On February 24th, between the hours of 5 a.m and 9 a.m, tens of thousands of KT-SAT SATCOM terminals suddenly stopped working in several European countries, notably Ukraine and Germany [1]. Resulting in the loss of internet for tens of thousands of people and the disconnection of 5,800 wind turbines in Germany. This outage occurred at the same time Russia launched its full-scale invasion of Ukraine [4]. Investigation into the outage has revealed that it is the result of a cyber attack, launched by unidentified hackers. It is currently not known whether they were backed by the Russian state, which has repeatedly rejected allegations that it participates in cyberattacks [1].
Back-Up, What are SATCOM Terminals? What Does SATCOM Even Mean?
SATCOM stands for satellite communication, meaning that a SATCOM terminal is a device used to communicate with satellites. They have a wide range of uses, from applications in emergency communication devices that allow vessels to send distress calls to providing basic access to the Internet [6]. SATCOM networks are used for communication in a large number of industries, including aviation, media, and military and defense. It’s estimated that about eight million Americans rely on SATCOM networks for internet access [5]. Similarly, Viasat’s KA-SAT network and its terminals (the ones that were attacked) provide high-speed satellite internet coverage to Europe and the Mediterranean, and developmentally, the Ukrainian military is recorded to be using this type of satellite terminal [3]. Over the past several years, Ukraine’s military and security services have purchased communications systems that run over Viasat’s network and government contracts have been reviewed to show that the KA-SAT network has provided internet connectivity to the Ukrainian military and police units [1].
Image Source: https://en.wikipedia.org/wiki/KA-SAT
The Attack and Its Consequences
From what is publically known so far, the attack:
- Began on February 24th, between 5 a.m and 9.am [1].
- Was launched by unidentified hackers, accordingly the Russian government has denied any involvement [1].
- Has disabled tens of thousands of modems that communicate with Viasat’s KA-SAT satellite, kicking out internet connectivity to tens of thousands in the affected area [1].
- Has disconnected the operations of 5,800 wind turbines (which utilize SATCOM modems) owned by the German company Enercon. [2].
- Has affected Ukrainian military communications such that the attack has been acknowledged as “a huge loss for them in terms of communications in the very beginning of war” [3].
- Was a result of a misconfiguration in the “management section” of the satellite network that had allowed the hackers to gain remote access into the modems, knocking them offline. [1].
- Has damaged the modems to the extent that most of the affected devices were rendered inoperable and would need to be reprogrammed either by a technician on site or at a repair depot and that some would have to be swapped out. Notably, more than two weeks later some still remain offline [1].
Image Source: https://www.zdnet.com/article/viasat-confirms-cyberattack-causing-outages-across-europe/
Why Should I Care? How Does This Relate To Cybersecurity?
Within the realm of cyberattacks and cyberwarfare, the scope and effect of recent attacks have been limited to targeting private companies [11], government websites, and infrastructure [12]. While these attacks have been devastating (and costly), up until recently, larger-scale systems such as SATCOM networks have been relatively safe. However, the recent Viasat attack has shown that satellite communications networks are not only vulnerable to but already have been targeted by cyberattacks, with a sizable level of success. The utility and value that these networks provide cannot be overstated, particularly regarding military usage. A successful attack could render a communications blackout for an entire army and distress calls could be blocked or power generation depots could be shut down, darkening entire cities.
Not only does the current risk regarding these large networks include the devastating costs of a successful attack but also in the widespread and international nature of these types of networks. The KA-SAT network alone covers broad areas of Europe and the Mediterranean [1]. The attack on the 24th was harmful enough. Imagine that a more destructive attack was to be successfully launched, the damage would not only be disastrous but also far-reaching. With such dire possible consequences, cybersecurity regarding satellite communication is as vital as ever.
