In part one of this series, I talked about the vulnerabilities in satellite communications networks. Last week we discussed how leveraging hosted payloads can support information assurance through disaggregation of satellite resources in orbit.
In this post I’ll talk about specific measures Intelsat takes to prevent disruptions to our space network.
Intelsat is addressing the ever-changing security landscape through a comprehensive framework that focuses on the three core tenants of security: confidentiality, availability and integrity. Prevention and restoration are critical. Intelsat architects for defense in depth, in both its infrastructure – satellites, teleports and terrestrial connectivity – and in network components, hardening the elements accessing the infrastructure.
Intelsat relies on third party auditors to validate the security and information assurance of our network infrastructure through penetration testing. Intelsat routinely invests in programs of actions and milestones to address vulnerabilities and mitigate issues identified through penetration testing.
Intelsat complies with National Information Assurance Policy established for Space Systems used to Support National Security Missions (CNSSP-12). It mandates:
- Employment of Command Encryption, on satellites being accessed by the DoD and the Intelligence community(IC); many Intelsat satellites operate in command encryption mode today. Caribou is the prevailing encryption algorithm used in the Intelsat fleet.
- Employment of Telemetry Encryption – A recent emerging NSA mandate also requires spread spectrum waveforms using NSA-approved cryptography and key management techniques to prevent detection, intercept and denial of commands, command echoes and telemetry data going to / from the space system.
From an operational perspective, Intelsat facilities operate on a geographically diverse, redundant basis for full disaster recovery. For example, Intelsat operates East- and West-coast US satellite operations centers. Each center has the ability to control all Intelsat satellites in the event of a disaster. Each of the satellites has primary and back-up TT&C antennas and terrestrial connectivity with site and geographic diversity.
Similarly our Network Operations facilities in Georgia have back-up facilities in case needed.
Intelsat implements a myriad of physical security controls at all of its locations. Controls include primary, secondary, and tertiary badged access (where necessary); security cameras; manned security desks at primary entry points; gated access, lock-and-key offices; etc. Every physical access point to facilities housing TT&C components is guarded 24 x 7. Only authorized personnel with ID badge and Key card are granted physical access to computing facilities. A visitor log is maintained.
Both TT&C and CSM facilities are equipped with emergency lighting systems and mechanisms in place for notification of fire services and fire suppression systems in place. TT&C stations have automatic temperature and humidity controls and alarm systems. TT&C sites have buffer zones. Intelsat plans for interruptions in supporting utilities (water, power, etc.) by designing backup systems such as battery and generator backup for information processing facilities and assets to ensure continued operability.
For secure network development, Intelsat architects with defense-in-depth network design techniques. The chart below highlights our defense in-depth strategies and information assurance controls. In RFP and Task Order responses, Intelsat is asked to certify its Information Assurance standing, which is evaluated as part of the contract award process, and typically awarded based on best value criteria.
Intelsat also designs networks to specific security standards as mandated in customer requirements. Typically the Mission Assurance Category and Confidentiality Level define the standards against which the network must withstand, with network availability being a key standard in a hybrid satellite and terrestrial solution.
Standards are defined and mandated by National Institute of Standards and Technology (NIST), although IC and the International Standards Organization (ISO) also have information assurance standards. Intelsat maintains the highest standards of Information Assurance by assessing and building the Intelsat infrastructure and networks against the most difficult of all of the standards (NIST, DoD, IC, and ISO, in combination) as certified by third party penetration testing.
Intelsat submits its networks for full Defense Information Assurance Certification and Accreditation Process (DIACAP), on behalf of customers and often in compliance with DoD guidance or Federal regulations. For example, IGC’s US Navy Commercial Broadband Satellite Program (CBSP) network was documented and subjected to testing using DoD Security Technical Implementation Guidelines (STIGs) prior to receiving a three-year accreditation from the US Navy.
IGC received a superior evaluation in the Information Assurance element of last year’s CBSP program evaluation.
IGC routinely defines service level agreements for designed networks, including measures of technical performance such as times to react, adapt and stabilize a network. These include strong SLAs and SOWs with third-party vendors in end-to-end space and terrestrial solutions. Our network strength and history of government work enable us to satisfy performance based contracts calling for credits against payments made for failure to meet the reliability standards (e.g. availability over a period of time, bit error rate, Round Trip Time delay, and utilization).
For example, the Navy CBSP program requires 97% availability on an end-to-end basis for each service. To provide such high availability and reliability Intelsat supplements the space network with redundant, geographically diverse terrestrial connectivity.
It’s impossible to capture all we do to support satellite information assurance, and other countermeasures we can’t discuss publicly. Security and Information Assurance is an embedded culture within Intelsat. In the development of our space infrastructure and networks, Intelsat uses a systematic approach to defense-in-depth design to detect, prevent and mitigate attacks, enhancing resilience and mission assurance. I hope this helps explain the part Intelsat General is playing to safeguard the cyberspace domain.