Particularly in popular culture and casual references, satellite networks are commonly referred to as “secure,” as if sheltered from the prying cryptological eyes of adversaries and hackers and the would-be attacks other enterprise networks face. Unfortunately for operators and users of VSAT alike, white-hat hack attempts and genuine malicious threats in recent years have shown that satellite networks are not immune to such threats.
Coverage map of Kymeta’s Global TRANSEC Secure Network.
Security consulting group IOActive demonstrated back in 2014 that satellites and satellite networks could be compromised in a number of ways— the application of malicious firmware to obtain GPS coordinates or disable communications, exploiting modem admin code backdoors to install malicious firmware, and compromising terminals through authentication mechanisms, among others.
The U.S. and Canadian government response to crypto security challenges for all digital network technologies is FIPS 140-2, a federally managed standard of security policies and requirements with which technologies must comply to be cleared for use. How does this apply to satellite networks?
Governments around the world have struggled to counter such threats given the cost and quick-changing nature of VSAT technologies as well as the use of service provider-controlled commercial satellite networks.
To meet the FIPS 140-2 requirement at Level 3, ST Engineering iDirect, the largest commercial VSAT platform operator for US Government customers, offers its TRANSEC Module, an embedded card providing cryptography that is installed on the motherboard of a hub line card or a remote modem with unique firmware.
Among other functions, the card encrypts and protects data packets transversing the network between the line card and the remote, ensuring data integrity while data is in motion.
To date, ST Engineering iDirect is the only FIPS 140-2 compliant commercial satellite network platform solution on the market.
While Department of Defense (DoD) groups who operate their own networks have adopted the TRANSEC platform, Government users of commercial SATCOM offerings are struggling to obtain waivers for non-TRANSEC services. Increasingly, DoD customers who do not operate their own networks are seeking a commercially available, FIPS 140-2 compliant offering.
In response to this demand, Kymeta has recently launched its Global TRANSEC Secure Network (GTSN), the first commercially available network of its kind, ensuring that customers and partners can receive the highest levels of encryption, authentication, and traffic concealment while exceeding the current requirements outlined by the U.S. Government.
The satellite service offering provides full compliance with numerous Federal and DoD standards, including the January 2021 DOD Instruction 8523.01.
The newly launched Kymeta Global TRANSEC Secure Network covers the U.S., Middle East, and Europe, and secures VSAT transmissions from interception and exploitation by incorporating encryption inherent in COMSEC, conforming to 256-bit AES as specified by the Federal Information Processing Center (FIPS) 140-2.
Additionally, because the network is engineered to support Kymeta’s, flat-panel Communications-On-The-Move (COTM) and Communications-On-The-Pause (COTP) antenna, it is capable of supporting all sizes of existing VSAT terminals used by government customers on a global basis.
Indeed, Kymeta has integrated iDirect’s 950mp modem, which supports TRANSEC operations, into the new Kymeta u8 GOV terminal (pictured below, in transport case) to offer government,
military, and other users who require the mandated enhanced security features the same revolutionary software-defined, electronic beam steered antenna system as the company’s u8 commercial offering.
The u8 GOV variant’s 950mp modem iDirect Certificate Authority (CA) issues an x.509 digital certificate to ensure proper authentication between the remote terminal and the hub.
Kymeta plans to continue the expansion of its existing TRANSEC network coverage as demand grows. Through the company’s subsidiary, Lepton Global Solutions, the network can support both the u8 GOV variant as well as other terminal technology that uses iDirect’s family of TRANSEC-compatible modems.
The GTSN network offering includes a “Bring-Your-Own- Device” capability to current Government users of satellite who require a FIPS 140-2 compliant VSAT network.
Rob Weitendorf, who oversees Business Development for Kymeta’s Government customers, shared his thoughts on why the launch of the first commercially available TRANSEC network was so critical to Government customers and said, “Over the past 18 months, we have seen significant demand for secure, uninterrupted satellite communications from our U.S. Government and other customers. With the launch of this new service, we will be able to deliver on what has been needed and mandated. TRANSEC requires all system control channels to be encrypted so that any traffic engineering information is obfuscated from an adversary, making our TRANSEC-enabled network highly secure and capable of mitigating threats and maintaining operational security.”
Author Isabel LeBoutiller is the Vice President, Connect & Government Programs, Kymeta