The satellite industry is committed to providing secure, trustworthy connectivity to customers around the world. The Global VSAT Forum has spearheaded an industry-wide collaboration with VSAT equipment vendors and service providers to establish security specifications that are designed for today’s cybersecurity threats, and laying a foundation for meeting the threats of tomorrow.

What Has Been Done?

In 2014, the GVF commissioned a Cyber Security Task Force that comprised security experts and representatives from across the satellite industry. The goal of the Task Force was to create a set of vendor-neutral specifications for the industry that would enhance security without reducing the utility and performance of VSAT solutions.

The GVF,  Satellite Industry Association (SIA), and EMEA Satellite Operators Association (ESOA) Collaborate on Joint Cyber Security Initiative:

The joint statement and core principles are a product of the important lessons for effective cyber security learned by SIA & GVF members.  The associations stress that security and risk management should be part of an organization's overall corporate culture.  Organizations should, implement and maintain best practices to protect against evolving threats, including by leveraging industry-driven resources to inform their own development of voluntary, proactive, risk-based approaches to mitigate risks.  Collaboration, not regulation, is the best way for organizations to manage cyber risks, the associations argue.  Finally, voluntary information-sharing among the private sector, between the private sector and government, and between the private sector and end users is vital.  

Full text of the core-principles document can be viewed here.

Do I still have to protect my own networks if I am a VSAT customer?

Yes. Specifications only pertain to the satellite-specific elements of the overall network. End customers are still responsible for their own security practices beyond the VSAT infrastructure. Nothing in these documents relieves any satellite customer from managing their own security. However, what the specifications do is reduce the risk that the satellite infrastructure itself will be a successful target of an attacker.

What’s Next for VSAT Security?

The satellite industry is in the process of implementation of the CSTF Guideliness. This process will take time and engineering effort on the part of individual member companies. VSAT customers should continue to engage their vendors in a frank discussions “beyond the checkbox” about security to ensure that customer security concerns are adequately reflected in their satellite solutions.