Notional Risk Scores

Building on previous work published in Aerospace Report TOR-2021-01333-REV A which details a generic threat model and risk assessment approach that considers a high-level view of adversary capabilities and ranks them into tiers. Given the difficulty of establishing the likelihood of an attack due to the uniqueness of every mission and system implementation, this generic tiered adversary system is leveraged to illustrate adversary capability which contributes to the likelihood that an actor can execute certain SPARTA TTPs. This is combined with analysis from Aerospace Corporation subject matter experts on the TTPs potential impact, resulting in a NOTIONAL risk determination which can be represented in a standard 5x5 risk matrix.

Three notional risk values are provided for TTPs, sorted by system/mission criticality as follows:

  • HIGH Criticality System (critical infrastructure, military, intelligence, or similar)
  • MEDIUM Criticality System (civil, science/weather, commercial, or similar)
  • LOW Criticality System (academic, research, or similar)

Ranging from 1-25, each of these three distinct values can be placed on the risk matrix 5x5, and will be presented on TTP pages as depicted below:

  • Notional Risk (H | M | L): HighRisk# | MediumRisk# | LowRisk#

As with all SPARTA content, this process and the notional scores are expected to evolve over time. There are plans to implement future functionality to allow more tailoring within the tool to better reflect system/mission-specific parameters. For the time being, it is up to SPARTA users to consider additional tailoring that should take place so that these notional scores are adjusted to reflect their own unique mission.

Example tailoring considerations the notional values do not reflect:

  • specific architectures/technologies
  • existence of specific sub-systems/functions
  • mission objectives and the components critical to their success
  • mission importance of confidentiality, integrity, and availability of data
  • mission-specific threat intelligence (including geo-political developments or future plans that might increase the likelihood of adversarial action)

