The ISC2 has released a guide for cybersecurity practitioners to support their evaluation of the risks, challenges and use cases for privatized satellite-based communications (SATCOM). Satellite communications (SATCOM) have become more accessible than ever, with consumer mobile devices now able to connect to these networks.
With the expansion of connectivity comes the expansion of the risk landscape. ISC2 has worked with 31 subject matter experts – including 29 CISSPs – to create a guide for practitioners to use when evaluating the cybersecurity risks, challenges and use cases for privatized satellite-based communications.
Called ‘Securing SATCOM Amid Rising Demands and Threats,’ the ISC2 document recognizes that in the not-too-distant past, regular use of satellite-based communications was reserved for the military and maritime industries. It required unique, expensive equipment that wasn’t accessible to the everyday consumer, outside of satellite phones on commercial aircraft. There are many factors contributing to the expansion of SATCOM accessibility, not the least of which is the overall rapid advancement of technology we experience day in and day out.
It noted that the current age is one of an emerging private space industry, otherwise known as ‘New Space,’ spurred on by significantly lower launch costs compared to the Cold War era of satellite launches. Lower launch costs lead to profit-driven models being feasible in the private sector and more and more companies are entering the marketplace. Starlink, a subsidiary of SpaceX, first launched 60 satellites in 2019 and now has more than 7,000 in orbit. Amazon is following suite with its Project Kuiper, aiming to have more than 3,000 satellites in orbit. No doubt more private satellite networks will be in Earth’s low orbit soon.
There are many functions that these private satellite networks can accomplish, but the primary uses are providing communications to underserved populations, specifically in remote areas where traditional networks cannot be accessed and the availability of SATCOM for use during emergency situations when traditional networks may be unavailable.
Working with subject matter experts (SMEs), ISC2 has prepared a report that outlines SATCOM cybersecurity guidance for cybersecurity professionals of midsize organizations planning or already leveraging SATCOM. It covers commercial uses such as remote connectivity, internet backup and internet of things (IoT) applications.
ISC2 surveyed volunteers on three key areas of SATCOM concern relating to cybersecurity, covering centralized control and geopolitical risks; signal interception, jamming and privacy risks; and supply chain and hardware dependency.
The SMEs discussed these areas in detail through virtual workshops and provided survey responses to various questions on SATCOM in detail. Through their work, this guide summarizes SATCOM from several vantage points, including the growing importance of cybersecurity, public perception, lessons from real-world attacks, relevant regulations and best practices.
link