CISA, FBI Warn of Russian Threat to Satellite Networks

The Cybersecurity and Infrastructure Security Agency and the FBI acknowledged providers and customers of U.S. satellite networks may be in Russia’s crosshairs as the conflict over Ukraine’s sovereignty continues.

In an alert Thursday, the agencies said they “are aware of possible threats to U.S. and international satellite communication networks. Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments,” adding, “given the current geopolitical situation, CISA’s Shields Up initiative requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity.” 

The alert comes as the National Security Agency is reportedly investigating Russia’s responsibility for a hack of U.S. satellite provider Viasat that affected networks in Ukraine, and as U.S. policy on how to respond to such a scenario remains unclear.

The alert said providers of satellite networks should be on high alert for anomalous traffic and directed those stakeholders to the latest Worldwide threat briefing, released by the Office of the Director of National Intelligence in February, for more information on nation-state actors associated with the threat. The intelligence community’s report suggests Russia might be well positioned to attack U.S. satellites.

“Russia will remain a key space competitor, maintaining a large network of reconnaissance, communications and navigation satellites,” reads the IC’s report. “Moscow will focus on integrating space services—such as communications; positioning, navigation, and timing; geolocation; and intelligence, surveillance, and reconnaissance—into its weapons and command-and-control systems, allowing Moscow to more quickly identify, track and target U.S. satellites during a conflict.”

ODNI’s report also notes: “Russia continues to train its military space elements and field new antisatellite weapons to disrupt and degrade U.S. and allied space capabilities, and it is developing, testing and fielding an array of nondestructive and destructive counterspace weapons—including jamming and cyberspace capabilities, directed energy weapons, on-orbit capabilities and ground-based ASAT capabilities—to target U.S. and allied satellites.”

Thursday’s advisory also detailed mitigations applicable to both customers and providers of satellite networks. Those include the access and privilege management practices such as multi factor authentication that are foundational to the concept of ‘zero trust,’ the implementation of appropriate encryption—as detailed by the National Security Agency—securing operating systems and software, monitoring network logs and preparing incident response plans.