Flooding: Erroneous Input

Threat actors inject noise/data/signals into the target channel so that legitimate messages cannot be correctly processed due to impacts to integrity or availability. Additionally, while this technique does not utilize system-relevant signals/commands/information, the target spacecraft may still consume valuable computing resources to process and discard the signal.

ID: EX-0013.02
Sub-technique of:  EX-0013
Related Aerospace Threat IDs:  SV-AV-1 | SV-AV-5
Related MITRE ATT&CK TTPs:  T1498.001
Tactic:
Created: 2022/10/19
Last Modified: 2022/12/08

Countermeasures

ID Name Description NIST Rev5
CM0036 Session Termination Terminate the connection associated with a communications session at the end of the session or after an acceptable amount of inactivity which is established via the concept of operations. AC-12 SC-10 SI-14(3)
CM0034 Monitor Critical Telemetry Points Monitor defined telemetry points for malicious activities (i.e., jamming attempts, commanding attempts (e.g., command modes, counters, etc.)). This would include valid/processed commands as well as commands that were rejected. Telemetry monitoring should synchronize with ground-based Defensive Cyber Operations (i.e., SIEM/auditing) to create a full space system situation awareness from a cybersecurity perspective. AC-17(1) AU-3(1) CA-7(6) IR-4(14) SC-7 SI-3(8)
CM0070 Alternate Communications Paths Establish alternate communications paths to reduce the risk of all communications paths being affected by the same incident. CP-8(3) SC-47
CM0032 On-board Intrusion Detection & Prevention Utilize on-board intrusion detection/prevention system that monitors the mission critical components or systems and audit/logs actions. The IDS/IPS should have the capability to respond to threats (initial access, execution, persistence, evasion, exfiltration, etc.) and it should address signature-based attacks along with dynamic never-before seen attacks using machine learning/adaptive technologies. The IDS/IPS must integrate with traditional fault management to provide a wholistic approach to faults on-board the spacecraft. Spacecraft should select and execute safe countermeasures against cyber-attacks.  These countermeasures are a ready supply of options to triage against the specific types of attack and mission priorities. Minimally, the response should ensure vehicle safety and continued operations. Ideally, the goal is to trap the threat, convince the threat that it is successful, and trace and track the attacker — with or without ground support. This would support successful attribution and evolving countermeasures to mitigate the threat in the future. “Safe countermeasures” are those that are compatible with the system’s fault management system to avoid unintended effects or fratricide on the system. AU-14 AU-2 AU-3 AU-3(1) AU-4 AU-4(1) AU-5 AU-5(2) AU-5(5) AU-6(1) AU-6(4) AU-8 AU-9 AU-9(2) AU-9(3) CA-7(6) CM-11(3) CP-10 CP-10(4) IR-4 IR-4(11) IR-4(12) IR-4(14) IR-4(5) IR-5 IR-5(1) RA-10 RA-3(4) SA-8(21) SA-8(22) SA-8(23) SC-16(2) SC-32(1) SC-5 SC-5(3) SC-7(10) SC-7(9) SI-10(6) SI-16 SI-17 SI-3 SI-3(8) SI-4 SI-4(1) SI-4(10) SI-4(11) SI-4(13) SI-4(16) SI-4(17) SI-4(2) SI-4(23) SI-4(24) SI-4(25) SI-4(4) SI-4(5) SI-6 SI-7(17) SI-7(8)
CM0042 Robust Fault Management Ensure fault management system cannot be used against the spacecraft. Examples include: safe mode with crypto bypass, orbit correction maneuvers, affecting integrity of telemetry to cause action from ground, or some sort of proximity operation to cause spacecraft to go into safe mode. Understanding the safing procedures and ensuring they do not put the spacecraft in a more vulnerable state is key to building a resilient spacecraft. CP-4(5) SA-8(24) SC-16(2) SC-24 SC-5 SI-13 SI-17
CM0044 Cyber-safe Mode Provide the capability to enter the spacecraft into a configuration-controlled and integrity-protected state representing a known, operational cyber-safe state (e.g., cyber-safe mode). Spacecraft should enter a cyber-safe mode when conditions that threaten the platform are detected.   Cyber-safe mode is an operating mode of a spacecraft during which all nonessential systems are shut down and the spacecraft is placed in a known good state using validated software and configuration settings. Within cyber-safe mode, authentication and encryption should still be enabled. The spacecraft should be capable of reconstituting firmware and software functions to pre-attack levels to allow for the recovery of functional capabilities. This can be performed by self-healing, or the healing can be aided from the ground. However, the spacecraft needs to have the capability to replan, based on equipment still available after a cyber-attack. The goal is for the spacecraft to resume full mission operations. If not possible, a reduced level of mission capability should be achieved. Cyber-safe mode software/configuration should be stored onboard the spacecraft in memory with hardware-based controls and should not be modifiable.                                                  CP-10 CP-10(4) CP-12 CP-2(5) IR-4 IR-4(12) IR-4(3) SA-8(21) SA-8(23) SA-8(24) SC-16(2) SC-24 SC-5 SI-11 SI-17 SI-7(17)
CM0068 Reinforcement Learning Institute a reinforcement learning agent that will detect anomalous events and redirect processes to proceed by ignoring malicious data/input. IR-5 IR-5(1) SI-4 SI-4(2)
CM0029 TRANSEC Utilize TRANSEC in order to prevent interception, disruption of reception, communications deception, and/or derivation of intelligence by analysis of transmission characteristics such as signal parameters or message externals. Note: TRANSEC is that field of COMSEC which deals with the security of communication transmissions, rather than that of the information being communicated. AC-18(5) CP-8 SC-40 SC-40(1) SC-40(3) SC-40(4) SC-5 SC-8(4)

