Hot Topics
IoT & ICS Security Security Bloggers Network 
SBN

Starlink disruption in Ukraine and the persistent threat to critical infrastructure

by Prayukth K V on March 8, 2022

In an apparent response to reports of disruption of Starlink connectivity in conflict zones in Ukraine, Elon Musk just announced that SpaceX will work towards improving its cyber defense measures and put in more effort in overcoming signal jamming.  

According to a Starlink coverage tracker screenshot provided by Mike Puchol dated March 5th, 2022, Starlink connectivity seems to be impacted in many parts of Eastern Ukraine that are witnessing or have witnessed intense conflicts between the Russian and Ukrainian armed forces. Starlink, according to Musk has now pushed an update that bypasses the jamming to ensure seamless connectivity. Specifics were not provided but it is apparent that he will not stop there and continue working on sustaining connectivity sans disruption from cyber adversaries or malicious elements under any circumstance.

How did Startlink respond to this disruption?

Starlink in this instance responded quickly to overcome what could have become an escalating problem as the conflict intensifies and spreads. More Starlink terminals could have been impacted if the problem was left unaddressed and the quality of connectivity, if available, may not have supported the levels of bandwidth needed to support multiple end uses in a conflict zone. 

Cybersecurity problems with critical infrastructure 

Unfortunately, critical infrastructure across the globe is not anywhere close to being this resilient when it comes to warding off cyberattacks and getting things back in order quickly. We have had instances where after a cyberattack, large-scale public healthcare and safety challenges were averted due to sheer luck and not due to diligence or planning.

Some of the key critical infrastructure related cybersecurity issues that we have been tracking for a while include:

  • Delayed response to cyberattacks or intrusion attempts degrades the quality of response and puts more resources at risk 
  • Converged surfaces are still not secure enough. This leaves the door wide open for threats to move laterally 
  • Lack of visibility into key parts of maintenance operations due to use of legacy devices that do not support logging 
  • Lack of relevant threat intelligence 
  • Forward planning to cover post-event scenarios and cyber response planning is simply not there 
  • Digital transformation among some parts of the infrastructure has created zones of opportunity for hackers as these host new and untested devices that could serve as a gateway for malware and cyberattacks 
  • Cybersecurity is still looked at from an operational perspective. This means that if a tabletop exercise or addition of cybersecurity solutions causes downtime, then usually a decision is taken to delay such measures indefinitely as operations teams do not want to take any chances with disruption or downtime  
  • The ‘Chernobyl’ syndrome refers to employees not being aware of the threat envelope surrounding key elements of the infrastructure. Thus, during a cyberattack, the first response is sheer panic or to shut down everything. The second step is usually to pay the ransom after some negotiations 
  • Dummy attacks: even critical infrastructure at rest is not sparred from cyber attacks as we saw during an attack on an airport in Prague during the first wave of Covid-19 when the airport was not functioning at full capacity. This means that even during a lean phase, cybersecurity teams cannot afford to look away from critical systems. Such attacks can also tire and tiedown SOC teams 
  • Monitoring insider activity is still on the to-do list of critical infrastructure operators 
  • Lack of adherence to standards and frameworks such as IEC 62443 and NIST regulations 
  • Cybersecurity is still not treated as a health and safety linked issue 

Ukraine has been subjected to cyberattacks in the recent past. Hackers have been using its cyberspace as a playground for launching new malware and for trying new breach techniques. Similarly, many countries were subjected to widespread cyberattacks to either steal sensitive information, create large-scale disruption or to simply deploy malware that will stay hidden till the cyber adversary decides on a right time to unleash them. 

Cybersecurity lessons and the way ahead

If anything, incidents such as the Starlink jamming should now be used to launch a new thrust on critical infrastructure cybersecurity. After all communication enablers in a war zone/ zone of humanitarian interest can be and should be treated as critical infrastructure and this incident has lessons for all critical infrastructure operators.  

To learn more about how to improve your compliance posture, download our compliance kits. 

We have the right threat intelligence for your critical infrastructure. Try it right now: Threat Intelligence 

We also have the right cybersecurity solutions for your critical infrastructure. Allow us to give you a sneak preview of its capabilities through a no-obligation demo.  

*** This is a Security Bloggers Network syndicated blog from Sectrio authored by Prayukth K V. Read the original post at: https://sectrio.com/starlink-disruption-in-ukraine-and-the-persistent-threat-to-critical-infrastructure/

Prayukth K V , , ,

Secure Guardrails