Alternate Communications Paths

Establish alternate communications paths to reduce the risk of all communications paths being affected by the same incident.

Best Segment for Countermeasure Deployment

  • Ground Segment

NIST Rev5 Controls

D3FEND

ISO 27001

ID: CM0070
D3FEND Artifacts: 
Created: 2022/10/19
Last Modified: 2022/10/19

Techniques Addressed by Countermeasure

here here here here here here here here here
ID Name Description
IA-0007 Compromise Ground Station Threat actors may initially compromise the ground station in order to access the target SV. Once compromised, the threat actor can perform a multitude of initial access techniques, including replay, compromising FSW deployment, compromising encryption keys, and compromising authentication schemes.
.02 Malicious Commanding via Valid GS Threat actors may compromise target owned ground systems components (e.g., front end processors, command and control software, etc.) that can be used for future campaigns or to perpetuate other techniques. These ground systems components have already been configured for communications to the victim SV. By compromising this infrastructure, threat actors can stage, launch, and execute an operation. Threat actors may utilize these systems for various tasks, including Execution and Exfiltration.
EX-0013 Flooding Threat actors use jamming and flooding attacks to disrupt communications by injecting unexpected noise or messages into a transmission channel. There are several types of attacks that are consistent with this method of exploitation, and they can produce various outcomes. Although, the most prominent of the impacts are denial of service or data corruption. Several elements of the space vehicle may be targeted by jamming and flooding attacks, and depending on the time of the attack, it can have devastating results to the availability of the system.
.02 Erroneous Data Threat actors inject noise into the target channel so that legitimate messages cannot be correctly processed due to data integrity impacts. Additionally, while this technique does not utilize valid commands, the target SV still must consume computing resources to process and discard the signal.
.01 Valid Commands Threat actors may utilize valid commanding as a mechanism for flooding as the processing of these valid commands could expend valuable resources like processing power and battery usage. Flooding the spacecraft bus, sub-systems or link layer with valid commands can create temporary denial of service conditions for the space vehicle while the SV is consumed with processing these valid commands.
DE-0002 Prevent Downlink Threat actors may target the downlink connections to prevent the victim SV from sending telemetry to the ground controllers. Telemetry is the only method in which ground controllers can monitor the health and stability of the SV while in orbit. By disabling this downlink, threat actors may be able to stop mitigations from taking place.
.01 Inhibit Ground System Functionality Threat actors may utilize ground-system presence to inhibit the ground system software's ability to process (or display) telemetry, effectively leaving ground controllers unaware of vehicle activity during this time. Telemetry is the only method in which ground controllers can monitor the health and stability of the SV while in orbit. By disabling this downlink, threat actors may be able to stop mitigations from taking place.
.02 Jam Link Signal Threat actors may overwhelm/jam the downlink signal to prevent transmitted telemetry signals from reaching their destination without severe modification/interference, effectively leaving ground controllers unaware of vehicle activity during this time. Telemetry is the only method in which ground controllers can monitor the health and stability of the SV while in orbit. By disabling this downlink, threat actors may be able to stop mitigations from taking place.
.03 Inhibit Spacecraft Functionality Threat actors may manipulate or shut down a target SV's on-board processes to inhibit the SV's ability to generate or transmit telemetry signals, effectively leaving ground controllers unaware of vehicle activity during this time. Telemetry is the only method in which ground controllers can monitor the health and stability of the SV while in orbit. By disabling this downlink, threat actors may be able to stop mitigations from taking place.

Space Threats Addressed by Countermeasure

ID Description

Low-Level Requirements

Requirement Rationale/Additional Guidance/Notes
The [spacecraft] shall have multiple uplink paths {SV-AV-1}{CP-8,CP-11,SA-8(18),SC-5,SC-47}
The [spacecraft] shall maintain the ability to establish communication with the spacecraft in the event of an anomaly to the primary receive path.{SV-AV-1,SV-IT-1}{CP-8,SA-8(18),SC-47} Receiver communication can be established after an anomaly with such capabilities as multiple receive apertures, redundant paths within receivers, redundant receivers, omni apertures, fallback default command modes, and lower bit rates for contingency commanding, as examples