CISA
Critical infrastructure
Malware, Phishing & Ransomware
News
Risk & Compliance
Threat Landscape
Vulnerabilities

US security agencies warn of threats to satellite communication networks, as EASA flags identified GNSS jamming activity

March 18, 2022
US security agencies warn of threats to satellite communication networks, as EASA flags identified GNSS jamming activity

The U.S. security agencies have called for strengthening the cybersecurity of national and international satellite communication (SATCOM) networks, following concerns of possible threats to these networks. The agencies reveal that successful intrusions could create risk in SATCOM network providers’ customer environments.

The advisory came on the same day as the European Union Aviation Safety Agency (EASA) released a safety information bulletin in the current context of the Russian invasion of Ukraine. The bulletin covered the issue of Global Navigation Satellite Systems (GNSS) jamming and/or possible spoofing having intensified in geographical areas surrounding the conflict zone and the other regions.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) strongly encourage “critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in this CSA to strengthen SATCOM network cybersecurity,” the joint cybersecurity advisory said on Thursday.

Satellite communication network providers and customers have been asked to use secure methods for authentication, enforce the principle of least privilege through authorization policies, and review trust relationships, as the hackers are known to exploit trust relationships between providers and their customers to gain access to customer networks and data.   

The advisory also recommended implementing independent encryption across all communications links leased from, or provided by, the satellite communication provider. It also sought to strengthen the security of operating systems, software, and firmware so that robust vulnerability management and patching practices are in place and rigorous configuration management programs are implemented.

The satellite communication operators have also been called upon to monitor network logs for suspicious activity and unauthorized or unusual login attempts and integrate traffic into existing network security monitoring tools. The advisory also suggests reviewing logs of systems behind the terminals for suspicious activity, ingesting system and network generated logs into enterprise security information and event management (SIEM) tools, and expanding and enhancing monitoring of network segments and assets that use such networks. It also recommended that incident response, resilience, and continuity of operations plans are in place.

“Organizations should take these advisories from CISA seriously. They provide a useful indication of heightened threat for specific industries, and affected organizations should take action based on the information shared,” Tim Erlin, vice president of strategy at Tripwire, wrote in an emailed statement.

“It’s good to see a balance of detection and prevention in the recommendations from CISA,” according to Erlin. “The inclusion of configuration and vulnerability management speaks to the need to harden systems in addition to detecting attacks when they happen. Incident detection and response are vital pieces of a comprehensive cybersecurity program, but they must be paired with the capability to identify your assets and apply meaningful protections,” he added. 

Given the current geopolitical situation, CISA’s Shields Up initiative requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity. In addition, the security agencies will update the advisory as new information becomes available so that satellite communication providers and their customers can take additional mitigation steps pertinent to their environments. 

The EASA bulletin warned national aviation authorities (NAAs), air navigation service providers (ANSPs), and air operators of possible GNSS outages leading to navigation/surveillance degradation. 

The bulletin revealed that Eurocontrol, network of analysts, and open-source data reports analyzed by EASA indicate that since Feb. 24, there have been four key geographical areas where GNSS spoofing and/or jamming have intensified. These include the Kaliningrad region, surrounding the Baltic sea and neighboring States; Eastern Finland; the Black Sea; and the Eastern Mediterranean area near Cyprus, Turkey, Lebanon, Syria, Israel, and Northern Iraq. 

“The effects of GNSS jamming and/or possible spoofing were observed by aircraft in various phases of their flights, in certain cases leading to re-routing or even to change the destination due to the inability to perform a safe landing procedure,” the bulletin said. “Under the present conditions, it is not possible to predict GNSS outages and their effects. The magnitude of the issues generated by such outage would depend upon the extent of the area concerned, on the duration and on the phase of flight of the affected aircraft,” it added. 

Identifying some of the potential issues that degradation of GNSS signal could generate, the EASA listed loss of ability to use GNSS for waypoint navigation and loss of area navigation (RNAV) approach capability. In addition, it also detected the inability to conduct or maintain required navigation performance (RNP) operations, including RNP and RNP approaches, and triggering of terrain warnings, possibly with pull-up commands.

The agency also recognized inconsistent aircraft position on the navigation display, loss of automatic dependent surveillance-broadcast (ADS-B), wind shear, terrain and surface functionalities, failure or degradation of ATM/ANS/CNS and aircraft systems that use GNSS as a time reference, and potential airspace infringements and/or route deviations due to GNSS degradation.

To address the identified issues, EASA has provided the NAAs, ANSPs, and air operators with a list of recommended mitigation measures and advised that they carry out appropriate actions.

Earlier this week, the Anonymous hacker group said that they had attacked the systems of the German subsidiary of Russian energy giant Rosneft and stolen 20TB of data. The breach has not affected Rosneft’s business or the supply situation, though the company’s systems have been affected. However, the attack prompted German security authorities to issue a security warning to other stakeholders in the petroleum industry.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights