Update 1 to CISA Alert AA22-076A – Strengthening cybersecurity of SATCOM network providers and customers.

This is a CISA Cybersecurity Alert. ID number Alpha Alpha Two Two tack Zero Seven Six Alpha, Update One.

Update released: May Tenth, twenty twenty two.

 

CISA and the FBI have updated this joint cybersecurity advisory with attribution of recent cyber threat activity against SATCOM networks to Russian state-sponsored cyber actors. The US government assesses that Russia launched cyberattacks in late February against commercial SATCOM networks to disrupt Ukrainian command and control during the Russia invasion, and those actions had spillover effects on other European countries.

 

CISA is working with both international and Joint Cyber Defense Collaborative partners to strengthen cybersecurity resilience and to protect against and respond to this malicious cyber activity. CISA urges public and private sector partners to review and implement the guidance contained in these cybersecurity advisories. Links to these resources can be found in the show notes. 

 

The following is from the original text of CISA Cybersecurity Alert ID number Alpha Alpha Two Two tack Zero Seven Six Alpha.

 

​​Original release date: March Seventeenth, twenty twenty two.

 

CISA and the FBI are aware of possible threats to US and international satellite communication networks. Successful intrusions into SATCOM networks could create risk in customer network environments.

 

Given the current geopolitical situation, CISA’s Shields Up initiative requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity. CISA and the FBI strongly encourage critical infrastructure organizations, SATCOM network providers, and SATCOM customers to review and implement the mitigation actions listed in this alert. CISA recommends these organizations…

 

Put in place additional monitoring at ingress and egress points to SATCOM equipment to look for anomalous traffic.

 

Use secure authentication methods for all accounts used to access, manage, or administer SATCOM networks.

 

Enforce the principle of least privilege throughout authorization policies.

 

Implement independent encryption across all communications links leased from, or provided by, a SATCOM provider.

Monitor network logs for suspicious activity and unauthorized or unusual login attempts.

 

And maintain and exercise a cyber incident response plan, resilience plan, and continuity of operations plan in the event SATCOM networks are disrupted.

Further technical details, recommendations, and resources for these mitigations are linked in the show notes.

 

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

 

This report was written by CISA, the United States Cybersecurity and Infrastructure Security Agency, and edited and adapted for audio by the CyberWire as a public service. Please visit www dot cisa dot gov to read the full report which may include additional details, links, and illustrations. A link to this report can be found in the show notes.

This has been a CISA Cybersecurity Alert.