Your weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Patrick Gray. This week's edition is sponsored by SpecterOps.

You can hear a podcast discussion of this newsletter by searching for "Risky Business News" in your podcatcher or subscribing via this RSS feed.

Listen here

Photo by nader saremi on Unsplash

Amid ongoing domestic unrest and a violent government crackdown in Iran, the country’s government imposed an internet blackout. This shutdown, which began on Thursday January 8 is still in effect at time of writing.

During the shutdown some Iranians have been using SpaceX's Starlink satellite service to connect with the outside world. According to the New York Times, this didn't happen by chance. It was the result of deliberate planning:

Since 2022, activists and civil society groups have worked on sneaking Starlink terminals into the country, aided by a US government sanctions exemption for Starlink and American companies to offer communication tools in Iran. About 50,000 of the terminals are now in Iran, according to digital activists, in defiance of an Iranian law passed last year that bans the systems, and rules prohibiting unlicensed services.  

Compared to domestic ISPs that the Iranian government can force to stop internet access, blocking Starlink is much more difficult. So far the government’s measures have included warnings to the public that possessing Starlink systems is a crime, using drones to find and confiscate terminals, and electronic jamming, possibly using Russian-provided equipment. In addition to jamming the frequencies Starlink operates on, GPS spoofers degrade the service, as terminals rely on accurate location information to direct their antennas correctly. The efforts have proven partly effective.

SpaceX has not publicly commented about its service being used in Iran, but it has waived subscriber fees for terminals in the country. Terminals in the country began working the day after President Donald Trump said he would talk to SpaceX CEO Elon Musk about restoring internet access to the country. 

Granting free internet access to Iranians is a good PR move. It is also consistent with SpaceX being reactive to political pressure. 

In the early days of Russia's invasion of Ukraine, SpaceX rolled out Starlink access to Ukraine following a twitter exchange between Elon Musk and Mykhailo Fedorov, the country's then Minister of Digital Transformation. The company subsequently reined in Ukrainian use of its service after military forces used it to control offensive drones. Starlink had inadvertently become a legitimate military target. 

Its services to Ukraine also resulted in SpaceX getting into a funding argy-bargy with the Pentagon over ongoing bandwidth costs. 

More recently, Starlink terminals have been used by scam compounds when domestic internet services have been cut. Instead of blocking terminals located within compounds, SpaceX allowed the problem to fester until a US Congressional committee announced that it was launching an investigation. Within the week, SpaceX announced it had "proactively disabled" 2,500 Starlink terminals near suspected compounds. 

It's not just SpaceX that implements policy on the run. The US government sanctions exemptions for Starlink terminals appear farsighted today. But these were actually a response to a previous round of protests and internet blackouts back in 2022. 

Starlink is super easy to ship and activate, so it is perfect for responding to emergencies (or political pressure). But when it comes to deliberate internet blackouts, there are new technologies coming online that provide a better solution, at least in some ways. But they are more complicated to roll out and require planning ahead.  

SpaceX now offers direct-to-cell services that provide satellite communications for regular LTE phones. AST SpaceMobile is building another direct-to-cell service. 

Activists are already asking that direct-to-cell services be opened up to Iran. In some ways, this would be better than Starlink. It could be more widely accessible because a significant proportion of the population has compatible handsets. This would also make it harder for the government to jam access and track down any individual user.

Still, it's early days for that service. And while SpaceX controls all the infrastructure that runs Starlink, direct-to-cell is offered in conjunction with local operators. It's not as simple as one company flipping a single switch. 

In other words, enabling direct-to-cell will take time. 

Unfortunately it may be too late to fully assist with the crisis in Iran. But it will not be the last of its kind. When unrest arises, authoritarian governments regularly impose internet shutdowns. Rather than reactively responding to every crisis as it arises, perhaps it's time to plan for a future one.

Cyber Command Nominee's Flexible Reed Strategy

President Donald Trump's nominee to lead NSA and Cyber Command, General Joshua Rudd, appeared in front of the Senate for a confirmation hearing last week. To put it bluntly, he failed to impress.

For a start, Rudd simply doesn't have much experience in intelligence or cyber operations. Instead, he played up his role in IndoPacific Command as a "consumer and integrator" of intelligence and operational capabilities from NSA and Cyber Command. 

Still, a lack of direct experience can be forgiven. Much of a senior leader's role is managing upwards and outwards and dealing with the thorny bigger picture issues of the day. 

When it comes to NSA and Cyber Command, a list of these hot potato topics would include the current 'dual-hat' arrangement where a single officer leads both NSA and Cyber Command, Section 702 intelligence collection and protection of American's civil liberties, and the role of offensive cyber operations in deterring adversaries. 

Unfortunately, when asked about these key issues, rather than projecting strong and informed views, Rudd's testimony suggested reed-like suppleness.

When it came to the dual-hat arrangement, Rudd said that he liked it from a consumer's perspective because it "fostered integration and speed". He said, however, he was aware of an independent study assessing the leadership arrangement. His responsibility, if confirmed, would be to "remain objective" and "ask continuously if that is the most effective way to lead those two organisations". 

The most telling exchange occurred when Senator Angus King, I-Maine, asked whether Rudd believed that NSA and Cyber command should develop a public offensive cyber deterrent policy. 

Rudd ducked the question, saying "I don't know if it's my role, if confirmed, to declare policy". He’s right, it isn't. But the head of Cyber Command should be able to speak sensibly about the pros and cons of such a key policy that directly affects the organisation. 

King excoriated Rudd for this answer. He questioned how someone nominated to be the "top cyber officer in the United States" could have no opinion about how the country's response to cyber attacks should be structured.

"Someone appointed to this position should have some familiarity and analysis and thinking about the position of this country in cyber." 

Rudd should absolutely have been prepared. His predecessor, General Timothy Haugh, was asked a very similar question by Senator King at his confirmation hearing. 

Of course, given that General Haugh was dismissed by President Trump at the urging of far-right conspiracy theorist Laura Loomer, we wonder if Rudd's 'flexible reed' approach is actually the best possible strategy given the circumstances. 

From a technical and policy experience point of view, Rudd may not be the best candidate to head NSA and Cyber Command. We hope his ability to survive and thrive within the Trump administration, where personality matters more than policy, makes up for that. 

Rudd has another confirmation hearing before the Senate intelligence committee next week. 

We wonder if he'll prepare some cue cards this time.

Watch Amberleigh Jack and Tom Uren discuss this edition of the newsletter:

Risky Business Podcasts

In this special documentary episode, Patrick Gray and Amberleigh Jack take a historical dive into hacking in the 1980s. Through the words of those that were there, they discuss life on the ARPANET, the 414s hacking group, the Morris Worm, the vibe inside the NSA and a parallel hunt for German hackers happening at a similar time to Cliff Stoll’s famous Cuckoo’s Egg story.