KA-SAT seems to be used for SCADA control of 11 Gigawatt worth of wind turbines in Germany, among other things [1].
Not sure at all if this was the intended/primary target, but Europe is certainly scrambling for every Watt at the moment...
Also note that KA-SAT/Viasat and Eutelsat seem to be different platforms. I've seen reports of services based on the former being affected (e.g. SkyDSL [2]), but not the latter (Konnect), so far.
I was also surprised to learn that Ka-band based stationary consumer satellite internet services seem to be using (mostly) plain DOCSIS as the protocol. That possibly introduces its own share of vulnerabilities due to OTA updates/provisioning.
Sure, but can you prove it to the public in enough certainty to declare war? No. Suppose it was Russian flag, they could very easily just claim they were framed - and they very likely could’ve been.
> Sure, but can you prove it to the public in enough certainty to declare war?
This is not a court of law, proof is not what is missing to declare a war against Russia. They have a credible nuclear deterent, that is why war is not declared against them by other countries.
It is in fact a very sweet idea to think that a war declaration depends on meeting or not meeting some evidentiary standard.
> have a credible nuclear deterent, that is why war is not declared against them by other countries
Nobody “declares” wars anymore. If Russia were believed to be responsible for this, it would make it politically feasible to attack their critical infrastructure through targeted (plausibly deniable) cyber attacks.
You misunderstood, or simply ignored the word “public”. In free press societies, you need the will of the people to go to war. You need a 9/11 moment. A casus belli.
> In free press societies, you need the will of the people to go to war.
Sure. And this consent can be produced when there is a need for it. “Proof” is not the missing component.
That American basketball player who the Russians detained? Casus belli. The cyber attacks? Casus belli. Shelled civilians? Casus belli. The NATO country cargo ships which got hit and sunk? Casus belli.
These are just the ones I can think of. A proper state aparatus can come up with many more and probably even better ones. Government officials will leak the background, solemn faced politicians will demand justice while friendly journalist will write up the whole thing in the most hearth wrenching way. If they want to they can.
So why do they don’t want to? Is it because the Russian army is so powerfull that we think we can’t overpower them? No. Is it because the Russian air defences are so advanced that they cannot be picked apart? No. So what is it which makes the west avoid a direct confrontation with Russia? Why are they doing this strange dance of supplying weapons to Ukraine and hurting Russia with sanctions, but not directly engaging with them troop-to-troop? It’s the Russian nukes.
> You misunderstood, or simply ignored the word “public”.
I don’t think so. You won’t “prove” anything to the public through detailed technological explanations. A fig leaf of deniability might be an interesting roadblock in a criminal prosecution where things have to be proven “beyond a reasonable doubt”. In a situation where there is a governmental will to engage in a peacekeeping mission (read: send troops to fck the Russians up) the evidentiary level is “can we find an authorative sounding voice in the whole government who can tell the right sod story to enough guilable journalist to sell the people on it”. That is such a low level of “proof” that one might as well assume it can be met nearly always.
Journalist won’t pour over the attack binaries using Ghidra to make an assesment about the relative probabilities that it has the signatures of being created by this or that advanced persistent threat group. The ones who would demand that level of rigour before publishing won’t get the scoop. The ones who are selected to spread the message will have a lovely hour with a very charismatic “expert” who will walk them through just enough of the detail to sound right but not to get bogged down in unnecesary complications. This chat will get translated into a single line in their article, maybe something like “experts at the National Security Agency matched the unique signatures of the cyberweapon to the advanced persistent threat group Tippsy Bears, a known front of the Russian Federation.” Followed by two pages of hearth wrenching human angle story about innocents suffering needlesly. That is the “proof” the public might get.
I was with you until you said prove it "to the public"
After the WMDs and 17 intelligence agencies agree fiascos, among countless others, I'm beginning to lean on the side of the media being able to sell snow to an eskimo.
I know this is US-centric and lots of europe/other parts of the world were much more skeptical of the WMD claims at the time.
Before people politically flame me, I mention the "17 intelligence agencies" for 2 reasons
1) getting 17 people to agree on anything is impossible, getting 17 gigantic bureaucracies larger each than most governments to agree on anything is asinine.
2) most of the evidence, if you read the redacted report, was trivially forgeable so as to be pointless in determining actual responsibility. "we found cyrillic characters in the code, only could have come from russia!"
Nobody likes Russians. This would quite frankly be the easiest sell in history.
Evil bad guys? Check. Innocent civilians? Check. Fighting far away from your own vulnerable infrastructure? Check.
If this was true and practical, there would be so many wars... pretty much every country has had some infrastructure hacked, most more than once, some by random groups, some by government sponsored hacking, some by exploiting outdated installation of services and some using very advanced techniques (eg stuxnet).
Depends on who wrote the rules and who wins. Its not like NATO/5eyes hasnt been going on about cyber warfare threats for at least 15-20years now, at least I've been aware of it for 17years.
"The [turbines] affected remain in operation and are producing clean renewable energy. ... they will operate in automatic mode and are fundamentally capable of self-contained and independent regulation."
Sure, I'd hope for a heavily decentralized system to have some capability of autonomous operation. But in the medium and long term, it can't be good to not be able to remotely monitor for failures requiring manual intervention or on-site mechanical servicing.
The problem is once again our godawful prior government. Many tens of thousands of jobs in the wind industry have vanished over the last years [1] because the Conservatives oppose renewable power and impeded it wherever possible - if it is because of corruption, incompetence, fear of the far-right that outright demonizes anything not fossil or nuclear I don't know. In any case, we simply don't have the staff to visit literally thousands of wind turbines, a lot of which are actually offshore, simply to replace routers.
Not sure at all if this was the intended/primary target, but Europe is certainly scrambling for every Watt at the moment...
Also note that KA-SAT/Viasat and Eutelsat seem to be different platforms. I've seen reports of services based on the former being affected (e.g. SkyDSL [2]), but not the latter (Konnect), so far.
I was also surprised to learn that Ka-band based stationary consumer satellite internet services seem to be using (mostly) plain DOCSIS as the protocol. That possibly introduces its own share of vulnerabilities due to OTA updates/provisioning.
[1] https://thestack.technology/viasat-ka-sat-outage-cyber/
[2] https://www.connexionfrance.com/French-news/Thousands-in-Fra...