Hybrid systems bring satellite operators new security challenges
The proliferation of cyberthreats to communication networks has presented satellite operators with new challenges in protecting customer data against threats ranging from “hactivists” and con men to state-sponsored snoops.
Security experts say advanced satellite technologies should help operators stay ahead of the rapidly evolving attack technology, even as hybrid systems that link traditional satellite networks and ground-based systems for end-to-end data delivery create new vulnerabilities.
“More and more it is hybrid networks that we are operating, and the services that we are selling use both terrestrial and space assets,” says Thierry Guillemin, executive vice president and chief technology officer at Intelsat. “Because of that we are also vulnerable to the threats you will find on terrestrial infrastructure in general, so we have to take care of the entire system.”
Satellite operators have long had techniques for protecting their signals from unintentional interference and deliberate jamming, and have generally turned a blind eye to government ground stations such as those in Sugar Grove, W.Va., that capture telecom signals flowing to nearby commercial satellite antennas.
“This is routine work for us and [our] policy is not to talk about it publicly,” says a spokesman for Luxembourg-based SES.
Intelsat is more open, and it conducted the latest in a series of press briefings on the general subject at the Satellite 2014 trade show in Washington last week. While avoiding citing specifics of security techniques for obvious reasons, Guillemin and Vinit Duggal, his chief information security officer, outlined the company's general approach to protecting customer data.
Publicity about denial-of-service hacker attacks that attempt to overwhelm Internet circuits with terabytes of data, criminal enterprises that use fraud to scoop up electronic funds moving on the Internet, and state-sponsored entities that seek government and commercial intelligence via clandestine cybereavesdropping have brought the issue into the open, they say.
“Customers want to know that when their data leave their network it is going through a pre-defined path; no one's intercepting that data,” says Duggal, who serves on an expert panel advising the White House about critical-infrastructure security. “That's one of the key areas we really look at for our customers—availability and integrity.”
Reports by computer security firm Mandiant and journalists using information provided by former intelligence contractor Edward Snowden about commercial eavesdropping by a People's Liberation Army unit in China and the U.S. National Security Agency, respectively, represent a new dimension in the cybersecurity threat faced by communications security experts. In the past, says Duggal, state-sponsored cyberoperations targeted other state-sponsored operators.
“You have militaries going after military intelligence, and vice versa,” he says. “Well, this is completely flipped on its head now. You have Middle Eastern governments and Asian governments, China, going after commercial entities. We as commercial operators are a target.”
So far, the Intelsat officials say, customers have not specifically requested help with such threats, at least from the U.S. government, although Duggal says: “If they did, we would.”
“Our view of the world is that it is an extremely dynamic landscape, and you do not make any assumptions,” says Guillemin. “Everything is specific. You want to be ready for any kind of attempt to breach your system wherever it comes from, no preconception, and you want your security posture to be as comprehensive as possible.”
Typically, privacy issues are handled by the customer through encryption rather than by long-haul service providers like Intelsat. But hybrid systems increase the avenues intruders can use to steal data, overwhelm a system to deny service, or otherwise interfere with communications.
“When you combine satellite and terrestrial, you are actually magnifying the threat vectors exponentially,” says Duggal.
To protect customer data, he says, Intelsat closely monitors the flow of traffic on its networks for the signatures of illicit cyberactivity so it can shut it down promptly. The company applies various information security standards and regulations, such as ISO 27001 and KPMG's Service Organization Control 3, to harden its network against cyberthreats. As it develops new technology, Intelsat's engineers “embed” security measures in the systems before they are released because “it is very difficult to secure something after the fact.”
The company also watches its “security life cycle” to ensure its security measures are not overtaken by new developments in the cat-and-mouse game it plays with potential attackers. To that end, says Guillemin, a new generation of advanced satellites that includes Intelsat's planned EPIC line (see illustration) should boost security. By providing more and tighter spot beams, the new birds will enable faster anti-jamming triangulation, while its software-defined payloads will allow operators more flexibility to meet threats.
“[I have no doubt that] satellites we are building now will give us more ways to deal with the environment,” he says.