SPARTA v3.1: the addition of new NIST space segment guidance, the...
Disclaimer
Please be informed that the analysis detailed in this article is entirely separate from the hacking experiment conducted by the Thales team on the...
KYPO is a Cyber Range Platform (KYPO CRP) developed by Masaryk University since 2013. KYPO CRP is entirely based on state-of-the-art approaches such as...
Disclaimer
To do this analysis of the Viasat cyber attack, I used the open-source intelligence (1) of the team composed by Nicolò Boschetti (Cornell University),...
I dreamed about it, ESA did it! ESA (European Space Agency) released the SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield). This is an ATT&CK®...
Nous utilisons des cookies pour vous garantir la meilleure expérience sur notre site web. Si vous continuez à utiliser ce site, nous supposerons que vous en êtes satisfait.
