CM0000

Not being able to recover from cyberattack


Informational References

  • TOR-2018-01164 - Space-Cyber Requirements for Future Systems
ID: CM0000
DiD Layer: IDS/IPS
CAPEC #:  30 | 69
NIST Rev5 Control Tag Mapping:  CP-2 | CP-2(5) | IR-4 | RA-3 | RA-3(3) | SA-8 | SA-8(23) | SA-8(24) | SC-16 | SC-16(2)
Lowest Threat Tier to
Create Threat Event:  
V
Notional Risk Rank Score: 

High-Level Requirements

The spacecraft shall recover to normal operations from a cyber-safe mode with executable fault management actions

Low-Level Requirements

Requirement Rationale/Additional Guidance/Notes
The [spacecraft] shall recover from cyber-safe mode to mission operations within 20 minutes.{SV-MA-5}{CP-2(3),CP-2(5),IR-4,SA-8(24)} Upon conclusion of addressing the threat, the system should be capable of recovering from the minimal survival mode back into a mission-ready state within defined timelines. The intent is to define the timelines and the capability to return back to mission operations.

Related SPARTA Techniques and Sub-Techniques

ID Name Description
IMP-0002 Disruption Threat actors may seek to disrupt communications from the victim SV to the ground controllers or other interested parties. By disrupting communications during critical times, there is the potential impact of data being lost or critical actions not being performed. This could cause the SV's purpose to be put into jeopardy depending on what communications were lost during the disruption. This behavior is different than Denial as this attack can also attempt to modify the data and messages as they are passed as a way to disrupt communications.
IMP-0003 Denial Threat actors may seek to deny ground controllers and other interested parties access to the victim SV. This would be done exhausting system resource, degrading subsystems, or blocking communications entirely. This behavior is different from Disruption as this seeks to deny communications entirely, rather than stop them for a length of time.
IMP-0004 Degradation Threat actors may target various subsystems or the hosted payload in such a way in order to rapidly increase it's degradation. This could potentially shorten the lifespan of the victim SV.

Related SPARTA Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001
CM0000 Countermeasure Not Identified This technique is a result of utilizing TTPs to create an impact and the applicable countermeasures are associated with the TTPs leveraged to achieve the impact None None