Tactics
Techniques
Countermeasures
Countermeasures
Space Segment Cybersecurity Profile
NIST References
ISO IEC 27001
NASA Best Practice Guide
D3FEND
Tactics
Technqiues
Artifacts
Resources
General Information
Getting Started
FAQ
Working with SPARTA
Updates
SPARTA Versions
Contribute
Related Work
Spacecraft Functional Decomposition
Defense-in-Depth Space Systems
Threat Levels
Threats
Risk Assessment
Cybersecurity Protections for
Spacecraft: A Threat Based
Approach (pdf)
Tools
Navigator
Countermeasure Mapper
Control Mapper
Spacecraft Mapper
JSON Creator
Notional Risk Scores
Search
Updates
v2.0
v1.6
v1.5
v1.5.1
v1.4
v1.3
v1.3.2
v1.3.1
v1.3.1.1
v1.2
v1.1
v1.0
Home
Resources
Updates
v1.0
Update - v1.0
Start Date
End Date
October 19 2022
October 28 2022
Below highlights the changes to the website, techniques, sub-techniques, and/or countermeasures.
Website Updates
Techniques
New Techniques
REC-0001:
Gather Spacecraft Design Information
REC-0002:
Gather Spacecraft Descriptors
REC-0003:
Gather Spacecraft Communications Information
REC-0004:
Gather Launch Information
REC-0005:
Eavesdropping
REC-0006:
Gather FSW Development Information
REC-0007:
Monitor for Safe-Mode Indicators
REC-0008:
Gather Supply Chain Information
REC-0009:
Gather Mission Information
RD-0001:
Acquire Infrastructure
RD-0002:
Compromise Infrastructure
RD-0003:
Obtain Capabilities
RD-0004:
Stage Capabilities
IA-0001:
Compromise Supply Chain
IA-0002:
Compromise Software Defined Radio
IA-0003:
Crosslink via Compromised Neighbor
IA-0004:
Secondary/Backup Communication Channel
IA-0005:
Rendezvous & Proximity Operations
IA-0006:
Compromise Hosted Payload
IA-0007:
Compromise Ground Station
IA-0008:
Rogue External Entity
IA-0009:
Trusted Relationship
IA-0010:
Exploit Reduced Protections During Safe-Mode
IA-0011:
Auxiliary Device Compromise
IA-0012:
Assembly, Test, and Launch Operation Compromise
EX-0002:
Position, Navigation, and Timing (PNT) Geofencing
EX-0007:
Trigger Single Event Upset
EX-0001:
Replay
EX-0013:
Flooding
EX-0003:
Modify Authentication Process
EX-0004:
Compromise Boot Memory
EX-0005:
Exploit Hardware/Firmware Corruption
EX-0006:
Disable/Bypass Encryption
EX-0008:
Time Synchronized Execution
EX-0009:
Exploit Code Flaws
EX-0010:
Inject Malicious Code
EX-0011:
Exploit Reduced Protections During Safe-Mode
EX-0012:
Modify On-Board Values
EX-0015:
Side-Channel Attack
EX-0014:
Spoofing
EXF-0002:
Side-Channel Attack
EXF-0001:
Replay
EXF-0003:
Eavesdropping
EXF-0004:
Out-of-Band Communications Link
EXF-0005:
Proximity Operations
EXF-0006:
Modify Software Defined Radio
EXF-0007:
Compromised Ground Station
EXF-0008:
Compromised Developer Site
EXF-0009:
Compromised Partner Site
PER-0001:
Memory Compromise
PER-0002:
Backdoor
PER-0003:
Ground System Presence
PER-0004:
Replace Cryptographic Keys
DE-0001:
Disable Fault Management
DE-0002:
Prevent Downlink
DE-0003:
Modify On-Board Values
DE-0004:
Masquerading
DE-0005:
Exploit Reduced Protections During Safe-Mode
