The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Cyberattacks on satellites may only be getting more worrisome

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! First week fully on the job is in the books. It's flown by. Whew. 

We won't have a newsletter on Monday, so we'll see you on Tuesday!

Below: Lawmakers are very perturbed by a breach of the federal courts' court-filing database. And a judge isn't impressed by a partisan election review in Wisconsin.

Space is a burgeoning battleground for cyberattacks

In February, alleged Russian government hackers launched an attack on U.S. satellite company Viasat, disabling communications in Ukraine just before the invasion in what amounted to perhaps the most prominent hack of space equipment ever.

The incident helped fuel a flurry of activity in Washington, from federal agencies issuing warnings to Congress advancing legislation. But the worst may yet be ahead for cyberattacks in space, witnesses told a House Science Committee panel Thursday.

Rattling off a list of attacks, including the Viasat hack and a 2014 incident that forced the National Oceanic and Atmospheric Administration to stop transmitting weather satellite data to the National Weather Service, Rep. Don Beyer (D-Va.) — who chairs the House Science subcommittee — warned at the hearing, “These hacks perpetrated by bad actors are chilling and serious. The importance of addressing them is amplified as our reliance on space for in-space and terrestrial infrastructure and services continues to grow.”

The pace of satellite launches has sped up considerably, going from 129 in 2011 to 1,809 last year, according to a United Nations agency that tracks those numbers. Today, there are 9,254 objects in orbit according to the agency. Global space-related activities generated $447 billion in 2020, supporting everything from vehicle navigation to efficient farm management.

A particularly worrisome scenario: a cyberattack that causes two satellites to collide, or one satellite to collide into the International Space Station, destroying them and creating debris that renders that orbit permanently unusable, said Theresa Suloway, a space and cybersecurity engineer and program manager with the MITRE Corp.

Beyond Thursday’s hearing, policymakers have taken other action since the Viasat hack:

  • The Senate Homeland Security and Governmental Affairs Committee approved bipartisan legislation in June that would direct the Cybersecurity and Infrastructure Security Agency to assemble recommendations for defending commercial satellites. The bill is awaiting further Senate action.
  • CISA and the FBI issued an alert in March on threats to satellite communications.
  • CISA’s Space Systems Critical Infrastructure Working Group, made up of government and industry members, will soon produce a paper designed to enhance industry guidance from the National Institute of Standards and Technology, Suloway said.

But some activity predates the Viasat incident, which affected not only communications in Ukraine but other parts of Europe.

“I think this acceleration isn’t about the significance of any one attack,” Bryan Ware, a former top CISA official who’s now CEO of the threat intelligence company LookingGlass Cyber Solutions, told me. “It’s more about the growing ubiquity of commercial space, and it’s how it’s going to be in many, many things.”

Other responses to the cyberthreat for satellites include:

  • A group of lawmakers last year put forward a legislative proposal to make space the 17th critical infrastructure sector, meaning the federal government would prioritize assistance to the industry. National Cyber Director Chris Inglis has voiced doubts about the proposal, however. And while it has some industry support, one witness at Thursday’s hearing, Brandon Bailey of the nonprofit space-research organization Aerospace Corporation, had a note of caution. “Without proper planning on implementation,” designating space as critical infrastructure “could ultimately lead to creating unnecessary bureaucracy that could stifle the innovation that is necessary to ensure the United States remains the leader in space-based capabilities along with it being secure,” his prepared testimony read.
  • The Space Information Sharing and Analysis Center debuted in 2019 as a venue for the space sector to share threat data. It’s set to open a watch center in Colorado Springs by the end of this year.
  • In 2020, the U.S. Air Force and the Defense Department’s Digital Service launched an annual satellite hacking competition for ethical hackers to find vulnerabilities before cyber villains do.

Beyer raised questions at the hearing about whether the industry needs regulations. It’s something the Satellite Industry Association has already said would do more harm than good, and Rep. Brian Babin (R-Tex.) said at Thursday’s hearing that he thought that would be unwise.

Ware told me that he thinks another key is international standards and guidelines for cyber behavior in space.

Beyer’s overarching message Thursday: “We need to make every effort to understand what further actions can be and should be taken to strengthen cybersecurity for civil and commercial space systems, including commercial space systems that provide mission-critical government data and services,” he said.

The keys

More details emerge about hacking of federal court-filing database

The breach of the federal courts’ document-filing system involved “three hostile foreign actors” and dated to early 2020, House Judiciary Committee Chairman Jerrold Nadler (D-N.Y.) said at a congressional hearing. The Administrative Office of the U.S. Courts (AO) issued a terse statement about the breach in January 2021. 

  • That statement mentioned the then-recently discovered SolarWinds breach, and noted that the U.S. Courts system was working with the Department of Homeland Security “on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive nonpublic documents stored on CM/ECF, particularly sealed filings.” Those filings haven’t been released to the public, so they can reveal sensitive information like pending cases, indictments and warrants.
  • The January 2021 statement didn’t include any information beyond noting that “an apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation.”

