Prevent Downlink: Jam Link Signal

Threat actors may overwhelm/jam the downlink signal to prevent transmitted telemetry signals from reaching their destination without severe modification/interference, effectively leaving ground controllers unaware of vehicle activity during this time. Telemetry is the only method in which ground controllers can monitor the health and stability of the SV while in orbit. By disabling this downlink, threat actors may be able to stop mitigations from taking place.

ID: CM0029
Sub-technique of:  DE-0002
Related Aerospace Threat IDs:  SV-AV-1
Related MITRE ATT&CK TTPs:  T1464
Tactic:
Created: 2022/10/19
Last Modified: 2022/10/28

Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001
CM0002 COMSEC Utilizing secure communication protocols with strong cryptographic mechanisms to prevent unauthorized disclosure of, and detect changes to, information during transmission. Systems should also maintain the confidentiality and integrity of information during preparation for transmission and during reception. Spacecraft should not employ a mode of operations where cryptography on the TT&C link can be disabled (i.e., crypto-bypass mode). The cryptographic mechanisms should identify and reject wireless transmissions that are deliberate attempts to achieve imitative or manipulative communications deception based on signal parameters. AC-17(1) AC-17(10) AC-17(10) AC-17(2) AC-18(1) AC-2(11) AC-3(10) IA-4(9) IA-5 IA-5(7) IA-7 SA-8(18) SA-9(6) SC-10 SC-12 SC-12(1) SC-12(2) SC-12(3) SC-12(6) SC-13 SC-16(3) SC-28(1) SC-28(3) SC-7 SC-7(11) SC-7(18) SI-10 SI-10(3) SI-10(5) SI-10(6) SI-19(4) A.8.16 A.5.16 A.5.17 A.5.14 A.8.16 A.8.20 A.8.22 A.8.23 A.8.26 A.8.20 A.8.24 A.8.24 A.8.26 A.5.31 A.5.33 A.8.11
CM0034 Monitor Critical Telemetry Points Monitor defined telemetry points for malicious activities (i.e., jamming attempts, commanding attempts (e.g., command modes, counters, etc.)). This would include valid/processed commands as well as commands that were rejected. Telemetry monitoring should synchronize with ground-based Defensive Cyber Operations (i.e., SIEM/auditing) to create a full space system situation awareness from a cybersecurity perspective. AC-17(1) AU-3(1) CA-7(6) IR-4(14) SC-7 A.8.16 A.5.14 A.8.16 A.8.20 A.8.22 A.8.23 A.8.26
CM0070 Alternate Communications Paths Establish alternate communications paths to reduce the risk of all communications paths being affected by the same incident. CP-8(3) SC-47
CM0029 TRANSEC Utilize TRANSEC to secure data transmissions from being infiltrated, exploited, or intercepted. AC-18(5) CP-8 SC-40 SC-40(1) SC-40(3) SC-40(4) SC-8(4) A.5.29 A.7.11

References