While some SATCOM networks are currently vulnerable, all hope is not lost. a joint CISA-FBI advisory issued on the 17th urged SATCOM network providers and critical infrastructure organizations that rely on these networks to reinforce their cybersecurity defenses due to an increased possibility of cyberattack [5]. The advisory outlines defensive actions for both SATCOM providers and their customers to take amid investigations into the Viasat attack [10]. Those that were attacked are taking action as well. Viasat and Enercon are taking steps to repair their systems:
- Enercon reports that it is working with the operators of the affected wind farms to set up alternative ways to regain remote control of the turbines. There was no risk to the turbines as they continued to operate on “auto mode,” the company said [2].
- Viasat is working with distributors to restore service for those fixed broadband users in Europe impacted by this event, with a priority focus on critical infrastructure and humanitarian assistance [5].
A Hopeful Conclusion
Ultimately, the attack on the 24th was not permanently damaging and has not caused an immediate loss of life (outside of any casualties caused by the interruption of military communications in Ukraine). While the temporary halt of internet connectivity, communications, and wind power generation control was shocking, the affected systems are in repair. Not only has the attack raised eyebrows regarding SATCOM security but it has also triggered a response involving steps to reinforce the digital security of these networks so that future (potentially more harmful) attacks can be prevented.
References:
- https://www.reuters.com/world/europe/exclusive-us-spy-agency-probes-sabotage-satellite-internet-during-russian-2022-03-11/
- https://www.reuters.com/business/energy/satellite-outage-knocks-out-control-enercon-wind-turbines-2022-02-28/
- https://www.reuters.com/world/satellite-outage-caused-huge-loss-communications-wars-outset-ukrainian-official-2022-03-15/
- https://www.reversemode.com/2022/03/satcom-terminals-under-attack-in-europe.html
- https://techcrunch.com/2022/03/18/cisa-fbi-satellite-networks/
- https://www.goincognito.co/info-massive-cyber-attack-in-europe/
- https://www.zdnet.com/article/viasat-confirms-cyberattack-causing-outages-across-europe/
- https://www.zdnet.com/article/cisa-and-fbi-warn-over-threats-to-satellite-communications-networks/
- https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/
- https://www.cisa.gov/uscert/ncas/alerts/aa22-076a
- https://www.itworldcanada.com/article/cyber-security-today-march-2-2022-toyota-and-aon-deal-with-cyber-attacks-updates-on-axis-and-nvidia-attacks-and-more/474804
- https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
Interesting post! These days almost every is electronic device is smart i.e they require internet to work. An example from the blog could be the 5,800 effected wind turbines which were disconnected because they utilize SATCOM modems. No doubt this cyberattack would have effected a lot of people. It is nice to hear that the system is under repair now, and hopefully the company will upgrade their security system.
A very good post that details a specific, and dangerous, tactic in cyberwarfare. Though I know little about this, it seems to be that the Russians may have also targeted Germany by accident (the Germans were originally hesitant to provoke Russia before the Russian invasion of Ukraine). I can very well be wrong here, but if I am correct that the Germans were just caught in the middle in this cyber attack because they used SATCOM that the Ukrainians were using, then it appears that non-targets can still be attacked based on how indiscriminate the attack is (i.e., Germans and Ukrainians are using similar satellite technology).
Fortunately, as you have mentioned, these systems are being repaired and steps are being taken to prevent a similar attack in the future. Now, since satellites are now becoming a target before the commencement of military operations, this will likely remain a valued target to wannabe aggressor-states. We only get more problems whenever the Kremlin and like-minded antagonists become involved…
Very informative and relevent post here!
I did not know too much prior about SATCOMs but I do see how the conflict going on causes some security issues. Given that they are important, any cyberattacks can create a lot of chaos. It is great to see that there are improvements being made and repairs are being implemented. This will prevent very similar attacks in the future from causing the same damage. Due to my limited knowledge about this topic, it was something I definitely overlooked as a security threat. Thanks for sharing.
Very engaging post. You made a lot of good points, such as a similar larger scale attack. This is the problem with a huge network, too many dysfunctions can occur if the entire network has problems. I do believe that a more devastating cyberattack will occur, as much as I don’t want that to happen. Hopefully Ukraine, Germany, and any other countries using SATCOM will find a way to prevent this type of attack before someone tries it again.
