The threat of cyber-attacks is only increasing and getting more sophisticated each year. As we deal with the growth of Big Data, IoT and M2M applications, there will be vastly greater amounts of data moving across all networks – and as a result, there will be more access points. Every part of the hybrid networks serving remote offices, ships and IoT devices must be secured.
Faced with the complex new threats inherent with more data and more access points, seasoned cyber security professionals continue to succeed by implementing the right security posture. This is defined not only by the threats it stops but also by the ability to react to and address the threats when they are discovered.
1. How are you securing your networks (not just your satellites)?
Today, the typical satellite network architecture is global and spans terrestrial and satellite links as well as cellular, internet and/or microwave connections. The challenge is to ensure that the entire ecosystem, not just your company, has the right security posture to harden your company against the gamut of attacks pervasive in today’s environment.
2. What is your Information Assurance plan? What are the key elements?
A satellite operators security programs needs to take a systematic defence-in-depth approach to detect, prevent and mitigate attacks, thereby enhancing resilience and mission assurance in their satellite, ground, network infrastructure and ecosystem.
• Integrated Security Program –The satellite operator and its ecosystem partners should have integrated plans in place to adhere to the most stringent information assurance compliance criteria. At the same time, your satellite operator should have standalone information security functions that operate separately from the ecosystem partners and also apart from its own network and satellite operations. This ensures that their security and monitoring of the framework remains centrally managed and controlled by the satellite operator.
• Layered Security Framework – A comprehensive and layered framework needs to be built to ensure the confidentiality, availability and integrity of the satellite operator’s services. Security should be at the core of the design and configuration of a satellite operator’s infrastructure, network and service delivery architectures.
• Assessment and Remediation Program – A comprehensive information assurance assessment and remediation program should include recurring penetration assessments, organisation-wide control assessments and third-party audits against the service operator’s satellite and terrestrial service environments. This includes satellite commanding, teleport, terrestrial and service management infrastructure and relevant service procedures.
Policies and procedures must be in place to ensure that every level of the organisation is aware of the security measures. Information assurance cannot be an afterthought. The company’s culture and operational fabric should include education and awareness of cyber threats, what to avoid and how to respond to a cyber-attack.
• Standard Compliance – It is critical that satellite service providers and their ecosystem partners comply with the latest security standards such as the National Information Assurance Policy established for Space Systems used to Support National Security Missions (CNSSP-12) and more.
3. What measures will you incorporate to ensure that the satellite portion of my network will remain available during a breach or an attack?
The question is not whether there will be any attacks, but how well your satellite operator can manage a breach and still maintain your network availability and integrity. High availability and resiliency must be incorporated into the design, implementation and operations of a satellite provider’s services. A layered security framework and strong policies and procedures are necessary to ensure appropriate and rapid action to remediate events and maintain control in the event of interference or a cyber-attack.
To that end, fully redundant, hot standby satellite operation centres should be implemented, so each centre can command the entire fleet at any time, transmit commands utilising multiple teleports and remotely operate the other centre’s equipment. In addition, the provider should deploy primary and back up telemetry, tracking and command (TT&C) antennas, redundant terrestrial connectivity and the ability to leverage their global locations in the event of an incident. A combination of facility, RF and command encryption practices provides a layered structure that mitigates the impact of interference with secure commanding and uninterrupted satellite control.
4. What are you doing to keep ahead of the fast changing threat environment?
Protecting a satellite network from cyber-attacks is a complex and ongoing process. The best protection employs layers of countermeasures to combat and mitigate the most advanced threats. To stay abreast of increasingly sophisticated and powerful attacks, a satellite operator’s Information Assurance program should be:
• Preventative – With advanced assessment, indicator, analysis and prevention countermeasures and controls to block threats and exploit attempts
• Detective – Identifying threats with intelligence sources, anomaly, signature and behaviour-based techniques, among other detection measures
• Access and Authentication – Measures to enforce authorised and secure access to information resources
• Management –Event correlation and management as well as configuration of controls and countermeasures all integrated
Want to know more? Here are the ‘Seven phases of a cyber-attack‘.
(Article supplied by our contributor Intelsat)