« The space sector is in need of frameworks and methodologies specific to our unique operating environment » said Gregory Falco (Aerospace Security & Space Technology Asst. Prof at Johns Hopkins, Cybersecurity PhD from MIT).
In this article, we will present some recently released cybersecurity frameworks for space domain :
- SPARTA : The Aerospace Corporation’s Space Attack Research and Tactic Analysis
- SPACE-SHIELD : The Space Attacks and Countermeasures Engineering Shield from ESA
- TREKS : The Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles Cybersecurity Framework
The Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA)
The Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA) framework was already in place. SPARTA is an ATT&CK® like knowledge-base framework but for for Space Missions.
SPARTA matrix is intended to provide unclassified information to space professionals about how spacecraft may be compromised due to adversarial actions across the attack lifecycle.
You can learn more about SPARTA in our article here.
The SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) from ESA
There was also the SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) from ESA. SPACE-SHIELD is an ATT&CK® like knowledge-base framework for Space Systems.
It is a collection of adversary tactics and techniques, and a security tool applicable in the Space environment to strengthen the security level. The matrix covers the Space Segment and communication links, and it does not address specific types of mission.
You can learn more about SPACE-SHIELD in our article here.
The Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles (TREKS) Cybersecurity Framework
TREKS (Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles) is a new Cybersecurity Framework that highlights the unique kill chain for the space vehicle.
It’s a Cybersecurity Framework released by Dr. Jacob Oakley after more than five years spent researching and working on space system cybersecurity.
You can learn more about TREKS in our article here.
What about SPARTA vs. ATT&CK MITRE ?
The current cyber-security frameworks – MITRE’s ATT&CK and Microsoft’s Kubernetes – while representing the industry standard for analyzing attacks on terrestrial devices, however, do not sufficiently cover the space segment scenarios.
What about SPARTA vs. SPACE-SHIELD ?
SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) is an ATT&CK® like knowledge-base framework for Space Systems. It is a collection of adversary tactics and techniques, and a security tool applicable in the Space environment to strengthen the security level. The matrix covers the Space Segment and communication links, and it does not address specific types of mission. You can learn more about SPACE-SHIELD here.
What about TREKS vs. other frameworks
TREKS is intended to provide a bridge between the existing frameworks available to address, categorize, taxonomize and analyze cybersecurity compromises of traditional terrestrial based network architectures and the future of cybersecurity for space where those frameworks become more applicable as compromises become more frequent, prolific, and acknowledged. This framework can provide a taxonomy that can be used to characterize foundational aspects of cyber threats to SVs in a way that allows for the identification of trends and enables analysis of this niche target set at the intersection of the space and cyber domains.
Conclusion
In conlusion, « We need frameworks, this is sure. But we need also to ensure that we are not diverging or duplicating the efforts. » said Paul Varela, CyberSecurity/Risk Expert and Trainer at EUSPA.
My position is that it’s right but I think these frameworks are complementory.