DE-0006:
Modify Whitelist
LM-0001:
Hosted Payload
LM-0002:
Exploit Lack of Bus Segregation
LM-0003:
Constellation Hopping via Crosslink
LM-0004:
Visiting Vehicle Interface(s)
IMP-0001:
Deception (or Misdirection)
IMP-0002:
Disruption
IMP-0003:
Denial
IMP-0004:
Degradation
IMP-0005:
Destruction
IMP-0006:
Theft
Modified Techniques
Sub-Techniques
New Sub-Techniques
REC-0001.01:
Software
REC-0001.02:
Firmware
REC-0001.03:
Cryptographic Algorithms
REC-0001.04:
Data Bus
REC-0001.05:
Thermal Control System
REC-0001.06:
Maneuver & Control
REC-0001.07:
Payload
REC-0001.08:
Power
REC-0001.09:
Fault Management
REC-0002.01:
Identifiers
REC-0002.02:
Organization
REC-0002.03:
Operations
REC-0003.01:
Communications Equipment
REC-0003.02:
Commanding Details
REC-0004.01:
Flight Termination
REC-0005.01:
Uplink Intercept
REC-0005.02:
Downlink Intercept
REC-0005.03:
Proximity Operations
REC-0006.01:
Development Environment
REC-0006.02:
Security Testing Tools
REC-0008.01:
Hardware
REC-0008.02:
Software
REC-0008.03:
Known Vulnerabilities
RD-0001.01:
Ground Station Equipment
RD-0001.02:
Commercial Ground Station Services
RD-0001.03:
Spacecraft
RD-0002.01:
Mission-Operated Ground System
RD-0002.02:
3rd Party Ground System
RD-0002.03:
3rd-Party Spacecraft
RD-0003.01:
Exploit/Payload
RD-0003.02:
Cryptographic Keys
RD-0004.01:
Identify/Select Delivery Mechanism
RD-0004.02:
Upload Exploit/Payload
IA-0001.01:
Software Dependencies & Development Tools
IA-0001.02:
Software Supply Chain
IA-0001.03:
Hardware Supply Chain
IA-0004.01:
Ground Station
IA-0004.02:
Receiver
IA-0005.01:
Compromise Emanations
IA-0005.02:
Docked Vehicle / OSAM
IA-0005.03:
Proximity Grappling
IA-0007.01:
Compromise On-Orbit Update
IA-0007.02:
Malicious Commanding via Valid GS
IA-0008.01:
Rogue Ground Station
IA-0008.02:
Rogue Spacecraft
IA-0009.01:
Mission Collaborator (academia, international, etc.)
IA-0009.02:
Vendor
IA-0009.03:
User Segment
EX-0001.01:
Command Packets
EX-0001.02:
Bus Traffic
EX-0013.02:
Erroneous Data
EX-0013.01:
Valid Commands
EX-0005.01:
Design Flaws
EX-0005.02:
Malicious Use of Hardware Commands
EX-0008.01:
Absolute Time Sequences
EX-0008.02:
Relative Time Sequences
EX-0009.01:
Flight Software
EX-0009.02:
Operating System
EX-0009.03:
Known Vulnerability (COTS/FOSS)
EX-0012.01:
Registers
EX-0012.02:
Internal Routing Tables
EX-0012.03:
Memory Write/Loads
EX-0012.04:
App/Subscriber Tables
EX-0012.05:
Scheduling Algorithm
EX-0012.06:
Science/Payload Data
EX-0012.07:
Propulsion Subsystem
EX-0012.08:
Attitude Determination & Control Subsystem
EX-0012.09:
Electrical Power Subsystem
EX-0012.10:
Command & Data Handling Subsystem
EX-0012.11:
Watchdog Timer (WDT)
EX-0012.12:
System Clock
EX-0012.13:
Poison AI/ML Training Data
EX-0014.01:
Time Spoof
EX-0014.02:
Bus Traffic
EX-0014.03:
Sensor Data
EXF-0002.01:
Power Analysis Attacks
EXF-0002.02:
Electromagnetic Leakage Attacks
EXF-0002.03:
Traffic Analysis Attacks
EXF-0002.04:
