Strengthening Cybersecurity of SATCOM Network Providers and Customers

Steps to Consider Right now:
• Use safe strategies for authentication.
• Enforce basic principle of the very least privilege.
• Critique belief relationships.
• Implement encryption.
• Assure strong patching and program configuration audits.
• Monitor logs for suspicious activity.
• Be certain incident reaction, resilience, and continuity of functions options are in area.

The Cybersecurity and Infrastructure Security Company (CISA) and the Federal Bureau of Investigation (FBI) are knowledgeable of probable threats to U.S. and international satellite interaction (SATCOM) networks. Thriving intrusions into SATCOM networks could produce chance in SATCOM community providers’ buyer environments.

Specified the present geopolitical problem, CISA’s Shields Up initiative requests that all companies noticeably decreased their threshold for reporting and sharing indications of malicious cyber exercise. To that close, CISA and FBI will update this joint Cybersecurity Advisory (CSA) as new info gets readily available so that SATCOM suppliers and their shoppers can choose added mitigation measures pertinent to their environments.

CISA and FBI strongly encourages important infrastructure companies and other organizations that are possibly SATCOM community vendors or buyers to evaluate and carry out the mitigations outlined in this CSA to bolster SATCOM network cybersecurity.

Click on here for a PDF version of this report.

CISA and FBI strongly encourages significant infrastructure companies and other companies that are possibly SATCOM community companies or buyers to evaluate and apply the adhering to mitigations:

Mitigations for SATCOM Network Vendors

  • Place in put added monitoring at ingress and egress factors to SATCOM equipment to glimpse for anomalous targeted traffic, such as:
    • The existence of insecure remote access tools—such as Teletype Network Protocol (Telnet), File Transfer Protocol (FTP), Safe Shell Protocol (SSH), Secure Duplicate Protocol (SCP), and Digital Community Computing (VNC)—facilitating communications to and from SATCOM terminals.
    • Community targeted traffic from SATCOM networks to other unexpected network segments.
    • Unauthorized use of neighborhood or backup accounts in just SATCOM networks.
    • Unforeseen SATCOM terminal to SATCOM terminal targeted visitors.
    • Community targeted visitors from the net to closed team SATCOM networks.
    • Brute drive login tries more than SATCOM network segments.
  • See the Workplace of the Director of National Intelligence (ODNI) Annual Danger Assessment of the U.S. Intelligence Group, February 2022 for certain condition-sponsored cyber risk exercise relating to SATCOM networks.

Mitigations for SATCOM Community Providers and Consumers

  • Use secure techniques for authentication, together with multifactor authentication where attainable, for all accounts utilized to obtain, handle, and/or administer SATCOM networks. 
    • Use and enforce solid, complex passwords: Critique password insurance policies to assure they align with the most up-to-date NIST pointers. 
    • Do not use default qualifications or weak passwords.
    • Audit accounts and qualifications: remove terminated or pointless accounts alter expired qualifications.
  • Implement principle of least privilege through authorization procedures. Minimize unneeded privileges for identities. Look at privileges assigned to personal staff accounts, as perfectly as individuals assigned to non-staff accounts (e.g., individuals assigned to software package or programs). Account privileges need to be evidently outlined, narrowly scoped, and on a regular basis audited from usage designs.
  • Assessment trust associations. Assessment existing have faith in associations with IT service providers. Danger actors are identified to exploit believe in relationships among vendors and their customers to attain entry to shopper networks and information.  
    • Eliminate needless belief interactions. 
    • Review contractual interactions with all support vendors. Guarantee contracts incorporate suitable provisions addressing stability, these as people detailed underneath, and that these provisions are appropriately leveraged: 
      • Stability controls the purchaser deems suitable. 
      • Service provider should have in area appropriate checking and logging of supplier-managed customer techniques.
      • Shopper should have in position appropriate checking of the assistance provider’s existence, pursuits, and connections to the buyer network.
      • Notification of confirmed or suspected security situations and incidents taking place on the provider’s infrastructure and administrative networks.
  • Apply impartial encryption across all communications back links leased from, or offered by, your SATCOM supplier. See Nationwide Security Company (NSA) Cybersecurity Advisory: Defending VSAT Communications for assistance.
  • Strengthen the safety of functioning techniques, application, and firmware.
    • Make certain robust vulnerability administration and patching practices are in spot and, following tests, right away patch regarded exploited vulnerabilities incorporated in CISA’s dwelling catalog of known exploited vulnerabilities. These vulnerabilities have important chance to federal organizations as nicely as general public and personal sectors entities. 
    • Employ rigorous configuration management courses. Guarantee the plans can track and mitigate rising threats. On a regular basis audit method configurations for misconfigurations and security weaknesses.
  • Check community logs for suspicious activity and unauthorized or unusual login tries.
    • Combine SATCOM visitors into current community security monitoring instruments.
    • Evaluation logs of devices powering SATCOM terminals for suspicious exercise.
    • Ingest process and community created logs into your enterprise security facts and event management (SIEM) instrument. 
    • Put into action endpoint detection and response (EDR) applications exactly where attainable on equipment guiding SATCOM terminals, and ingest into the SIEM.
    • Expand and enhance checking of community segments and belongings that use SATCOM.
    • Expand monitoring to include things like ingress and egress visitors transiting SATCOM back links and check for suspicious or anomalous network action. 
    • Baseline SATCOM community site visitors to determine what is regular and investigate deviations, such as massive spikes in website traffic.
  • Produce, keep, and exercise a cyber incident reaction approach, resilience approach, and continuity of operations prepare so that important capabilities and functions can be saved working if technological innovation systems—including SATCOM networks—are disrupted or will need to be taken offline.
Fibo Quantum