Very interesting post! Despite the Russian government denying any involvement, it is clear to see that this is a likely strategy for disrupting modern military communication systems, so even if not done on purpose in this case, it may be done on purpose in the future. I’m glad that no lives were directly lost, and that this has raised concerns about the security of SATCOM systems, as they are an integral part of modern infrastructure of varying kinds and vulnerabilities in them could have devastating consequences if not fixed.
The Russians have a high level of expertise of when it comes to Cyberwarfare, to the point where there’s a wiki detailing some of the attacks that they’ve made in recent years! Now with Russia being the most sanctioned country in the entire world, it’ll be interesting to see what further attacks will be launched from within Russia, targeting any asset with financial value since the Ruble has greatly depreciated and the country is now facing hard times looking forward.
I feel like this is something that is largely an issue both because of our reliance on the internet, as well as a general disregard for pre-internet ways of doing things. Many of us don’t even take notes on paper anymore (I do not, for instance) because its easier to have them stored on something like OneNote which will keep everything stored and synced. However, should a service like this go down due to a lack of internet, we would find ourselves very vulnerable to these types of interruptions. It becomes somewhat more concerning when considering the consequences with regards to defense, medicine, or education, as internet reliance has invaded these areas as well.
As you pointed out, it wasn’t the end of the world for those affected, and there are adjustments that can be made. At the same time, I do think that this should serve as a cautionary tale for most regarding their reliance on the internet; while its super convenient and easy, it might be best to keep some important things on paper so that they can be accessed when needed. Whether this involved printing out important webpages, or keeping a journal to store important information, it could save a lot of heartache if any interruptions occur (whether as a result of malicious cyber attacks, or weather impacting the infrastructure).
This post is disturbing indeed. I wonder if space probes and ships could be hacked as well. It also makes me think we should reconsider the interconnectivity of critical devices such as wind turbines and SATCOM.
Everything today depends a lot on internet and it makes everyone vulnerable to attacks. I was unaware about the security threats and SATCOM. It was a new to me. Great Post, Very informative.
This is a very interesting article. You brought up some excellent points, such as a similar large-scale attack. This is the difficulty with a large network: if the entire network is down, too many malfunctions can occur. As much as I don’t want it to happen, I believe a more destructive hack will occur. Hopefully, Ukraine, Germany, and any other SATCOM-using countries will figure out how to avoid this type of attack before it happens again.
It seems pretty evident that this attack was backed by Russia. Knocking out an enemy’s communication when launching an attack is a very obvious and effective tactic, and Russia is no stranger to cyberattacks. What I find interesting is that this attack also affected Germany. It could have been collateral damage, but it is also possible that this was a kind of message. Russia is deeply invested in keeping Western Europe out of the war in Ukraine, and an attack like this on a geopolitical powerhouse in Western Europe sends the message that involvement in Ukraine carries additional costs.
Something as vital, large, and depended on by military organizations is a very appealing target for cyberattacks, and as you’ve stated, if security is not improved, the ramifications of a larger scale attack could be devastating.
This post shows how much can be affected by cyberattacks. The shutdown of the operations of 5,800 wind turbines can take down a considerable portion of the power grid, meaning lives are at stake, affecting hospitals, food production, and transportation (traffic lights down), not to mention communications in the case of emergencies. Our growing reliance on technology has made us vulnerable to situations like this where we lose access to power. This post was very informative but I have to say I am not surprised given Russia’s reputation.
As sad as this news is, the fact that a cyberattack can take down satellite is kind of ground breaking as no one ever excepted them to take out services provided by those satellites. This is precisely why Ukraine was caught off-guard.
Even though there were no life lost in this cyberattack, a n attack on a bigger scale might come with devastating effects as this was a country wide cyber attack and this shows that in today’s world, we need to focus on cryptography as everything around us digital nowadays.
Great Post! nowadays everybody depends on internet and almost every work we do is dependent on it and even a small breach in that is gonna affect our day to day life we won’t be able to finish our tasks which proves how much we rely on it.
