Cause bit flip on memory via single event upsets
| Requirement | Rationale/Additional Guidance/Notes |
|---|---|
| The spacecraft shall use Error Detection and Correcting (EDAC) memory. {SV-IT-4} {SI-16} | |
| The spacecraft shall utilize an EDAC scheme to routinely check for bit errors in the stored data on board the spacecraft, correct the single-bit errors, and identify the memory addresses of data with uncorrectable multi-bit errors of at least order two, if not higher order in some cases. {SV-IT-4} {SI-16} | |
| The spacecraft shall integrate EDAC scheme with fault management and cyber-protection mechanisms to respond to the detection of uncorrectable multi-bit errors, other than time-delayed monitoring of EDAC telemetry by the mission operators on the ground. {SV-IT-4} {SI-16} | |
| The spacecraft's fault management solution shall utilize memory uncorrectable bit error detection information in a strategy to autonomously minimize the adverse effects of uncorrectable bit errors within the spacecraft. {SV-IT-4} {SI-16} | |
| The spacecraft's Interrupt Service Routine (ISR) shall have the ability to simultaneously update check-bits for [Program-defined] memory addresses. {SV-IT-4} {SI-16} |
| ID | Name | Description | |
|---|---|---|---|
| EX-0007 | Trigger Single Event Upset | Threat actors may utilize techniques to create a single-event upset (SEU) which is a change of state caused by one single ionizing particle (ions, electrons, photons...) striking a sensitive node in a SV (i.e., microprocessor, semiconductor memory, or power transistors). The state change is a result of the free charge created by ionization in or close to an important node of a logic element (e.g. memory "bit"). This can cause unstable conditions on the SV depending on which component experiences the SEU. SEU is a known phenomenon for SV due to high radiation in space, but threat actors may attempt to utilize items like microwaves to create a SEU. | |
| IMP-0001 | Deception (or Misdirection) | Threat actors may seek to deceive mission stakeholders (or even military decision makers) for a multitude of reasons. Telemetry values could be modified, attacks could be designed to intentionally mimic another threat actor's TTPs, and even allied ground infrastructure could be compromised and used as the source of communications to the SV. | |
| IMP-0005 | Destruction | Threat actors may destroy data, commands, subsystems, or attempt to destroy the victim SV itself. This behavior is different from Degradation, as the individual parts are destroyed rather than put in a position in which they would slowly degrade over time. | |
| ID | Name | Description | NIST Rev5 | D3FEND | ISO 27001 | |
|---|---|---|---|---|---|---|
| CM0000 | Countermeasure Not Identified | This technique is a result of utilizing TTPs to create an impact and the applicable countermeasures are associated with the TTPs leveraged to achieve the impact | None | None | ||