MILSATCOM networks present unique challenges in providing effective defense against adversaries and the multiple attack vectors available to them in a MILSATCOM network. Similar to other networked environments, applying cybersecurity in a military satellite communications (MILSATCOM) environment requires a layered security approach. A Defense-in-Depth strategy supports information assurance (IA) in a networked environment that provides availability, integrity, authentication, confidentiality and non-repudiation.
Satellite’s large geographic coverage and transmission medium makes it especially susceptible to everything from passive communications monitoring to active attacks on the communications channel and the computer systems that comprise the system. A strong and effective layered IA strategy in a MILSATCOM network can be achieved through the application of security services based on the “protect, detect and react” paradigm.
Protect
Protecting MILSATCOM systems from intrusions and disruptions requires an IA architecture that allows for the defense of the MILSATCOM network from multiple points of attack.
These defenses include network infrastructure, enclave boundaries and computing environment, to name but a few. Preferably, the technology procured by the U.S. Department of Defense (DoD) will be validated by trusted, third-party entities and follow developed IA standards.
iDirect Government’s Evolution Defense system serves as a good example of a MILSATCOM system that has been architected to offer protection from multiple attack vectors. In the Evolution Defense system solution, iDirectGov incorporates transmission security (TRANSEC) capabilities. This is important as the link and network layer encryption and traffic flow security need protection against bad actors who stand by to monitor, exploit and intercept communications.
Even a small spike in traffic can be a critical piece of intelligence. Therefore, concerning Defense network infrastructure, the need to mask any communications activity becomes apparent.
Another point of attack in a Defense network centers on enclave boundaries, where an internal network service layer links to an external network’s service layer. Obviously, this can be a means for an active network attack method and exploiting new vulnerabilities as attack methods are constantly changing.
Applying security standards to continually monitor for major system vulnerabilities is critically important part of any organization’s tools and procedures. Frameworks, such as Security Content Automation Protocol (SCAP), allows administrators to scan SATCOM network computer systems based on a security baseline. Since 1998, the Defense Information Systems Agency (DISA) Field Security Operations (FSO) has played a critical role in enhancing the DoD’s security systems by providing SCAPs. These provide technical guidance to “lock down” information systems and software that might otherwise be vulnerable to a malicious computer attack.
iDirectGov’s implementation of SCAP standards ensures that the highest level of compliance is met. In addition, it supports several, manual configuration changes to meet additional SCAP guidelines, including Red Hat Linux-specific recommendations. On the terminal side of the SATCOM network, maintaining a security baseline is just as critical as the systems in a physically secure teleport. iDirectGov conducts the SHIELD scans (U.S. DoD approved Nessus scans) to evaluate the company’s 9-Series remotes for vulnerabilities that hackers could use to access a system or network. The data is then used to design a Remote Security Bulletin (RSB) that is posted to the company’s TAC website for SHIELD subscribers to load to their remote hardware.
These security update packages for remotes are available approximately twice per year and cover all current 9-Series modems and future variants.
Detect
In addition to implementing protections, organizations need to expect attacks and have the proper tools in place to detect and recover when they occur. In MILSATCOM networks, the ability to detect an attack starts with arguably its most vulnerable aspect — the radio frequency (RF) link.
Spectrum monitoring tools are a vital part of detecting hostile (or even accidental) interference. Effective tools should perform automatic and operator-directed monitoring to detect interferences and unauthorized users. They should measure carrier and transponder performance and they should generate out-of-tolerance alarm.
These tools allow the user to effectively measure and analyze the transponder spectrum. Spectrum monitoring products, such as iDirectGov’s Model 1000 Series, can be used as stand-alone appliances, or as part of a larger spectrum monitoring network with a flexible architecture allows for plug-and-play operation locally and/ or remotely via a standard local area network (LAN)/ wide area network (WAN).
Once an attack has been detected, an organization should be prepared to react as quickly as possible while mitigating the impact of the attack. Detection alone is not sufficient in achieving IA. A MILSATCOM Defense-In-Depth architecture will include the ability to locate and mitigate any threats once detected with the maximum amount of flexibility and efficiency.
React
Finally, in addition to putting in place the proper protection and detection technologies and operational procedures, it is critical to have the ability to analyze, correlate and react to threats. To react effectively, technologies need to be implemented that allow “operations” staff to answer basic questions such as, “Who is the source?” “Where is the source?” What are my options for mitigation?”