Timing Attacks
EXF-0002.05:
Thermal Imaging attacks
EXF-0003.01:
Uplink Intercept
EXF-0003.02:
Downlink Intercept
PER-0002.01:
Hardware
PER-0002.02:
Software
DE-0002.01:
Inhibit Ground System Functionality
DE-0002.02:
Jam Link Signal
DE-0002.03:
Inhibit Spacecraft Functionality
DE-0003.01:
Vehicle Command Counter (VCC)
DE-0003.02:
Rejected Command Counter
DE-0003.03:
Command Receiver On/Off Mode
DE-0003.04:
Command Receivers Received Signal Strength
DE-0003.05:
Command Receiver Lock Modes
DE-0003.06:
Telemetry Downlink Modes
DE-0003.07:
Cryptographic Modes
DE-0003.08:
Received Commands
DE-0003.09:
System Clock
DE-0003.10:
GPS Ephemeris
DE-0003.11:
Watchdog Timer (WDT)
DE-0003.12:
Poison AI/ML Training Data
Modified Sub-Techniques
Countermeasures
New Countermeasures
CM0000:
Countermeasure Not Identified
CM0001:
Protect Sensitive Information
CM0008:
Security Testing Results
CM0009:
Threat Intelligence Program
CM0020:
Threat modeling
CM0022:
Criticality Analysis
CM0024:
Anti-counterfeit Hardware
CM0025:
Supplier Review
CM0026:
Original Component Manufacturer
CM0027:
ASIC/FPGA Manufacturing
CM0028:
Tamper Protection
CM0041:
User Training
CM0052:
Insider Threat Protection
CM0054:
Two-Person Rule
CM0002:
COMSEC
CM0030:
Crypto Key Management
CM0031:
Authentication
CM0033:
Relay Protection
CM0003:
TEMPEST
CM0040:
Shared Resource Leakage
CM0049:
Machine Learning Data Integrity
CM0050:
On-board Message Encryption
CM0004:
Development Environment Security
CM0007:
Software Version Numbers
CM0010:
Update Software
CM0011:
Vulnerability Scanning
CM0012:
Software Bill of Materials
CM0013:
Dependency Confusion
CM0015:
Software Source Control
CM0016:
CWE List
CM0017:
Coding Standard
CM0018:
Dynamic Analysis
CM0019:
Static Analysis
CM0021:
Software Digital Signature
CM0023:
Configuration Management
CM0036:
Session Termination
CM0039:
Least Privilege
CM0046:
Long Duration Testing
CM0047:
Operating System Security
CM0055:
Secure Command Mode(s)
CM0062:
Dummy Process - Aggregator Node
CM0069:
Process White Listing
CM0005:
Ground-based Countermeasures
CM0034:
Monitor Critical Telemetry Points
CM0035:
Protect Authenticators
CM0053:
Physical Security Controls
CM0056:
Data Backup
CM0070:
Alternate Communications Paths
CM0006:
Cloaking Safe-mode
CM0032:
On-board Intrusion Detection & Prevention
CM0042:
Robust Fault Management
CM0044:
Cyber-safe Mode
CM0051:
Fault Injection Redundancy
CM0066:
Model-based System Verification
CM0067:
Smart Contracts
CM0068:
Reinforcement Learning
CM0014:
Secure boot
CM0037:
Disable Physical Ports
CM0038:
Segmentation
CM0043:
Backdoor Commands
CM0045:
Error Detection and Correcting Memory
CM0048:
Resilient On-board Timing
CM0057:
Tamper Resistant Body
CM0058:
Power Randomization
CM0059:
Power Consumption Obfuscation
CM0060:
Secret Shares
CM0061:
Power Masking
CM0063:
Increase Clock Cycles/Timing
CM0064:
Dual Layer Protection
CM0065:
OSAM Dual Authorization
CM0029:
TRANSEC
Modified Countermeasures
×