SPARTA TTP Notional Risk (HIGH Criticality Systems) Notional Risk (MEDIUM Criticality Systems) Notional Risk (LOW Criticality Systems)
REC-0001 - Gather Spacecraft Design Information 18 15 11
REC-0001.01 - Software 18 15 11
REC-0001.02 - Firmware 18 15 11
REC-0001.03 - Cryptographic Algorithms 24 21 17
REC-0001.04 - Data Bus 18 15 11
REC-0001.05 - Thermal Control System 18 15 11
REC-0001.06 - Maneuver & Control 22 19 14
REC-0001.07 - Payload 13 10 8
REC-0001.08 - Power 13 10 8
REC-0001.09 - Fault Management 22 19 14
REC-0002 - Gather Spacecraft Descriptors 6 4 2
REC-0002.01 - Identifiers 6 4 2
REC-0002.02 - Organization 6 4 2
REC-0002.03 - Operations 6 4 2
REC-0003 - Gather Spacecraft Communications Information 18 15 11
REC-0003.01 - Communications Equipment 13 10 8
REC-0003.02 - Commanding Details 22 19 14
REC-0003.03 - Mission-Specific Channel Scanning 13 10 8
REC-0003.04 - Valid Credentials 24 21 17
REC-0004 - Gather Launch Information 18 15 11
REC-0004.01 - Flight Termination 18 15 11
REC-0005 - Eavesdropping 19 14 9
REC-0005.01 - Uplink Intercept 23 22 19
REC-0005.02 - Downlink Intercept 23 22 19
REC-0005.03 - Proximity Operations 19 14 9
REC-0005.04 - Active Scanning (RF/Optical) 9 9 9
REC-0006 - Gather FSW Development Information 18 15 11
REC-0006.01 - Development Environment 18 15 11
REC-0006.02 - Security Testing Tools 18 15 11
REC-0007 - Monitor for Safe-Mode Indicators 15 11 5
REC-0008 - Gather Supply Chain Information 18 15 11
REC-0008.01 - Hardware 18 15 11
REC-0008.02 - Software 18 15 11
REC-0008.03 - Known Vulnerabilities 22 19 14
REC-0008.04 - Business Relationships 6 4 2
REC-0009 - Gather Mission Information 18 15 11
RD-0001 - Acquire Infrastructure Not Scored Not Scored Not Scored
RD-0001.01 - Ground Station Equipment Not Scored Not Scored Not Scored
RD-0001.02 - Commercial Ground Station Services Not Scored Not Scored Not Scored
RD-0001.03 - Spacecraft Not Scored Not Scored Not Scored
RD-0001.04 - Launch Facility Not Scored Not Scored Not Scored
RD-0002 - Compromise Infrastructure Not Scored Not Scored Not Scored
RD-0002.01 - Mission-Operated Ground System Not Scored Not Scored Not Scored
RD-0002.02 - 3rd Party Ground System Not Scored Not Scored Not Scored
RD-0002.03 - 3rd-Party Spacecraft Not Scored Not Scored Not Scored
RD-0003 - Obtain Cyber Capabilities Not Scored Not Scored Not Scored
RD-0003.01 - Exploit/Payload Not Scored Not Scored Not Scored
RD-0003.02 - Cryptographic Keys Not Scored Not Scored Not Scored
RD-0005 - Obtain Non-Cyber Capabilities Not Scored Not Scored Not Scored
RD-0005.01 - Launch Services Not Scored Not Scored Not Scored
RD-0005.02 - Non-Kinetic Physical ASAT Not Scored Not Scored Not Scored
RD-0005.03 - Kinetic Physical ASAT Not Scored Not Scored Not Scored
RD-0005.04 - Electronic ASAT Not Scored Not Scored Not Scored
RD-0004 - Stage Capabilities Not Scored Not Scored Not Scored
RD-0004.01 - Identify/Select Delivery Mechanism Not Scored Not Scored Not Scored
RD-0004.02 - Upload Exploit/Payload Not Scored Not Scored Not Scored
IA-0001 - Compromise Supply Chain 22 19 14
IA-0001.01 - Software Dependencies & Development Tools 22 19 14
IA-0001.02 - Software Supply Chain 22 19 14
IA-0001.03 - Hardware Supply Chain 24 21 17
IA-0002 - Compromise Software Defined Radio 21 17 12
