Five Questions to Ask Your Satellite Service Provider About Information Assurance

By Vinit Duggal, Director and Chief Information Security Officer, Intelsat

Reposted from the Intelsat Corporation blog.

Today’s threat landscape is persistent and pervasive. The volume of attacks and level of sophistication are only increasing.  The recent state sponsored attacks and data breaches at major global organizations have raised the alert level on cybersecurity to unprecedented levels – and with good reason. While attacks may be nuisance-based or financially driven, state-sponsored and more sophisticated strikes are carried out every day.

At the same time, the explosion of data and the rise of the mobile landscape for both business and personal use have complicated the securing of assets even more. It is critical in today’s world to ensure that data is secure no matter where it resides. But how?

For any enterprise leveraging a communications network for commerce of any sort, here are five questions to ask of your satellite provider.

1. How are you securing your networks (not just your satellites)?

Securing satellite networks is a complex undertaking given the nature and scope of the satellite ecosystem.  With the rise of 3G/4G/LTE networks, it is no longer enough to focus on securing just the satellite itself. Today, the typical satellite network architecture is global and spans terrestrial and satellite links as well as cellular, internet and/or microwave connections.

The challenge is to ensure that the entire ecosystem, not just your company, has the right security posture to harden your company against the gamut of attacks pervasive in today’s environment.  The threats, as the recent Target breach proved, might originate from internal and/or external sources.  They can be in the form of Spam, Spear Phishing, Distributed Denial of Service, Interference, Targeted Malware, Data Loss & Interception and State Sponsored. It is no longer enough to make sure that just the satellite infrastructure has the right security policies and procedures in place. Ask whether equipment providers and customers have implemented layered controls and countermeasures to help mitigate the threat of an attack that could impair the entire ecosystem.

2. What is your Information Assurance plan? What are the key elements?

A satellite provider’s security program should include prevention, detection and restoration protocols. Satellite operators need to take a systematic defense-in-depth approach to detect, prevent and mitigate attacks, thereby enhancing resilience and mission assurance in their satellite, ground and network infrastructure.

An operator’s Information Assurance plan should include most, if not all, of the following characteristics.

• Integrated Security Program

The satellite service provider and its ecosystem partners should have integrated plans in place to adhere to the most stringent information assurance compliance criteria. At the same time, your satellite operator should have standalone Information Security functions that operate separately from the ecosystem partners and also apart from its own network and satellite operations. This ensures that their security and monitoring of the framework remains centrally managed and controlled by the satellite operator.

• Layered Security Framework

A comprehensive and layered framework needs to be built to ensure the confidentiality, availability and integrity of the satellite operator’s services.  Security should be at the core of the design and configuration of a satellite service provider’s infrastructure, network and service delivery architectures.

• Assessment and Remediation Program

A comprehensive Information Assurance assessment and remediation program should include recurring penetration assessments, organization-wide control assessments and third-party Service Organization Control audits against the service provider’s satellite and terrestrial service environments. This includes satellite commanding, teleport, terrestrial and service management infrastructure and relevant service procedures.

Policies and procedures must be in place to ensure that every level of the organization is aware of the security measures. Information Assurance cannot be an afterthought. The company’s culture and operational fabric should include education and awareness of cyber threats, what to avoid and how to respond to a cyber-attack.

• Standard Compliance

It is critical that satellite service providers and their ecosystem partners comply with the latest security standards. For example, Intelsat complies with National Information Assurance Policy established for Space Systems used to Support National Security Missions (CNSSP-12).

3. What measures will you incorporate to ensure that the satellite portion of my network will remain available during a breach or an attack?

Unfortunately, in this day and age, one is wise to expect the unexpected. The question is not whether there will be any attacks, but how well your satellite operator can manage a breach and still maintain your network availability and integrity. High availability and resiliency must be incorporated into the design, implementation and operations of a satellite provider’s services.  A layered security framework and strong policies and procedures are necessary to ensure appropriate and rapid action to remediate events and maintain control in the event of interference or a cyber-attack.

To that end, fully redundant, hot standby satellite operation centers should be implemented, so each center can command the entire fleet at any time, transmit commands utilizing multiple teleports and remotely operate the other center’s equipment. In addition, the provider should deploy primary and back up TT&C antennas, redundant terrestrial connectivity and the ability to leverage their global locations in the event of an incident.  A combination of facility, RF and command encryption practices provides a layered structure that mitigates the impact of interference with secure commanding and uninterrupted satellite control.

4. What security measures do you have in place to ensure that your network is only accessed by authorized personnel?

It’s a fact that internal threats, whether intentional or not, are often the cause of security breaches. Therefore, it is critical for a satellite operator to have the right layers of physical and logical security controls and processes at its locations. This includes gated access, security cameras, badge controlled access and manned security desks at primary entry points. Additional physical controls should be required and implemented within critical operations areas. Satellite Operations should reside in a segmented and protected environment. Procedures related to logical access control should be centrally managed within their respective environments and based on the principles of authorized approval, least privilege, role-based access and segregation of duties. All network segmentation and network access controls should be managed and overseen by Information Security within that organization.

5. What are you doing to keep ahead of the fast changing threat environment?

Protecting a satellite network from cyber-attacks is a complex and ongoing process. The best protection employs layers of countermeasures to combat and mitigate the most advanced threats

To stay abreast of increasingly sophisticated and powerful attacks, a satellite operator’s Information Assurance program should be:

• Preventative: with advanced assessment, indicator, analysis and prevention countermeasures and controls to block threats and exploit attempts.

• Detective: identifying threats with intelligence sources, anomaly, signature and behavior-based techniques, among other detection measures.

• Access-and Authentication: measures to enforce authorized and secure access to information resources.

• Management: event correlation and management as well as configuration of controls and countermeasures all integrated.

At Intelsat, we are constantly refining our security controls, processes and procedures to ensure that we stay at the forefront of the technology advances occurring and the threats resulting from any shifts in our operating environment.

To access the full white paper, please click here.