CISA Alert AA22-076A – Strengthening Cybersecurity of SATCOM Network Providers and Customers.

This is a CISA Cybersecurity Alert. ID number Alpha Alpha Two Two tack Zero Seven Six Alpha.

​​Original release date: March 17, 2022.

CISA and the FBI are aware of possible threats to US and international satellite communication networks. Successful intrusions into SATCOM networks could create risk in customer network environments.

Given the current geopolitical situation, CISA’s Shields Up initiative requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity. To that end, CISA and the FBI strongly encourage critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the following mitigations:

1. Put in place additional monitoring at ingress and egress points to SATCOM equipment to look for anomalous traffic.
2. Use secure methods for authentication, including multifactor authentication where possible, for all accounts used to access, manage, and/or administer SATCOM networks.
3. Enforce principle of least privilege throughout authorization policies.
4. Review trust relationships.
5. Implement independent encryption across all communications links leased from, or provided by, your SATCOM provider.
6. Strengthen the security of operating systems, software, and firmware.
7. Monitor network logs for suspicious activity and unauthorized or unusual login attempts.
8. And create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan so that critical functions and operations can be kept running if technology systems—including SATCOM networks—are disrupted or need to be taken offline.

Further technical details, recommendations, and resources for these mitigations are linked in the show notes.

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

This report was written by CISA, the United States Cybersecurity and Infrastructure Security Agency, and edited and adapted for audio by the CyberWire as a public service. Please visit www dot cisa dot gov to read the full report which may include additional details, links, and illustrations. A link to this report can be found in the show notes.

This has been a CISA Cybersecurity Alert.