References

  • https://breakingdefense.com/2022/04/spacex-beating-russian-jamming-attack-was-eyewatering-dod-official/#:~:text=After%20SpaceX%20sent%20Starlink%20terminals,for%20hours%20at%20a%20time.
  • https://www.businessinsider.com/elon-musk-spacex-russia-ramps-up-efforts-jam-starlink-ukraine-2022-5
  • Grau, Lester W. (2000). GPS Signals Jammed During Tank Trials. Retrieved on February 19, 2013, from http://www.c4i.org/gps-adams.html
  • Fritz, J.: Satellite Hacking: A Guide for the Perplexed. In: Culture Mandala: Bulletin of the Centre for East-West Cultural and Economic Studies, Vol. 10, No. 1, December 2012-May 2013, pp35-36
  • The Royal Academy of Engineering: Global NavigationSpace Systems:reliance and vulnerabilities Url: https://www.raeng.org.uk/publications/reports/global-navigation-space-systems. March 2011 Retrieved 08/07/2019
  • Waller J. M.: Iran and Cuba Zap U.S. Satellites In: Insight Magazine Url: http://jmichaelwaller.com/wp-content/uploads/2016/08/IM-Telstar-Aug2003.pdf August 2003 Retrieved 08/07/2019
  • BBC News: Libya jamming 'exposed vulnerability' Url: http://news.bbc.co.uk/1/hi/sci/tech/4602674.stm January 2006 Retrieved 08/07/2019
  • 2011 Report to Congress of the U.S.-CHINA Economic and Security Review Url: https://www.uscc.gov/sites/default/files/annual_reports/annual_report_full_11.pdf Retrieved 08/07/2019
  • Sonne, Paul and Fassihi, Farnaz. (2011). In Skies Over Iran, a Battle for Control of Satellite TV. Retrieved onFebruary 16, 2013, from http://online.wsj.com/article/SB10001424052970203501304577088380199787036.html?mod=djemITP_h
  • Space Security Index 2012. (2012). Retrieved on February 14, 2013, from http://swfound.org/media/93632/SSI_FullReport_2012.pdf
  • Atkinson, S.:Bahrain TV station struggles as signal blocked Url: https://www.bbc.co.uk/news/business-15699332 November 2011 Retrieved 08/07/2019
  • CBE New York: N.J. Man In A Jam, After Illegal GPS Device Interferes With Newark Liberty Operations Url: https://newyork.cbslocal.com/2013/08/09/n-j-man-in-a-jam-after-illegal-gps-device-interferes-with-newark-liberty-operations/ August 2013 Retrieved 09/07/2019
  • O’Carroll, L.: Al-Jazeera: jamming traced to sites near Egyptian military bases Url: https://www.theguardian.com/media/2013/sep/03/al-jazeera-jamming-traced-egyptian-military September 2013 Retrieved 09/07/2019
  • Arabsat.com: Arabsat is subject to Jamming and its Engineers succeed in locating its source Url: https://www.arabsat.com/NewsDetails.aspx?pageid=428&lang=2 May 2014 Retrieved 09/07/2019
  • Resilient Navigation and Timing Foundation: GPS Jammer Delays Flights in France Url: https://rntfnd.org/2017/09/15/gps-jammer-delays-flights-in-france/ September 2017 Retrieved 09/07/2019
  • Pavur, James: Exploring Radio Frequency Attacks in Outer Space Url:https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Dr.%20James%20Pavur%20-%20Space%20Jam%20Exploring%20Radio%20Frequency%20Attacks%20in%20Outer%20Space.pdf July 1 2022 Retrieved October 26 2022