The threat of cyber-attacks is only increasing and getting more sophisticated each year. As we deal with the growth of Big Data, IoT and M2M applications, there’ll be greater amounts of data across all networks. As a result, there will be more access points. Every part of the hybrid networks serving remote offices, ships and IoT devices must be secured.
Cyber security professionals continue to face and beat complex new threats inherent with data and access points by implementing the right security posture. Defined by stopping threats, but also by the ability to react to and address the threats when they’re discovered.
1. How are you securing your networks (not just your satellites)?
Today, the typical satellite network architecture is global and spans terrestrial and satellite links as well as cellular, internet and/or microwave connections. The challenge is to ensure that your company’s entire ecosystem has the right security posture to harden itself against the gamut of attacks pervasive in today’s environment.
2. What is your Information Assurance plan? What are the key elements?
Satellite operator security programs need to take a systematic defence-in-depth approach to detect, prevent and mitigate attacks. This would enhance resilience and mission assurance in their satellite, ground, network infrastructure and ecosystem.
- Integrated Security Program: satellite operators and their ecosystem partners should have integrated plans in place to adhere to stringent information assurance compliance criteria. Equally, your satellite operator should have standalone information security functions that operate separately from the ecosystem partners. This should also work apart from its own network and satellite operations. This ensures that their security and monitoring of the framework remains centrally managed and controlled by the satellite operator
- Layered Security Framework: comprehensive and layered frameworks need to be built to ensure the confidentiality, availability and integrity of the satellite operator’s services. Security should be the core of the design and configuration of a satellite operator’s infrastructure, network and service delivery architectures
- Assessment and Remediation Program: a comprehensive information assurance assessment and remediation program should include: recurring penetration assessments, organisation-wide control assessments and third-party audits against the service operator’s satellite and terrestrial service environments. This includes satellite commanding, teleport, terrestrial and service management infrastructure and relevant service procedures.
Policies and procedures must be in place to ensure that every level of the organisation is aware of the security measures. Information assurance cannot be an afterthought. The company’s culture and operational fabric should include education and awareness of cyber threats, what to avoid and how to respond to a cyber-attack.
Standard Compliance: it is critical that satellite service providers and their ecosystem partners comply with the latest security standards. This includes the National Information Assurance Policy established for Space Systems used to Support National Security Missions (CNSSP-12) and more.
3. What measures will you incorporate to ensure that the satellite portion of my network will remain available during a breach or an attack?
The question is not whether there will be any attacks. It’s about how well your satellite operator can manage a breach and still maintain your network availability and integrity. High availability and resiliency must be incorporated into the design, implementation and operations of a satellite provider’s services. A layered security framework and strong policies and procedures are necessary to ensure appropriate and rapid action. This will remediate events and maintain control in the event of interference or a cyber-attack.
To that end, fully redundant, hot standby satellite operation centres should be implemented. This ensures each centre can command the entire fleet at any time, transmit commands utilising multiple teleports and remotely operate the other centre’s equipment. In addition, the provider should deploy primary and back up telemetry, tracking and command (TT&C) antennas, redundant terrestrial connectivity and the ability to leverage their global locations in the event of an incident. A combination of facility, RF and command encryption practices provides a layered structure. This mitigates the impact of interference with secure commanding and uninterrupted satellite control.
4. What are you doing to keep ahead of the fast changing threat environment?
Protecting a satellite network from cyber-attacks is a complex and ongoing process. The best protection employs layers of countermeasures to combat and mitigate the most advanced threats. To stay abreast of increasingly sophisticated and powerful attacks, a satellite operator’s Information Assurance program should be:
- Preventative – With advanced assessment, indicator, analysis and prevention countermeasures and controls to block threats and exploit attempts
- Detective – Identifying threats with intelligence sources, anomaly, signature and behaviour-based techniques, among other detection measures
- Access and Authentication – Measures to enforce authorised and secure access to information resources
- Management –Event correlation and management as well as configuration of controls and countermeasures all integratedWant to know more about cyber security and how to keep yourself protected? Check out our Cyber Detection web page!
Article supplied by our partner, Intelsat – see the relationship.