WASHINGTON — The biggest known cyberattack of the Ukraine war happened more than a year ago when Russian hackers targeted satellite modems and knocked Viasat’s KA-SAT customers offline in Ukraine and other parts of Europe.
Viasat, a global communications firm based in Carlsbad, California, used the lessons from that attack and intelligence data from the U.S. government to develop a cybersecurity solution that can be applied to its entire global network.
The company earlier this month introduced an “intrusion detection service” it developed using classified U.S. government threat intelligence to identify threats on the network, Craig Miller, president of Viasat Government Systems, told SpaceNews on the sidelines of the Satellite 2023 conference.
“Unfortunately this capability was not deployed on KA-SAT at the event that happened in 2022,” Miller said. The new service, known as a “zero trust architecture” is now deployed on the company’s own network and on critical U.S. infrastructure managed by the Department of Homeland Security.
“We’re starting to get some very interesting data,” Miller said. “It’s hard to say categorically that this has stopped a cyber attack, but we have caught things and stopped things that potentially wouldn’t have been stopped by other tools.”
Unlike traditional cybersecurity techniques that focus on perimeter defense and access control, a zero-trust architecture assumes all devices are potential threats. “We’re always looking at behavioral patterns,” Miller said. “Does it look different than normal? Does that look like a malicious thing? And we’re often able to find things that would be considered zero-day attacks.”
Anyone could be a threat
Protecting a global commercial network with a million users can be harder than defending DoD networks that restrict access, Miller explained.
Government agencies “have total control of the population that’s allowed to come onto the network,” whereas a satellite internet provider like Viasat has to deal with the reality that ‘anyone with 50 bucks a month and good credit can come on our network. And in the developing world, anyone with a couple of bucks a month is welcome to come on to our network.”
The whole network is “exposed all the time,” he said. The new zero-trust system assumes that an attacker has a way into the network and “prevents them from doing anything malicious or moving laterally within the network.”
The solution Viasat developed is called a “trusted cyber sensor,” he said. “Instead of holding keys, it holds classified threat indicators that we get from the National Security Agency and DHS as part of the partnership to operate that product on an unclassified network.”
Viasat created machine-learning algorithms that were trained against data collected from its own network. “You get a pretty good sample of all the malicious effects and malicious data patterns that are out there.”
“Our algorithms have advanced to a point where we have our own set of proprietary threat indicators that detect a lot of things that can’t be detected by commercially available tools,” Miller said. “And in some cases, we detect things that even the NSA and DHS threat intelligence feeds don’t detect.”
DoD’s reliance on commercial satcom
Zero-trust architectures are now the preferred approach to defend not just commercial but military networks, Sam Visner, technical fellow at MITRE Corp. and vice chair of the Space ISAC, said March 13 at the Satellite conference.
“All of these systems are essential to our national interests, as we’ve seen in this war in Ukraine,” said Visner. He said DoD is looking to deploy zero-trust cybersecurity as part of a broader plan to rely on “hybrid” networks of commercial and government satellites.
“As you saw at the beginning of the war, some of the principal attacks against were against the commercial systems on which the military depends,” he said. “Systems that have been built by the private sector are therefore subject to the same threats as military systems and require the same mitigation.”