The ability to locate the interference source in a MILSATCOM network is critical to quickly identifying whether the inference signal is caused by intentional actors, human error or equipment failure. Identifying the geolocation of an interferer will help an operations team and its command to make decisions on which mitigation actions to take.
Fully featured geolocation technology allows operators to view real-time spectra for the detection and characterization of interference with speed and ease. iDirectGov Model 8000, for example, seamlessly transitions from detecting the interference to geolocating the interference with the click of a button. It locates the interference by taking advantage of the weak replica of the signal that an adjacent satellite will receive.
Downlinks for the primary and adjacent satellites are acquired and analyzed to extract precision time difference of arrival (TDOA) and/or frequency differences of arrival (FDOA). These results are gathered, and each method can be used and/or combined to determine the location of the interference. The key element of MILSATCOM communications is the availability and use of
the RF spectrum where the introduction of noise or interference — intentional or unintentional — can degrade a MILSATCOM network, rendering it completely unusable. Given that MILSATCOM is a critical communications asset for the military, the stakes can be very high indeed.
Simply detecting or even locating a geographic origin of the interference is not enough. Mitigation strategies that include interference removal and network resiliency and switching should be an integral part of the system architecture. Interference mitigation is used to remove or avoid any potential network threats. iDirectGov addresses the concern of interference mitigation through signal excision technology, part of the Glowlink product line iDirectGov uses. Communication Signal Interference Removal (CSIR™) technology and automatic beam/network switching features mitigate threats to MILSATCOM networks.
CSIR eliminates an interfering signal from the authorized signal of interest (SOI). With only the SOI’s center frequency, bandwidth and symbol rate information, CSIR will monitor and remove an interfering signal in real time and can remove a variety of unwanted signals, whether they are modulated carriers, unmodulated tones or interference that changes characteristics (such as burst or frequency hopping).
A mature digital signal processing solution, CSIR is designed to excise an interfering signal before it reaches the receiver’s demodulator and decoder. Based on the SOI’s information noted above, CSIR can monitor and remove an interfering signal with as little as 1dB of power separation from the SOI. Additionally, CSIR has little to no effect on the signal quality of the SOI.
Conclusion
Government and MILSATCOM organizations can connect and communicate with each other far more easily now than was ever before possible. Unfortunately, this ability to connect has made it easier for malicious actors to reach out and disrupt the flow of information and collaboration between users. A strong and effective layered IA strategy in a MILSATCOM network can be achieved through the application of technologies architected to provide for Defense-in-Depth that includes defending the network infrastructure, the enclave boundaries and the computing environment.
The application of IA standards (e.g., SCAP, SHIELD), validated products (e.g., FIPS-140) and continual risk assessment will go a long way toward providing a robust protection strategy for MILSATCOM networks.
The capabilities and features embedded in the iDirectGov platform enhance and protect critical communications. The inherent security in iDirectGov’s solutions protects and minimizes the attack surface from actors that may, intentionally or unintentionally, interfere with those critical lines of communications.
www.idirectgov.com
Author Roly Rigual is the Vice President of Sales Engineering at iDirect Government (iDirectGov), a U.S. corporation that is a trusted partner of the U.S. government and has been for more than 18 years. All its employees are U.S. citizens, with a third being U.S. military veterans and more than 60 percent holding U.S. security clearances. Rigual leads iDirectGov’s team of federal sales engineers. All Defense-grade products sold by iDirectGov are designed, developed, assembled, programmed and verified within the United States.
The National Security Agency (NSA) outlines vulnerabilities inherent in an IP-based time division multiple access (TDMA) transmission that must be addressed to provide true TRANSEC.
These include:
Channel Activity —The ability to secure transmission energy to conceal traffic volumes and acquisition activity. Control Channel Information — Disguise traffic volumes to secure traffic source and destination. Federal Information Processing Standards (FIPS) 140-2 certified 256-bit keyed Advanced Encryption Standard (AES) encryption should be used for all Layer 2 and control information.
Hub and Remote Unit Validation — Ensure remote terminals connected to the network are authorized users. Use X.509 digital certificates on remote terminals and hub systems to provide network authorization and non-repudiation.