Five Takeaways From the Russian Cyber-Attack on Viasat’s Satellites

For this week’s post, I wanted to focus on Russian Cyber Attack on Viasat’s Satellites that took place on February 24th, 2022. This attack, which was condemned by over twenty (20) different countries, preceded Russia’s invasion of Ukraine by a matter of hours. A couple of interesting points were brought up within each of the takeaways:

  1. AcidRain Exploited a Known Vulnerability
    • As was discussed in the lecture, these types of attacks typically take advantage of know vulnerabilities. In this case, the vulnerability was within the virtual private network (VPN).
  2. Post-Incident Communication is Key
    • This is one of the takeaways that I would disagree with. I think there are appropriate times and locations (classified areas for example) where these types of communications would take place. Just because these discussions have not take place in public does not necessarily mean that it has not happened.
  3. Cybersecurity Risk in the Space Sector Finally Acknowledged in Europe
    • As a direct result of this attack, the European Union has now deemed space to be “critical Infrastructure”. With this classification, more emphasis will be placed on implement cybersecurity controls and measures.
  4. Segregating Between Military and Civilian Infrastructure
    • This was another topic of conversation during our lecture. Most assets today are shared, which creates significant cyber vulnerabilities to military applications of commercial assets.
  5. Building a Sovereign Telco Satellite Industry, a New Priority for Europe
    • Finally, since commercial entities will not always be able to provided the services or coverage needed especially during times of conflict, the EU will likely be investing in their own constellation of satellites in the not so distant future.

Overall, there were a lot of great details and insights presented in the post. The lecture this week was very helpful for me to better understand not only the different types of cyber attacks, but also the type of assets that were targeted and their functionality.

Jordan Baczynski