|Topic:||As satellite-enabled networks deliver critical connectivity around the world, cyber-security must be a priority|
& Thierry Guillemin
Stephen Spengler , CEO
In his current role, Mr. Spengler is responsible for Intelsat’s global sales, marketing, strategy, business development, and customer support engineering organizations, which provide services to media, network and other satellite-related services customers in approximately 200 countries and territories. Intelsat General, Intelsat’s wholly owned government-services subsidiary, also reports to Mr. Spengler.
Mr. Spengler has nearly 30 years’ experience in the telecommunications industry and has been with Intelsat in various executive positions since 2003, most recently serving as President and Chief Commercial Officer. He also served as Executive Vice President of Sales, Marketing and Strategy. Prior to that, Mr. Spengler served as Senior Vice President, Europe, Middle East, Africa and Asia-Pacific Sales where he was responsible for Intelsat’s market, customer and regional partner strategies.
Before joining Intelsat, Mr. Spengler held various senior management positions in the telecommunications industry, including: Senior Vice President of Global Sales, Broadband Access Networks at Cirronet, Inc.; Vice President for Sales and Marketing at ViaSat Satellite Networks; Regional Sales Director for Satellite Networks in EMEA for Scientific-Atlanta Europe; and sales and marketing positions at GTE Spacenet and GTE Corporation.
Mr. Spengler earned a Bachelor of Arts Degree from Dickinson College in Carlisle, Pennsylvania, and an MBA from Boston University.
Thierry Guillemin, Executive Vice President & Chief Technical Officer
Mr. Thierry Guillemin is responsible for Intelsat terrestrial and space-segment infrastructure design, development and operations. This encompasses satellite fleet planning, spacecraft definition, procurement, launch and in-orbit operations, terrestrial network engineering and operations and customer support centers. He manages operation facilities in Washington, DC, Atlanta, and Long Beach, Calif. – as well as teleports around the world and program management teams at spacecraft construction sites in the United States and Europe.
Mr. Guillemin has more than 25 years of leadership experience in the satellite industry. When Intelsat acquired PanAmSat in July 2006, he led the successful integration of the two companies’ operations that gave birth to the world’s largest satellite fleet and satellite services network.
Prior to assuming his current role, Mr. Guillemin was responsible for all aspects of operations and engineering of Intelsat’s satellite fleet, as Vice President of Satellite Operations and Engineering.
Mr. Guillemin formerly served as Intelsat’s Director, Spacecraft Programs, where he supervised the development of the Intelsat-IX and Intelsat-X series satellites. He then managed the launch missions and operations of the Intelsat fleet as Director, Satellite Engineering.
Prior to joining Intelsat in 1999, Mr. Guillemin served for eight years with EADS Astrium as a System Engineering Manager and a Spacecraft Program Manager. He also served as an engineer and a technical manager at Alcatel Space from 1982 to 1990.
Mr. Guillemin earned a Master’s Degree in Aerospace Engineering from the Ecole Nationale Superieure de l’Aeronautique et de l’Espace in Toulouse, France.
Securing satellite networks against the vast array of threats is a complex undertaking, especially given the nature and scope of the satellite ecosystem.
Many people are unaware how intertwined satellite-enabled services have become in the daily life of millions of people around the globe. From broadcasting, enterprise communications, telemedicine, e-learning and disaster recovery, satellite delivers broadband connectivity to billions of citizens around the world.
As technology has advanced and connectivity demands have increased, satellites also have become integrated into hybrid networks that include terrestrial assets. This has created a complex communications landscape, and as these networks grow in importance, the likelihood that one part of the communications ecosystem will be subjected to a cyber attack is rising.
While theories about hackers taking control of a satellite make for the best headlines, the larger threat is to the numerous networks that satellite connectivity enables. These networks provide services from inflight entertainment, basic health and government services to citizens, internet connectivity that enables businesses to communicate with remote locations. As more data is transported over different networks, the bigger the target for hackers of all types. It’s no longer a question of if a security breach will occur, but when, and satellite operators, network operators and end users must all play a role in fighting this threat.
Partnership among satellite operator, service providers and network ssers must be strong
There are several types of cyberattacks that network operators face, including denial-of-service, interference, rogue station, SMS, IP and malformed packet attacks. Intelsat alone has seen an increase of 80,000 denial of service attacks per quarter to our customer networks from 2013 to 2014, and these attacks are also increasing in frequency, scale and complexity.