IA-0003 - Crosslink via Compromised Neighbor 17 12 12
IA-0004 - Secondary/Backup Communication Channel 25 24 21
IA-0004.01 - Ground Station 25 24 21
IA-0004.02 - Receiver 24 21 17
IA-0005 - Rendezvous & Proximity Operations 12 12 12
IA-0005.01 - Compromise Emanations 12 12 12
IA-0005.02 - Docked Vehicle / OSAM 17 12 12
IA-0005.03 - Proximity Grappling 12 12 12
IA-0006 - Compromise Hosted Payload 21 17 12
IA-0007 - Compromise Ground System 24 21 17
IA-0007.01 - Compromise On-Orbit Update 24 21 17
IA-0007.02 - Malicious Commanding via Valid GS 25 24 21
IA-0008 - Rogue External Entity 25 24 21
IA-0008.01 - Rogue Ground Station 25 24 21
IA-0008.02 - Rogue Spacecraft 12 12 12
IA-0008.03 - ASAT/Counterspace Weapon 12 12 12
IA-0009 - Trusted Relationship 22 19 14
IA-0009.01 - Mission Collaborator (academia, international, etc.) 22 19 14
IA-0009.02 - Vendor 22 19 14
IA-0009.03 - User Segment 22 19 14
IA-0010 - Exploit Reduced Protections During Safe-Mode 24 21 17
IA-0011 - Auxiliary Device Compromise 12 12 12
IA-0012 - Assembly, Test, and Launch Operation Compromise 19 14 9
EX-0001 - Replay 25 24 21
EX-0001.01 - Command Packets 25 24 21
EX-0001.02 - Bus Traffic 24 21 17
EX-0002 - Position, Navigation, and Timing (PNT) Geofencing 12 12 12
EX-0003 - Modify Authentication Process 22 19 14
EX-0004 - Compromise Boot Memory 21 17 12
EX-0005 - Exploit Hardware/Firmware Corruption 25 24 21
EX-0005.01 - Design Flaws 24 21 17
EX-0005.02 - Malicious Use of Hardware Commands 25 24 21
EX-0006 - Disable/Bypass Encryption 24 21 17
EX-0007 - Trigger Single Event Upset 19 14 9
EX-0008 - Time Synchronized Execution 21 17 12
EX-0008.01 - Absolute Time Sequences 21 17 12
EX-0008.02 - Relative Time Sequences 21 17 12
EX-0009 - Exploit Code Flaws 24 21 17
EX-0009.01 - Flight Software 25 24 21
EX-0009.02 - Operating System 21 17 12
EX-0009.03 - Known Vulnerability (COTS/FOSS) 25 24 21
EX-0010 - Malicious Code 22 19 14
EX-0010.01 - Ransomware 17 12 12
EX-0010.02 - Wiper Malware 21 17 12
EX-0010.03 - Rootkit 24 21 17
EX-0010.04 - Bootkit 24 21 17
EX-0011 - Exploit Reduced Protections During Safe-Mode 24 21 17
EX-0012 - Modify On-Board Values 19 14 9
EX-0012.01 - Registers 19 14 9
EX-0012.02 - Internal Routing Tables 19 14 9
EX-0012.03 - Memory Write/Loads 24 21 17
EX-0012.04 - App/Subscriber Tables 19 14 9
EX-0012.05 - Scheduling Algorithm 19 14 9
EX-0012.06 - Science/Payload Data 24 21 17
EX-0012.07 - Propulsion Subsystem 21 17 12
EX-0012.08 - Attitude Determination & Control Subsystem 24 21 17
EX-0012.09 - Electrical Power Subsystem 21 17 12
EX-0012.10 - Command & Data Handling Subsystem 24 21 17
EX-0012.11 - Watchdog Timer (WDT) 24 21 17
EX-0012.12 - System Clock 19 14 9
EX-0012.13 - Poison AI/ML Training Data 14 9 9
EX-0013 - Flooding 25 24 21
EX-0013.01 - Valid Commands 25 24 21
EX-0013.02 - Erroneous Input 25 24 21
EX-0016 - Jamming 25 24 21
EX-0016.03 - Position, Navigation, and Timing (PNT) 25 24 21
EX-0016.01 - Uplink Jamming 24 21 17
EX-0016.02 - Downlink Jamming 19 14 9
EX-0014 - Spoofing 25 24 21
EX-0014.01 - Time Spoof 25 24 21
EX-0014.02 - Bus Traffic 25 24 21
EX-0014.03 - Sensor Data 21 17 12
EX-0014.04 - Position, Navigation, and Timing (PNT) 25 24 21
EX-0014.05 - Ballistic Missile Spoof 12 12 12
EX-0015 - Side-Channel Attack 14 9 9
EX-0017 - Kinetic Physical Attack 17 12 12
