Operators must learn from past security breaches to avoid more crippling attacks against their satellite
networks. Experts also caution against certain myths.
One of the most prevalent misconceptions is that domain specific knowledge needed for hacking is not
readily available. Various cases disproved this myth. Hackers are getting more skilled. Another
dangerous myth is that hackers must get hold of system specifications in order to succeed. This has been
proven to be wrong. It is a classic example of reverse engineering motivating hackers.
Military and government satellite communications providers are at risk of having a false sense of
security by believing that strong encryption is the key to satellite network security. The opposite could
In response to modern SATCOM security threats posed by cunning hackers, service carriers need to
focus on threat modelling instead. They need to identify potential security threats to their system and
imagine how hackers would work on it. With poor threat modelling, a lot of resources could be wasted
on ineffective security measures like firewalls, intrusion prevention, anti-virus and the like. Surprisingly,
majority of penetration tests are carried out incorrectly. Such tests often limit the scope of test so it
won't exceed the maximum level of ineffectiveness, thus deceiving the higher management and
Threat modelling involves a thorough analysis of processes, external actors, data stores and data flows.
All possible security threats should be identified automatically from data flow diagrams (DFDs) models.
Doing so will ensure efficient use of satellite security resources.
It is a must to pay attention to both insider and external threats. Cybersecurity Watch reported that 21%
of security breaches were caused by insiders,and 33% of CSOs considered such attacks as more costly.
Oftentimes, insider threats are actually accidental like malware infection while browsing.
Amid grave threats of satellite communications hacking, the conference on 'Securing Space Assets for
Peace and Future Conflict' at the National Defense University reiterated the importance of cyber
security, with majority of participants believing that securing space capabilities demands serious
attention. The United States National Institute of Standards and Technology (NIST) recommends the
development of an overall cyber security risk management framework. It also published guidelines on
processes and compliance verification.