Originally published by The Washington Post – The Cybersecurity 202

July 29, 2022

Welcome to The Cybersecurity 2022! First week fully on the job is in the books. It’s flown by. Whew. 

We won’t have a newsletter on Monday, so we’ll see you on Tuesday!

Lawmakers are very perturbed by a breach of the federal courts’ court-filing database. And a judge isn’t impressed by a partisan election review in Wisconsin.

Space is a burgeoning battleground for cyberattacks

In February, alleged Russian government hackers launched an attack on U.S. satellite company Viasat, disabling communications in Ukraine just before the invasion in what amounted to perhaps the most prominent hack of space equipment ever.

The incident helped fuel a flurry of activity in Washington, from federal agencies issuing warnings to Congress advancing legislation. But the worst may yet be ahead for cyberattacks in space, witnesses told a House Science Committee panel Thursday.

Rattling off a list of attacks, including the Viasat hack and a 2014 incident that forced the National Oceanic and Atmospheric Administration to stop transmitting weather satellite data to the National Weather Service, Rep. Don Beyer (D-Va.) — who chairs the House Science subcommittee — warned at the hearing, “These hacks perpetrated by bad actors are chilling and serious. The importance of addressing them is amplified as our reliance on space for in-space and terrestrial infrastructure and services continues to grow.”

The pace of satellite launches has sped up considerably, going from 129 in 2011 to 1,809 last year, according to a United Nations agency that tracks those numbers. Today, there are 9,254 objects in orbit according to the agency. Global space-related activities generated $447 billion in 2020, supporting everything from vehicle navigation to efficient farm management.

A particularly worrisome scenario: a cyberattack that causes two satellites to collide, or one satellite to collide into the International Space Station, destroying them and creating debris that renders that orbit permanently unusable, said Theresa Suloway, a space and cybersecurity engineer and program manager with the MITRE Corp.

Beyond Thursday’s hearing, policymakers have taken other action since the Viasat hack:

  • The Senate Homeland Security and Governmental Affairs Committee approved bipartisan legislation in June that would direct the Cybersecurity and Infrastructure Security Agency to assemble recommendations for defending commercial satellites. The bill is awaiting further Senate action.
  • CISA and the FBI issued an alert in March on threats to satellite communications.
  • CISA’s Space Systems Critical Infrastructure Working Group, made up of government and industry members, will soon produce a paper designed to enhance industry guidance from the National Institute of Standards and Technology, Suloway said.

But some activity predates the Viasat incident, which affected not only communications in Ukraine but other parts of Europe.

“I think this acceleration isn’t about the significance of any one attack,” Bryan Ware, a former top CISA official who’s now CEO of the threat intelligence company LookingGlass Cyber Solutions, told me. “It’s more about the growing ubiquity of commercial space, and it’s how it’s going to be in many, many things.”

Other responses to the cyberthreat for satellites include:

  • A group of lawmakers last year put forward a legislative proposal to make space the 17th critical infrastructure sector, meaning the federal government would prioritize assistance to the industry. National Cyber Director Chris Inglis has voiced doubts about the proposal, however. And while it has some industry support, one witness at Thursday’s hearing, Brandon Bailey of the nonprofit space-research organization Aerospace Corporation, had a note of caution. “Without proper planning on implementation,” designating space as critical infrastructure “could ultimately lead to creating unnecessary bureaucracy that could stifle the innovation that is necessary to ensure the United States remains the leader in space-based capabilities along with it being secure,” his prepared testimony read.
  • The Space Information Sharing and Analysis Center debuted in 2019 as a venue for the space sector to share threat data. It’s set to open a watch center in Colorado Springs by the end of this year.
  • In 2020, the U.S. Air Force and the Defense Department’s Digital Service launched an annual satellite hacking competition for ethical hackers to find vulnerabilities before cyber villains do.

Beyer raised questions at the hearing about whether the industry needs regulations. It’s something the Satellite Industry Association has already said would do more harm than good, and Rep. Brian Babin (R-Tex.) said at Thursday’s hearing that he thought that would be unwise.

Ware told me that he thinks another key is international standards and guidelines for cyber behavior in space.

Beyer’s overarching message Thursday: “We need to make every effort to understand what further actions can be and should be taken to strengthen cybersecurity for civil and commercial space systems, including commercial space systems that provide mission-critical government data and services,” he said.

Contact Us