The House Judiciary Committee learned of the “startling breadth and scope” of the “security failure” this March, Nadler said. There’s an “ongoing investigation” into the breach, Assistant Attorney General Matthew Olsen told Nadler.

The hearing came as Sen. Ron Wyden (D-Ore.) sent a letter to AO director Roslynn Mauskopf about the breach. In his letter, Wyden argued that the system has “unmanageable security risks” and called for mandatory cybersecurity standards for federal courts.

  • “As we said in January 2021, the Judiciary faces a significant threat to our electronic case management system,” including by working with DHS to “address vulnerabilities” in the CM/ECF system, adding “new security procedures to protect highly sensitive confidential documents filed with the courts,” and creating a Judiciary IT Security Task Force, which is reviewing the judicial branch's cybersecurity and “making recommendations for change,” the AO said in a statement. “Cybersecurity is one of our highest priorities. We continue to work closely with our executive branch partners, take precautions to protect our systems and engage in the modernization of the existing CM/ECF system.”

Germany seeks arrest of suspected Russian hacker over breach of power firm

Pawel A. is suspected of being a part of the Berserk Bear hacking group, which works for Russia’s FSB security agency, German public broadcasters BR and WDR’s Hakan Tanriverdi and Florian Flade report. German authorities have identified Pawel A. as being behind a 2017 cyberattack on Netcom BW, which routes power data for the EnBW energy firm. They’ve issued a warrant for his arrest that hasn’t been made public, according to the report.

EnBW told Tanriverdi and Flade that the hackers compromised an external-services provider and were able to get into Netcom BW’s public network. The hack didn’t affect the firm’s gas and electricity operations because they’re on a separate network, the firm told Tanriverdi and Flade. EnBW has boosted its cyber defenses and has had regular, independent checks since 2017, it also said.

U.S. prosecutors this year unsealed indictments against four Russian hackers that they accused of being members of Berserk Bear. They had “hundreds of foreign victims and targets … based in over 135 countries,” including Germany, according to an indictment. One of the Russian hackers indicted at the time was Pavel Aleksandrovich Akulov, a Russian military officer who “conducted online reconnaissance” to support the hacks. It’s not clear if Akulov is Pawel A.

Judge slams Wisconsin’s partisan election review

The Republican-ordered review of the 2020 election in Wisconsin found “absolutely no evidence of election fraud,” Dane County Circuit Judge Valerie Bailey-Rihn said, awarding liberal watchdog group American Oversight $98,000 in attorney’s fees, the Associated Press’s Scott Bauer reports. Taxpayers will foot the bill, which is why Bailey-Rihn said she wasn’t awarding additional punitive damages.

“This whole case has been about trying to shine a light on government,” Bailey-Rihn said. American Oversight has filed lawsuits and records requests for documents related to the partisan election review. The case revealed that taxpayers paid former Wisconsin Supreme Court Justice Michael Gableman $11,000 a month in the early days of his review “to sit in the New Berlin library to learn about election law because he knows nothing about election law,” Bailey-Rihn said.

The attorney for Assembly Speaker Robin Vos (R), Ron Stadler, said he’d recommend that Vos appeal, the AP reports. 

  • Gableman's review was plagued with blunders. When his office issued subpoenas last year, the documents had glaring errors like misspellings and incorrect cities and recipients, The Post reported. Gableman's team used a private email address to instruct county clerks about how to preserve evidence, leading to some of those emails being marked as “junk.”
  • Gableman's office disclosed a memo describing a Milwaukee mapping expert as “probably” being a Democrat because she “has a weird nose ring,” plays video games, “loves nature and snakes” and lives with her boyfriend, the Milwaukee Journal Sentinel reported.

Global cyberspace

Probe clears Israel Police from illegal use of NSO spyware (ynetnews)

Saudi Arabia a critical partner in fighting cyberthreats, White House cyber official says (CyberScoop)

Hong Kong dismisses report of security flaw in covid-19 tracing app (Bloomberg)

Cyber insecurity

Breach exposes users of Microleaves proxy service (Krebs on Security)

Experts warn of hacker claiming access to 50 U.S. companies through breached MSP (The Record)

Government scan

Top White House cyber official says Congress should push for digital security mandates (The Record)

Inside the Energy Department's 10-year plan to reshape cybersecurity in the sector (SC Media)


  • The Senate Foreign Relations Committee holds a hearing on President Biden’s nomination of Nathaniel Fick to be ambassador at large for cyberspace and digital policy on Wednesday at 10 a.m.
  • Officials from CISA and National Cyber Director Chris Inglis’s office speak at an R Street Institute event on Wednesday at 1 p.m.
  • The Senate Judiciary Committee holds a hearing on oversight of the FBI on Thursday at 10 a.m. 

Secure log off

Thanks for reading. See you tomorrow.