CISA's Goldstein: Ukrainian response to Viasat hack proves need for redundancy, resilience

The Ukrainian military’s ability to recover from the Russian attack on satellite company Viasat is an example of the need for redundant systems and resilient organizations, according to a top U.S. government cybersecurity official.

At the Aspen Cyber Summit in New York on Wednesday, Cybersecurity and Infrastructure Security Agency (CISA) executive director of cybersecurity Eric Goldstein and retired U.S. Air Force general Jack Weinstein spoke about the growing need for awareness about the cybersecurity threats facing space technology.

“Space is a horizontal dependency across every other critical sector. There is no sector that does not depend on space assets,” Goldstein said.

As an example of the importance of space technology, the conversation shifted to the Russian military’s attack on satellite internet provider Viasat.

The cyberattack last February left Viasat’s KA-SAT modems inoperable in Ukraine. The attack had several other downstream effects, causing the malfunction of 5,800 Enercon wind turbines in Germany and disruptions to thousands of organizations across Europe.

According to U.S. and European Union officials, the attack on Viasat was intended to degrade the ability of the Ukrainian government and military to communicate.

But Goldstein explained that the results of the attack, while devastating for some of Viasat’s customers, did not have a long-lasting effect on the Ukrainian military’s ability to operate.

“What we saw in practice is even though the attack on Viasat was very impactful for Viasat, very impactful for a variety of customers across Europe, it actually wasn't that impactful for the Ukrainian military because they have built in resilient communications to make sure that they were able to quickly alter measures and keep fighting,” he said.

“And that, I think, is really the key point here. We know that we're not going to cyber defend our way out of this and have to build resilience.”

Weinstein added that this kind of resilience is something the U.S. Space Force is now working on.

Later in the conversation Goldstein warned that attacks on space infrastructure are now moving beyond nation states and into the criminal realm. One of his concerns is that while it is fairly easy to sketch out the goals of nation states, criminal organizations are more difficult to understand.

One way to address this is to have a better understanding of what assets are in space, Weinstein said, noting that an organization like the Federal Aviation Administration (FAA) is needed to catalog what satellites are in the sky.

“While the military is doing this, it's really not a military responsibility,” he said.

In August, U.S. intelligence agencies warned of increasing cyberattacks targeting U.S.-based space companies by unnamed foreign intelligence services.

The influential Cyberspace Solarium Commission told The White House in April that it should formally name space as a critical infrastructure sector and take steps to protect satellites and other space systems against cyberattacks.

For years, vulnerabilities in space infrastructure have been a point of interest for cybersecurity researchers. In April, hackers proved they could seize control of a European Space Agency (ESA) satellite, and at the recent DefCon conference in Las Vegas an entire “space village” was created where researchers discussed satellite vulnerabilities and shared tips or concerns about the sector.

There have been several recent claims of cyberattacks and ransomware incidents targeting the space industry, including a March ransomware attack on SpaceX-supplier Maximum Industries that was never publicly acknowledged.

Hackers have also gone after multiple space observatories in the U.S. and in Chile in recent months, targeting researchers using powerful telescopes.