Proximity Operations

Threat actors may leverage the lack of emission security or tempest controls to exfiltrate information using a visiting SV. This is similar to side-channel attacks but leveraging a visiting SV to measure the signals for decoding purposes.

ID: CM0003
Sub-techniques: 
Related Aerospace Threat IDs:  SV-AC-5 SV-AC-7 SV-CF-1 SV-CF-2
Related MITRE ATT&CK TTPs: 
Tactic:
Created: 2022/10/19
Last Modified: 2022/10/19

Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001
CM0002 COMSEC Utilizing secure communication protocols with strong cryptographic mechanisms to prevent unauthorized disclosure of, and detect changes to, information during transmission. Systems should also maintain the confidentiality and integrity of information during preparation for transmission and during reception. Spacecraft should not employ a mode of operations where cryptography on the TT&C link can be disabled (i.e., crypto-bypass mode). The cryptographic mechanisms should identify and reject wireless transmissions that are deliberate attempts to achieve imitative or manipulative communications deception based on signal parameters. AC-17(1) AC-17(10) AC-17(10) AC-17(2) AC-18(1) AC-2(11) AC-3(10) IA-4(9) IA-5 IA-5(7) IA-7 SA-8(18) SA-9(6) SC-10 SC-12 SC-12(1) SC-12(2) SC-12(3) SC-12(6) SC-13 SC-16(3) SC-28(1) SC-28(3) SC-7 SC-7(11) SC-7(18) SI-10 SI-10(3) SI-10(5) SI-10(6) SI-19(4) A.8.16 A.5.16 A.5.17 A.5.14 A.8.16 A.8.20 A.8.22 A.8.23 A.8.26 A.8.20 A.8.24 A.8.24 A.8.26 A.5.31 A.5.33 A.8.11
CM0003 TEMPEST The spacecraft should protect system components, associated data communications, and communication buses in accordance with TEMPEST controls to prevent side channel / proximity attacks. Encompass the spacecraft critical components with a casing/shielding so as to prevent access to the individual critical components. PE-19 PE-19(1) PE-21 A.7.5 A.7.8 A.8.12

References