This is part 2 of 3 blogs, written by Sam Stait, Senior Cyber Consultant.
In the previous blog, “Safeguarding the Skies: The Vital Role of Cybersecurity Governance in the Commercial Space Industry”, we looked at how implementing effective cybersecurity governance, adopting a cyber risk management and understanding the evolving threat landscape can all contribute to ensuring that organisation working in the commercial space sector are able to effectively manage their cybersecurity risks. In Part 2 of this 3-part series we will look at securing the supply chain, responding effectively to incidents, and navigating the Complexities of regulatory compliance.
Securing the Supply Chain
The supply chain is a crucial aspect of any organisation’s cybersecurity, and those operating in the commercial space sector are no exception. The supply chain encompasses all the hardware, software, and services that a business relies on to build, operate, and maintain its operations and services. The increasing complexity of these supply chains has created new opportunities for attackers to exploit vulnerabilities and gain access to critical systems.
As we touched on in the previous Part 1, many organisations that are involved with commercial space operations face challenges with securing their ground stations, due to them being geographically dispersed and often relying on third-party providers for physical infrastructure and maintenance. Consequently, the level of control that can be exerted is limited. However, it is not just the ground stations that are at risk. Securing the supply chain is extremely complex and involves ensuring that all components and services are verified and validated for security before they are integrated into a system or service. This can that commercial space organisations must work closely with their suppliers and exercise good supplier assurance practices, to ensure that they adhere to the organisation’s cybersecurity requirements and standards.
In recent years, there have been several high-profile incidents where attackers have targeted the supply chain of commercial space companies. For example, in 2018, the US Department of Justice indicted two Chinese nationals for hacking into several US companies, including a satellite manufacturer, in order to steal trade secrets. (Christopher Bing, 2011)
To effectively manage threats to the supply chain, commercial space companies can implement several key practices. Firstly, establishing a vendor risk management program that evaluates and monitors the cyber security posture of suppliers, partners, and contractors. Organisations can make use of recognised standards such as NIST SP 800-161 as a guide. Secondly, security clauses and requirements should be included in contracts with suppliers, outlining expectations for security controls and incident response. Thirdly, organisations should conduct regular audits of their supply chains to identify vulnerabilities and ensure compliance with their security requirements.
Additionally, secure communication channels and protocols should be implemented for exchanging sensitive information with suppliers. Continuous monitoring mechanisms help track supplier activities and detect any suspicious behaviour and developing a comprehensive incident response plan that includes procedures for supply chain-related security incidents is crucial. Security awareness and training should also be extended to suppliers, and partners where applicable.
Responding to Incidents
Incident response is an essential aspect of any cybersecurity strategy. In the event of a cyber-attack, time is of the essence. The faster an organisation can detect, contain, and eradicate an attack, the less damage it will cause. Commercial space companies need to have a well-documented and rehearsed incident response plan in place, which should include pre-determined response procedures, clear lines of communication, and a chain of command. Plans should be reviewed and updated regularly to ensure that it is fit for purpose and can adapt to new threats and emerging technologies.
Once an incident has been identified and confirmed, the first step is to establish its objectives, contain the attack and prevent further impacts. This may involve significant business decisions such as shutting down services by taking affected systems offline or disconnecting them from the network. The next step is to identify the source and extent of the attack its targets and the already affected systems. This will involve analysing application and system logs, network traffic, and other relevant data. Once the objectives and scope of the attack is understood, the organisation can begin to eradicate the attack by removing the malicious users/code, patching relevant exploited vulnerabilities, and restoring services including data from backups. Again, this is an area where well established SecOps services (Technology/People/Process) can be leveraged to improve detection and reaction times. Organisations should consider setting up and operating SOC services and use Risk Analysis to target security information and event management (SIEM) tools that use automation and machine learning to monitor complex networks.
Finally, organisations should conduct a post-incident analysis to confirm effective remediation and identify the root cause of the attack, what went wrong in the incident response process, and what steps can be taken to prevent similar attacks in the future. This analysis will feed into ongoing risk management activities and help to refine the security posture.
Look forward to Part 3, where we be concluding the series and discussing challenges of navigating the complexities of regulatory compliance, the value of training and awareness and the challenges presented by emerging technologies.
Arcanum is in NCSC assured consultancy, specialising in the Space sector. Visit our Space Sector page for more information on how Arcanum can help you manage the cyber security risks affecting your mission critical assets.
Christopher Bing, J. S. R. S. J. M., 2021. Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources. [Online]
Available at: https://www.reuters.com/article/us-cyber-solarwinds-china-exclusive-idUSKBN2A22K8
[Accessed May 2023].