The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) has warned satellite communications network providers to beef up security.
The CISA and FBI on Thursday said in a joint advisory that they are "aware of possible threats" to U.S. and international satellite communication (SATCOM) networks.
"Successful intrusions into SATCOM networks could create additional risk for SATCOM network customer environments," the agencies note.
The advisory contains mitigation actions for both SATCOM operators and their customers to take amid US and European investigations into a major outage affecting Viasat's internet service for fixed broadband customers in Ukraine and elsewhere on its European KA-SAT satellite network.
The outage started on February 28, soon after the start of Russia's invasion of Ukraine. The same day German energy firm Enercon reported remote communications to 5,800 wind turbines was down due to a satellite outage.
Reuters on March 11 reported that the National Security Agency, France's cybersecurity agency ANSSI, and Ukrainian intelligence were investigating an attack that disrupted Ukraine broadband satellite access that coincided with Russia's invasion.
As part of CISA's Shields Up initiative, the agencies are calling on SATCOM operators and their customers to "significantly lower their threshold for reporting and sharing indications of malicious cyber activity."
CISA launched Shields Up in February and cited US fears that sanctions against Russia heightened the risk of cyberattacks on US critical infrastructure and organizations.
The agencies are recommending SATCOM operators review the security of communications to and from end-user terminals, and to review the Office of the Director of National Intelligence's February report, which details Russia's anti-satellite technologies, including directed energy weapons, for jamming civilian and military satellite GPS and communication services.
Notably, CISA also warns customers to review IT supply relationships and the NSA's January 2022 recommendations for protecting very small-aperture terminal (VSAT) networks.
The NSA told CNN this week that it's "aware of reports of a potential cyber-attack that disconnected thousands of very small-aperture terminals that receive data to and from a satellite network."
Viasat told CNN the "partial outage" was caused by a "deliberate, isolated and external cyber event" and added that the network was now "stabilized".
However, Netblocks on Wednesday reported that Viasat's KA-SAT network remained "heavily impacted" 18 days after the outages began.
Among many other recommendations CISA suggests SATCOM providers consider:
- Using secure methods for authentication, including multi-factor authentication where possible for all accounts used to access, manage, and/or administer networks.
- Using and enforcing strong, complex passwords. Review password policies to ensure they align with the latest NIST guidelines. Do not use default credentials or weak passwords. Audit accounts and credentials: remove terminated or unnecessary accounts; change expired credentials.
- Enforcing principle of least privilege through authorization policies.