Cybersecurity matrices have become an industry standard approach for providing a knowledge base of adversary behaviors and serve as a taxonomy for adversarial actions across the attack lifecycle. The Aerospace Corporation created the Space Attack Research and Tactic Analysis (SPARTA) matrix to address the information and communication barriers that hinder the identification and sharing of space-cyber Tactic, Techniques, and Procedures (TTP). The MITRE ATT&CK Getting Started page provides relevant information on the value of using cybersecurity matrices and breaking down the TTPs using this method. Since SPARTA is building off of the industry standard approach laid out by ATT&CK, it is recommended to review the basics of how these frameworks work by reviewing the MITRE ATT&CK Getting Started
For SPARTA specific information, please review the following articles
Why did The Aerospace Corporation develop SPARTA?
Due to information and communication barriers that hinder the identification and sharing of space-cyber Tactic, Techniques, and Procedures (TTPs), the Aerospace Corporation created the SPARTA matrix. SPARTA is intended to provide unclassified information to space professionals about how spacecrafts may be compromised via cyber means, and it defines and categorizes commonly identified activities that contribute to spacecraft compromises. TTP matrices are becoming standard across the cybersecurity community as they enable a visual way to organize TTPs and document attack chains.
SPARTA attempts to aggregate unclassified research from academia, Federally Funded Research and Development Centers, and space cyber professionals into a single pane of glass to better educate the space community on TTPs while also identifying countermeasures within SPARTA. SPARTA’s goal is to raise the bar on space-cyber common knowledge across the community so that space systems are engineered with defense-in-depth principles. SPARTA is cross referenced to cybersecurity best practices like NIST SP 800-53, MITRE ATT&CK where applicable, as well as previously published spacecraft cyber protections within TOR 2021-01333 REV A. This correlation provides further justification for adherence to these best practices as it enables a more threat-informed design process.
Common Use Cases for SPARTA?
- Space system developers: Engineers now have a resource that contains TTPs, threats, and countermeasures to enable the engineering of protections early in the lifecycle -- establishing countermeasures to disrupt the attack chains
- Defensive Cyber Operations (DCO): Enables the building of monitoring solutions, analytics, automation, etc. for DCO Operators/Blue Team members to measure how effective systems/operators are at detecting TTPs for their specific space system
- Threat intelligence: Report data to the community tying threat actor TTPs against space systems using a common taxonomy. Leverage the unique identifiers and aggregate reporting using a similar approach as the current industry standard for Enterprise IT systems
- Assessments / Table-Tops: Provides a framework for security engineers & red teamers to leverage for designing attack chains against the space segment
- Education / Training / Research: Expands the footprint of knowledge to a wider audience – raises the bar on what is considered common knowledge. Security researchers can submit their own TTPs via email to firstname.lastname@example.org to crowd source information and further support the community