ISC2 has released a guide for cybersecurity practitioners to support their evaluation of the risks, challenges and use cases for privatized satellite-based communications (SATCOM).
Satellite communications (SATCOM) have become more accessible than ever,
with consumer mobile devices now able to connect to these networks. With
the expansion of connectivity comes the expansion of the risk landscape.
ISC2 has worked with 31 subject matter experts – including 29 CISSPs –
to create a guide for practitioners to use when evaluating the
cybersecurity risks, challenges and use cases for privatized
satellite-based communications. It is called Securing SATCOM Amid Rising
Demands and Threats.
SATCOM Acceleration
In the not-too-distant past, regular use of satellite-based communications was reserved for the military and maritime industries. It required unique, expensive equipment that wasn’t accessible to the everyday consumer, outside of satellite phones on commercial aircraft. There are many factors contributing to the expansion of SATCOM accessibility, not the least of which is the overall rapid advancement of technology we experience day in and day out.
We are now in an age of an emerging private space industry, otherwise known as “New Space”, spurred on by significantly lower launch costs compared to the Cold War era of satellite launches. Lower launch costs lead to profit-driven models being feasible in the private sector and more and more companies are entering the marketplace. Starlink, a subsidiary of SpaceX, first launched 60 satellites in 2019 and now has more than 7,000 in orbit. Amazon is following suite with its Project Kuiper , aiming to have more than 3,000 satellites in orbit. No doubt more private satellite networks will be in Earth’s low orbit soon.
SATCOM Functions
There are many functions that these private satellite networks can accomplish, but the primary uses are providing communications to underserved populations, specifically in remote areas where traditional networks cannot be accessed and the availability of SATCOM for use during emergency situations when traditional networks may be unavailable.
Working with subject matter experts (SMEs), ISC2 has prepared a report that outlines SATCOM cybersecurity guidance for cybersecurity professionals of midsize organizations planning or already leveraging SATCOM. It covers commercial uses such as remote connectivity, internet backup and internet of things (IoT) applications.
SATCOM Security Concerns
We surveyed volunteers on three key areas of SATCOM concern relating to cybersecurity:
- Centralized control and geopolitical risks
- Signal interception, jamming and privacy risks
- Supply chain and hardware dependency
The SMEs discussed these areas in detail through virtual workshops and provided survey responses to various questions on SATCOM in detail. Through their work, this guide summarizes SATCOM from several vantage points, including the growing importance of cybersecurity, public perception, lessons from real-world attacks, relevant regulations and best practices.
For Members, By Members
ISC2 thanks the 29 CISSP holders who helped create this guide, as well as Andrzej Olchawa, Offensive Security Researcher and Engineer, formerly of the European Space Operations Centre, and Edd Salkield, Ph.D., SATCOM Researcher at Oxford University, for sharing their expertise and supporting the creation of this guide.
Members and Associates of ISC2 can access thguide by signing in to your account, visiting the Member Benefits page and clicking the Resource filter at the top of the page.