Securing satellite networks against this vast array of threats is a complex undertaking, especially given the nature and scope of the satellite ecosystem. With the rise of 3G/4G/LTE networks, it is no longer enough to focus on securing just the satellite itself. The typical satellite network architecture is global and spans terrestrial and satellite links as well as cellular, internet and/or microwave connections. The challenge for satellite operators, service providers and end users is to ensure that the entire ecosystem has the right security posture to harden communications networks against the gamut of attacks pervasive in today’s environment and then identify, react to and mitigate a breach when it does occur. For this to occur, it is critical that everyone involved in these networks:
• Understand the threat environment and how it constantly changes
• Has the right countermeasures in place for identifying and countering attacks
• Know that keeping security standards up-to-date goes hand-in-hand with keeping your network operational
The three core tenets of security are availability, confidentiality and integrity. Each tenet is the responsibility of a different network partner, and network security is the strongest when all involved parties understand their role and what is required.
The satellite operator is responsible for ensuring the availability of the service – or making sure the path between the end users and the teleport is always available. This means the satellite operator is responsible for protecting the perimeter of the network and the infrastructure that it owns – for Intelsat, this means the satellites and the teleports – and managing access to the network. As the satellite operator, our goal is to gather as much information as possible on what is happening with network traffic in real-time. This allows us to respond to any potential threats – should they arise. For example, Intelsat has tools integrated into our ground network that allow us to mitigate denial of service attacks very quickly.
Intelsat is the only satellite operator that has gone through independent auditing firm KPMG and completed a Service Organization Control 3 (SOC3) review of security controls. The successful review process provides commercially accepted validation that our products are offered in an appropriately secure environment and provides a level of confidence for customers that the satellite portion of the network is operated as securely as possible.
The second and third tenets – confidentiality and integrity – are the responsibility of the service provider and the end users. Intelsat’s customer, usually the service provider, is tasked with network confidentiality – or how the data passing through the network is stored and in what form it is transmitted and managed. For example, the network provider can deliver advanced security solutions, including machine-to machine authentication, online access controls for network clients and VPN functionality.
The integrity of the transport – ensuring that when a customer’s traffic joins the network it reaches its destination unimpeded – is a joint effort between the network provider and the end user. This can involve tasks such as encrypting data moving along the network as well as educating network users to their individual responsibilities when accessing a network via a personal device.
There is an ongoing debate around on how far the satellite operator should go down the security stack, or the integrated layers of services that provide network security. In certain cases, the satellite operator has an ability to play a larger role in total security management, and there are ways to extend security controls all the way to the end-point device.
Maintaining security is an ongoing process
Going forward, security measures will be encouraged from the onset, with a layered framework built into the foundation of a network and then routinely reviewed and adjusted in response to the changing landscape. At the same time, networks already in operation have deployed hardware that has identified vulnerabilities. In this instance, corrective actions must be taken to strengthen the security around these networks. In both instances, the best way to build a strong security posture is to encourage transparency on security matters within the communications industry, work together to correct know issues and then work as an industry going forward.
While there are defined roles for each partner involved in the network ecosystem, each partner must also understand and share information about the entire network – in orbit and on the ground – to build a comprehensive security posture and strategy to prevent and mitigate threats. The satellite operator must not only be aware of its own security posture, but that of the equipment providers and customers. Network users cannot be passive players. If you see something, say something. Too often, breaches occur at one part of the ecosystem, but they are not communicated more broadly. In today’s landscape, the need to share information and communicate when there is a breach has never been greater. This is the best way to make sure that satellite operators continuously improve their security posture and that network users have their most important assets protected.
In the past, security was seen by many network operators and users as a 'nice to have’. Those days are gone. Threats do not stay idle, and they are increasing daily in numbers and sophistication. Consistent communication and proactive planning and coordination are vital to keeping the satellite ecosystem secure.
A network is only as strong as its weakest link. The satellite operator can have the best security posture in place and the customer’s data can be secure, but that means nothing if one of the elements in the satellite ecosystem isn’t secure. For a network to be as secure as possible, partners throughout the satellite ecosystem need to work together ever more closely to build a comprehensive security posture and strategy in order to protect a customer’s data as it moves through the satellite ecosystem.