Cybersecurity News that Matters

Cybersecurity News that Matters

Viasat, NSA urge building partnership, sharing their experience amid satellite hack

Mark Colaluca, Vice President and Chief Information Security Officer at Viasat, left, is sharing the company’s experience in February 2022 along with Kristina Walter, who was the former director of the National Security Agency’s Cybersecurity Collaboration Center (CCC) during the KA-SAT hacking. The satellite sabotage resulted in power outages for thousands of Ukrainians. Photo by Dain Oh, The Readable

by Dain Oh

Aug. 12, 2023
5:00 AM GMT+9

Las Vegas, NV ― Black Hat ― Forging a partnership between commercial and government entities proves to be pivotal in establishing an effective incident response process, as emphasized by the key players who collaborated to mitigate the unprecedented satellite sabotage that targeted Ukraine in 2022.

During the 26th Black Hat USA event on Thursday, Mark Colaluca, Vice President and Chief Information Security Officer at Viasat, shed light on a common oversight. “For many organizations, incident response is the most neglected muscle group,” Colaluca stated. He also offered insights into the cyberattacks against KA-SAT and expanded on the intricate dynamics at play, explaining, “Most of what we experienced was a complicated ecosystem which involved distributors, salespeople, and satellite people on servers, with many of these people being in different countries and facing a language barrier, making for a chaotic scene in the beginning.”

In February 2022, the KA-SAT network, launched in December 2010 by Viasat for broadband and satellite televisions, fell victim to a significant cyberattack. The attack had severe repercussions, causing power outages for thousands of Ukrainians and tens of thousands more in various parts of Europe. This sustained assault endured for weeks following the initial malware infection, prompting an operational team at Viasat to engage in real-time response efforts. The team swiftly conducted forensics on affected terminals, which are crucial junctures where satellite telecommunications signals reach end-users. Within a mere day and a half, the team determined that “the terminal flash memory had been overwritten with a distinctive pattern in the attack.”

“When we began our incident response process, the good part was that we could exercise the muscle memory developed by the whole group, and everyone knew exactly how to engage and what they would be looking for,” recalled Colaluca.

The executive highlighted another crucial lesson learned by Viasat which centered around the significance of information sharing, particularly with governmental agencies and the intelligence community. As part of Viasat’s incident response protocol, they had already integrated information sharing into their strategy. Well before the KA-SAT incident, Viasat had forged a solid partnership with the National Security Agency’s Cybersecurity Collaboration Center (CCC). This collaboration played a pivotal role in allowing the Viasat team to “discuss new information and analysis as it came in,” accelerating interagency communication and ultimately helping to mitigate the extent of the damage caused.

The NSA also benefitted from the valuable information shared by the satellite company. Armed with the insights and data supplied by Viasat, the intelligence agency rapidly initiated their investigative process, drawing in their technical experts from the very outset. Through independent analysis, the NSA’s investigators skillfully established correlations to threat actors with confidence. This process eventually led to a more profound understanding of the cyberattacks.

“We talk a lot with our partners about there not being a ‘cyber 911’,” shared Kristina Walter, who was the former director of the NSA’s CCC during the KA-SAT incident and currently holds the position of chief of Defense Industrial Base (DIB) Cybersecurity at the NSA. She elaborated on the valuable takeaways from the previous year’s experience. “If something happens, we would like to tell you to call the partner you are comfortable with. You must have an established relationship. You can’t search for trust in a crisis,” stressed Walter.

The quotes in this article were condensed and edited for clarity.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
Author:
Stay Ahead with The Readable's Cybersecurity Insights