Elon Musk has said that Russian attempts to jam or otherwise hack the Starlink satellite communications network have been thwarted so far, but these efforts continue – and are ramping up.
The Starlink and Tesla chief was responding to a news story about how the European Union and the US with its Five Eyes partners were blaming the Russian military for a cyberattack on Viasat's KA-SAT network earlier this year.
The attack occurred on February 24, one hour before Russian military invaded Ukraine. It caused communication outages across public authorities, businesses and users in Ukraine, and also affected users in several EU member states, the EU said in its statement.
Viasat last month confirmed modem-wiping malware knocked out very small-aperture terminals (VSAT) on Viasat's fixed broadband service in Ukraine and parts of Europe connected to its KA-SAT satellite network.
Posting a link to a story about the Viasat attack, Musk noted on Twitter: "Starlink has resisted Russian cyberwar jamming & hacking attempts so far, but they're ramping up their efforts."
After Russia's invasion of Ukraine damaged the country's internet infrastructure, Ukraine's vice prime minister and minister of digital transformation Mykhailo Fedorov requested help from Musk, who responded by sending Starlink terminals to the country, and has faced attempts to jam or hack the network since.
Earlier this month, Fedorov said there were around 150,000 active users of Starlink per day in the country. "This is crucial support for Ukraine's infrastructure and restoring the destroyed territories," he said.
Satellite communication has become a key tool, but also a key target for hacking attacks. The National Security Agency (NSA) has updated its advice for satellite operators and their customers to protect networks from cyberattacks for espionage and disruption.
"The recent U.S. and European Union public statements noted the Russian military launched cyberattacks against commercial satellite communications to disrupt Ukrainian command and control in February 2022," the NSA said on Tuesday.
"This cyber activity against Ukraine further underscores the risk to VSAT communications for both espionage and disruption."
A month before Viasat's multi-day outage in Europe, the NSA released recommendations, aimed at US government agencies, to protect VSAT communications because they often aren't encrypted in transit. The NSA warned that VSAT's virtual network separation "cannot be trusted to provide access control, separation, or confidentiality of sensitive information" and recommended the use of VPNs for confidential VSAT communications.
The updated advisory from the NSA remains largely the same but includes a new passage acknowledging EU and US attribution to Russian military attacks on VSATs.
"According to a recent U.S. and European Union statements, the Russian military launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries."
The activity disabled VSATs in Ukraine and across Europe, including tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide internet services to private citizens, it adds.
It is extremely rare for the EU to attribute a cyberattack to a third nation. However, it has applied EU-wide sanctions to individuals in North Korea, Russia and China for their roles in past cyberattacks on European countries, albeit several years after attacks like WannaCry and NotPetya took place.
As foreign policy think tank German Institute for International and Security Affairs (SWP) highlighted in a study of recent cyberattacks, that attribution at the EU level is difficult, partly because only some EU member nations – such as Sweden, the Netherlands, Estonia, Austria, France and Germany – have the technical capability or political will to do so.
Also, under the guidelines of the EU's 2017 cyber diplomacy toolbox, the EU has refrained from attributing cyberattacks to third states because it is a sovereign political decision for each member state.
SWP looked at several recent cyberattacks, including WannaCry and NotPetya from 2017, Operation Cloud Hopper in 2016, the 2015 Bundestag hack, and the 2018 attack on the Organization for the Prohibition of Chemical Weapons.
"While the Five Eyes intelligence alliance (consisting of the US, the UK, Canada, Australia and New Zealand) coordinates its attribution and public naming and shaming in a manner which has a high media impact, the coordination processes in the EU 27 are naturally slower: months, if not years, pass between a cyber incident and the implementation of sanctions," SWP argued.
The EU said the Russian military attack on Viasat's network was "contrary to the expectations set by all UN Member States, including the Russian Federation, of responsible State behaviour and the intentions of States in cyberspace."