EX-0017.01 - Direct Ascent ASAT 17 12 12
EX-0017.02 - Co-Orbital ASAT 17 12 12
EX-0018 - Non-Kinetic Physical Attack 17 12 12
EX-0018.01 - Electromagnetic Pulse (EMP) 12 12 12
EX-0018.02 - High-Powered Laser 21 17 12
EX-0018.03 - High-Powered Microwave 17 12 12
PER-0001 - Memory Compromise 21 17 12
PER-0002 - Backdoor 24 21 17
PER-0002.01 - Hardware 24 21 17
PER-0002.02 - Software 24 21 17
PER-0003 - Ground System Presence 25 24 21
PER-0004 - Replace Cryptographic Keys 21 17 12
PER-0005 - Valid Credentials 24 21 17
DE-0001 - Disable Fault Management 24 21 17
DE-0002 - Prevent Downlink 21 17 12
DE-0002.01 - Inhibit Ground System Functionality 21 17 12
DE-0002.02 - Jam Link Signal 25 24 21
DE-0002.03 - Inhibit Spacecraft Functionality 17 12 12
DE-0003 - Modify On-Board Values 18 15 11
DE-0003.01 - Vehicle Command Counter (VCC) 18 15 11
DE-0003.02 - Rejected Command Counter 18 15 11
DE-0003.03 - Command Receiver On/Off Mode 18 15 11
DE-0003.04 - Command Receivers Received Signal Strength 18 15 11
DE-0003.05 - Command Receiver Lock Modes 18 15 11
DE-0003.06 - Telemetry Downlink Modes 18 15 11
DE-0003.07 - Cryptographic Modes 18 15 11
DE-0003.08 - Received Commands 18 15 11
DE-0003.09 - System Clock 19 14 9
DE-0003.10 - GPS Ephemeris 18 15 11
DE-0003.11 - Watchdog Timer (WDT) 19 14 9
DE-0003.12 - Poison AI/ML Training Data 18 15 11
DE-0004 - Masquerading 15 11 5
DE-0005 - Exploit Reduced Protections During Safe-Mode 22 19 14
DE-0006 - Modify Whitelist 19 14 9
DE-0007 - Rootkit 24 21 17
DE-0008 - Bootkit 24 21 17
DE-0009 - Camouflage, Concealment, and Decoys (CCD) 11 5 5
DE-0009.01 - Debris Field 11 5 5
DE-0009.02 - Space Weather 11 5 5
DE-0009.03 - Trigger Premature Intercept 12 12 12
DE-0010 - Overflow Audit Log 16 13 10
DE-0011 - Valid Credentials 24 21 17
LM-0001 - Hosted Payload 24 21 17
LM-0002 - Exploit Lack of Bus Segregation 24 21 17
LM-0003 - Constellation Hopping via Crosslink 21 17 12
LM-0004 - Visiting Vehicle Interface(s) 21 17 12
LM-0005 - Virtualization Escape 14 9 9
LM-0006 - Launch Vehicle Interface 17 12 12
LM-0006.01 - Rideshare Payload 17 12 12
LM-0007 - Valid Credentials 24 21 17
EXF-0001 - Replay 22 19 14
EXF-0002 - Side-Channel Attack 14 9 9
EXF-0002.01 - Power Analysis Attacks 14 9 9
EXF-0002.02 - Electromagnetic Leakage Attacks 14 9 9
EXF-0002.03 - Traffic Analysis Attacks 14 9 9
EXF-0002.04 - Timing Attacks 14 9 9
EXF-0002.05 - Thermal Imaging attacks 14 9 9
EXF-0003 - Eavesdropping 23 22 19
EXF-0003.01 - Uplink Intercept 23 22 19
EXF-0003.02 - Downlink Intercept 23 22 19
EXF-0004 - Out-of-Band Communications Link 23 22 19
EXF-0005 - Proximity Operations 19 14 9
EXF-0006 - Modify Communications Configuration 21 17 12
EXF-0006.01 - Software Defined Radio 21 17 12
EXF-0006.02 - Transponder 21 17 12
EXF-0007 - Compromised Ground System 25 24 21
EXF-0008 - Compromised Developer Site 24 21 17
EXF-0009 - Compromised Partner Site 24 21 17
EXF-0010 - Payload Communication Channel 21 17 12
IMP-0001 - Deception (or Misdirection) Not Scored Not Scored Not Scored
IMP-0002 - Disruption Not Scored Not Scored Not Scored
IMP-0003 - Denial Not Scored Not Scored Not Scored
IMP-0004 - Degradation Not Scored Not Scored Not Scored
IMP-0005 - Destruction Not Scored Not Scored Not Scored
IMP-0006 - Theft Not Scored Not Scored Not Scored