This is a great article! This is the difficulty with a large network: if the entire network goes down, too many problems can develop. Even though the Russian government has denied any involvement, it is difficult to think they were not participating. The consequences of a larger-scale attack might be disastrous if security is not enhanced.
Very interesting to see a huge attack like this. You would think things in SPACE would be safe but clearly not. It really puts into perspective how anything with a connection/provides a connection really is targetable and even something as trivial as having an internet connection could be jeopardized!
Interesting post! To think that internet service for such a large area can be taken out all at once is very startling. I believe without a doubt that this attack was ordered by some Russian oligarch or military official to try and conceal their invasion of Ukraine from Europe. I thought that the only way to attack SATCOM would be to take down the satellite physically but it seems that where there’s a will there is a way. Hopefully security experts can find the source of this vulnerability before it gets exploited again.
With the development of network and communication technology, this new communication mode is also gradually applied to military activities. At present, people’s life is very dependent on the Internet, including the transmission of important information. Attacks on communications satellites have increasingly appeared in military conflicts. The technology is very dangerous, given its ability to cause blackouts and shut down power stations. Although nuclear weapons remain limited, a cyber-attack using satellites to interfere with a nuclear plant’s operating equipment could be devastating.
Great post! Considering the fact that SATCOM arrays were both widely used, and generally considered to be somewhat safe from attack, do you think it is still the case that SATCOM arrays remain a viable method of communications that can still be relied upon in an emergency (such as a wartime scenario), or does this roll back the curtains, so to speak, and expose some previously unseen flaws in the network?
It is very interesting to see the increase in cyberattacks since the Russian invasion of Ukraine. These SATCOM terminals are very important and crucial economic activities are dependent on this including operation of wind turbines. This shows how cyber attacks can cause lots of damage to countries and societies.
It’s quite spooky the amount of damage that can be done remotely if you’re equipped with the technological knowledge. Hacking satellite networks and disabling entire power grids is something that we used to see in movies to exaggerate the power of hacking, but it appears that this is no longer a hyperbole. It’s a good thing that we’re now working on making these networks stronger and less susceptible to getting hacked, but this is usually a cat and mouse game where attackers will probably find new inventive ways of attacking these systems. Here’s to hoping for a speedy recovery of these networks.
This is a fascinating subject! Officials from Russia have denied any involvement in the hacking of US military communications systems. Because SATCOM systems are such an important part of today’s infrastructure, security concerns have arisen. SATCOM vulnerabilities might have severe consequences if they are not addressed.
This post itself is a symphony of the importance of improving cyberinfrastructure. The very fact that satellites can be targetted is a grave cause of concern. I could imagine if Canada was at war and the satellites were targeted in an attempt to subvert military and civilian communication. It would be a domestic catastrophe. I also agree with Kakarlapudi’s comment on the consequences associated with satellite hacking. In your opinion, what do you think should be done to ensure this does not happen? and what policies can be implemented to plaster any vulnerability existing within our own network and satellite?
This post itself is a symphony of the importance of improving cyberinfrastructure. The very fact that satellites can be targetted is a grave cause of concern. I could imagine if Canada was at war and the satellites were targeted in an attempt to subvert military and civilian communication. It would be a domestic catastrophe. I also agree with Kakarlapudi’s comment on the consequences associated with satellite hacking. In your opinion, what do you think should be done to ensure this does not happen? and what policies can be implemented to plaster any vulnerability existing within our own network and satellite?
Very informative post! It is crazy to think that destroying a few satellites can cause so many problems. I guess it was a good tactic for Russia to try and cut off Ukrainian communications, since it would make invading easier, but it is sad that it happened. I’m also surprised that Germany did not do anything to retaliate against Russia since this was basically an attack on Germany that affected them as well. Hopefully Ukraine does not suffer too much because of this. Nice post!
Interesting posts. Once the satellite communication terminal stops working, people will not be able to access the Internet, and there will be the problem of power failure. These large-scale cyber risks are often devastating, especially for military operations. Network failure will affect many people and network security will decline. However, it is very good for Viasat and Enercon to take measures to repair their system. Their actions can strengthen the security defence of the network and avoid more harmful attacks.