This is part 1 of 3 blogs, written by Sam Stait, Senior Cyber Consultant.
“Satellites are increasingly relied upon for nation critical services and the importance of managing cybersecurity risk has never been higher”
As a cyber security consultancy in the global space sector, Arcanum supports commercial satellite operators in the reduction of their cyber security risks and in meeting relevant compliance requirements. As commercial satellites are increasingly relied upon for nation critical services, a comprehensive approach to cybersecurity is crucial, and the importance of managing cybersecurity risk has never been higher. This requires organisations to adopt a robust approach to identifying and managing risk, addressing governance, understanding their threat landscape, securing their supply chain, as well as ensuring they have well practiced and resourced mechanisms to support incident response, regulatory compliance, training and awareness, and dealing with emerging technologies. In this series of posts, we will delve into these areas in turn and provide insights as to how organisations can strengthen their cybersecurity posture and manage their risks more effectively.
The Importance of Good Governance
As the commercial space industry continues to grow, so too do the threats directed at space infrastructure. To protect against these threats, it is crucial for commercial space companies to implement an effective cybersecurity governance framework.
Cybersecurity governance refers to the processes, policies, and procedures that are put in place to ensure that an organisation’s cybersecurity program is effective, efficient, and meets the needs of the business. This includes the implementation of a cybersecurity strategy and services that cover all areas of security and establishing clear lines of responsibility and accountability for cybersecurity within the organisation.
One of the most important aspects of cybersecurity governance is the documentation of policies, procedures, and processes. By documenting these elements, organisations can ensure that have considered all relevant aspects of security and everyone within the business understands their role in cybersecurity, how to respond to security incidents, and how to implement security measures in their day-to-day work. Additionally, documentation can serve as a reference point for audits, assessments, and reviews, allowing organisations to better navigate their regulatory and compliance requirements.
Another important aspect of cyber security governance is the establishment of a cyber risk management program. This includes conducting regular threat and risk assessments to identify potential threats and vulnerabilities and implementing controls to mitigate these risks. By regularly assessing and managing cyber risk, organisations can ensure that their cyber security program is effective and up to date. There are many risk management frameworks that can be adopted, ISO3100, and NIST 800-39 are two well know and internationally recognised risk management frameworks. Organisations should choose the framework that is the best fit for their context. However, it is always useful to be familiar with several frameworks, as different compliance requirements may require adherence to specific frameworks.
Overall, cyber security governance is critical for commercial space companies to ensure that their security service operations adequately protect their mission-critical assets from cyber security threats. An effective governance framework is the basis for how this can be achieved and should include a comprehensive cyber security strategy, clear lines of responsibility and accountability, and documentation of policies, procedures, and processes. By implementing a strong cyber security governance program, organisations can reduce the likelihood of successful cyber-attacks and ensure the confidentiality, integrity, and availability of their assets and data are maintained.
Understanding the Evolving Threat Landscape
Recently there’s been an increased in reliance on the commercial space industry for the provision of satellite support to communication, navigation, and surveillance apparatus. It is no wonder that we have seen a significant increase in the number and type of cyber threats affecting organisations in the commercial space sector.
Threat actors targeting commercial space companies cover the full spectrum, from Advanced Persistent Threats (APTs) and nation-state actors to terrorist groups, hacktivists, and cybercriminals. Their motives range from financial gain to geopolitical and military advantages. Threat actors are leveraging a wide range of sophisticated and non-sophisticated techniques to compromise systems, including the use of malware, ransomware, and social engineering techniques, and infiltrating the supply chain. A recent example of this was at the beginning of the Russia-Ukraine war, where it is believed that Russian operatives attacks elements of the Viasat ground networks using a type of wiper malware called AcidRain (O’Neillarchive, 2022). The attack caused widespread disruption to the Ukrainian communications infrastructure, which greatly aided the Russian ground forces in the initial days of the invasion, but the lasting effects of the attack have proved to be more widespread, as permeant damage has been reported to have been caused to energy infrastructure in countries as far away as Germany (Christopher Bing, 2021).
Satellite ground stations are of particular concern when looking at cybersecurity risk. This is because for many organisations, their ground stations are geographically dispersed, and they often rely on third parties for the provision of physical infrastructure and maintenance. This means that the level of control that can be applied is somewhat limited and often varies depending on the geographic region. One of the first tasks in solving this issue is to fully understand the threats to those assets, wherever they may be.
Establishing a business focused threat intelligence program is highly recommended so that organisations can better gather information on emerging cyber threats and vulnerabilities that are specific to the technologies and regions of the planet they are operating from. This program can include monitoring security forums, engaging with information sharing and analysis centres (ISACs), and collaborating with government agencies to stay updated on the latest threats.
It is also important to leverage technology where you can. Threat intelligence platforms and threat-hunting tools can be used to gather, analyse, and monitor threat information from various sources. These platforms often leverage automation and machine learning to aggregate threat data, identify patterns, and provide actionable insights. They can help organisations stay updated on the latest threats, vulnerabilities, and attack techniques specific to the space industry.
Look forward to Part 2, where we will discuss the importance of securing the supply chain and responding effectively to incidents.
Arcanum is in NCSC assured consultancy, specialising in the Space sector. Visit our Space Sector page for more information on how Arcanum can help you manage the cyber security risks affecting your mission critical assets.