EU and US agencies warn that Russia could attack satellite communications networks

Pierluigi Paganini March 20, 2022

FBI, CISA, and the European Union Aviation Safety Agency (EASA) warn of possible threats to international satellite communication (SATCOM) networks.

Satellite communication (SATCOM) networks are critical infrastructure for modern society, US and EU agencies warn of possible threats to them.

Victor Zhora, Chief Digital Transformation Officer at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, speaking about the VIASAT attack, said “it was a really huge loss in communications in the very beginning of war”.

This week the European Union Aviation Safety Agency (EASA) has issued a Safety Information Bulletin to warn of intermittent Global Navigation Satellite Systems (GNSS) outages near Ukraine conflict areas amid the ongoing conflict.

The European Agency jamming and/or spoofing attacks against GNSS have intensified in geographical areas surrounding the conflict zone and other areas.

“Eurocontrol, Network of Analysts and open-source data reports analysed by EASA indicate that
since 24 February 2022, there are four key geographical areas where GNSS spoofing and/or jamming has intensified” states the bulletin. “namely:

  • Kaliningrad region, surrounding Baltic sea and neighbouring States;
  • Eastern Finland;
  • The Black Sea; and
  • The Eastern Mediterranean area near Cyprus, Turkey, Lebanon, Syria and Israel, as well as Northern Iraq”

In some cases, the attacks lead to re-routing or even to change the destination due to the inability to perform a safe landing procedure.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) also published a joint advisory that warns of possible threats to U.S. and international satellite communication (SATCOM) networks. The US agencies state that intrusions into SATCOM networks pose s severe risk in SATCOM network providers’ customer environments.

“Given the current geopolitical situation, CISA’s Shields Up initiative requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity. To that end, CISA and FBI will update this joint Cybersecurity Advisory (CSA) as new information becomes available so that SATCOM providers and their customers can take additional mitigation steps pertinent to their environments.” reads the advisory published by CISA. “CISA and FBI strongly encourages critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in this CSA to strengthen SATCOM network cybersecurity.”

Below are the mitigation actions recommended by the US agencies to customers and providers:

  • Use secure methods for authentication
  • Enforce principle of least privilege through authorization policies
  • Review trust relationships
  • Implement encryption across all communications links leased from, or provided by, your SATCOM provider
  • Strengthen the security of operating systems, software, and firmware, by ensuring robust vulnerability management and patching processes and implement rigorous configuration management programs
  • Monitor logs for suspicious activity
  • Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan

In early March, Orange confirmed that “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France were offline following a “cyber event” that took place on February 24 at Viasat, the US giant satellite operator that provides services to the European carriers.

Around one-third of 40,000 subscribers of the bigblu satellite internet service in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were impacted by the same cyber event.

After the incident, VIASAT announced on Wednesday that the “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.

VIASAT and international intelligence agencies investigated the incident, the NSA told CNN that it’s “aware of reports of a potential cyber-attack that disconnected thousands of very small-aperture terminals that receive data to and from a satellite network.” 

VIASAT confirmed that the incident was caused by a “deliberate, isolated and external cyber event” and added that its network is still facing problems as confirmed by Netblocks.

The risk of cyber attacks is growing with services in any industry increasing reliance on satellite-dependent technologies.

Not only cyber attacks

Have Russia weapons to destroy satellites? On Nov. 15, 2021, U.S. officials detected a dangerous new debris field in orbit near Earth. Later, it was confirmed that Russia had destroyed one of its old satellites in a test of an anti-satellite weapon. 

Russia launched an anti-satellite test that destroyed one of its older satellites. The satellite broke up and created thousands of pieces of debris in orbit, ranging in size from tiny specks up to pieces a few feet across. This space junk will linger in orbit for years, potentially colliding with other satellites as well as the International Space Station. The space station crew has already had to shelter in place as they passed near the debris cloud.” reported the The Conversation. ” A similar weapon type, called co-orbital anti-satellite weapons, are first launched into orbit and then change direction to collide with the targeted satellite from space. A third type, non-kinetic anti-satellite weapons, use technology like lasers to disrupt satellites without physically colliding with them.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, satellite communication)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment