SV-CF-4
Adversary monitors for safe-mode indicators such that they know when satellite is in weakened state and then they launch attack
Informational References
-
CENTRA - Chinese Research into Cyber Vulnerabilities of Satellite Bus Standards
Lowest Threat Tier to
Create Threat Event: V
Notional Risk Rank Score:
High-Level Requirements
The spacecraft shall protect the confidentiality and integrity of all information at all times (i.e., transmission, preparation, storage, etc.).
Low-Level Requirements
Related SPARTA Techniques and Sub-Techniques
ID |
Name |
Description |
REC-0007 |
Monitor for Safe-Mode Indicators |
Threat actors may gather information regarding safe-mode indicators on the victim SV. Safe-mode is when all non-essential systems are shut down and only essential functions within the SV are active. During this mode, several commands are available to be processed that are not normally processed. Further, many protections may be disabled at this time. |
EX-0006 |
Disable/Bypass Encryption |
Threat actors may perform specific techniques in order to bypass or disable the encryption mechanism onboard the victim SV. By bypassing or disabling this particular mechanism, further tactics can be performed, such as Exfiltration, that may have not been possible with the internal encryption process in place. |
EX-0011 |
Exploit Reduced Protections During Safe-Mode |
Threat actors may take advantage of the victim SV being in safe mode and send malicious commands that may not otherwise be processed. Safe-mode is when all non-essential systems are shut down and only essential functions within the SV are active. During this mode, several commands are available to be processed that are not normally processed. Further, many protections may be disabled at this time. |
DE-0005 |
Exploit Reduced Protections During Safe-Mode |
Threat actors may take advantage of the victim SV being in safe mode and send malicious commands that may not otherwise be processed. Safe-mode is when all non-essential systems are shut down and only essential functions within the SV are active. During this mode, several commands are available to be processed that are not normally processed. Further, many protections (i.e. security features) may be disabled at this time which would ensure the threat actor achieves evasion. |
Related SPARTA Countermeasures
ID |
Name |
Description |
NIST Rev5 |
D3FEND |
ISO 27001 |