Eavesdropping

Threat actors may seek to capture network communications throughout the ground station and radio frequency (RF) communication used for uplink and downlink communications. RF communication frequencies vary between 30MHz and 60 GHz. Threat actors may capture RF communications using specialized hardware, such as software defined radio (SDR), handheld radio, or a computer with radio demodulator turned to the communication frequency. Network communications may be captured using packet capture software while the threat actor is on the target network.

ID: CM0029
Related Aerospace Threat IDs:  SV-AC-7 SV-CF-1 SV-CF-2
Related MITRE ATT&CK TTPs:  T1040 T0887
Tactic:
Created: 2022/10/19
Last Modified: 2022/10/28

Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001
CM0002 COMSEC Utilizing secure communication protocols with strong cryptographic mechanisms to prevent unauthorized disclosure of, and detect changes to, information during transmission. Systems should also maintain the confidentiality and integrity of information during preparation for transmission and during reception. Spacecraft should not employ a mode of operations where cryptography on the TT&C link can be disabled (i.e., crypto-bypass mode). The cryptographic mechanisms should identify and reject wireless transmissions that are deliberate attempts to achieve imitative or manipulative communications deception based on signal parameters. AC-17(1) AC-17(10) AC-17(10) AC-17(2) AC-18(1) AC-2(11) AC-3(10) IA-4(9) IA-5 IA-5(7) IA-7 SA-8(18) SA-9(6) SC-10 SC-12 SC-12(1) SC-12(2) SC-12(3) SC-12(6) SC-13 SC-16(3) SC-28(1) SC-28(3) SC-7 SC-7(11) SC-7(18) SI-10 SI-10(3) SI-10(5) SI-10(6) SI-19(4) A.8.16 A.5.16 A.5.17 A.5.14 A.8.16 A.8.20 A.8.22 A.8.23 A.8.26 A.8.20 A.8.24 A.8.24 A.8.26 A.5.31 A.5.33 A.8.11
CM0003 TEMPEST The spacecraft should protect system components, associated data communications, and communication buses in accordance with TEMPEST controls to prevent side channel / proximity attacks. Encompass the spacecraft critical components with a casing/shielding so as to prevent access to the individual critical components. PE-19 PE-19(1) PE-21 A.7.5 A.7.8 A.8.12
CM0036 Session Termination Terminate the connection associated with a communications session at the end of the session or after an acceptable amount of inactivity which is established via the concept of operations. AC-12 SC-10 SI-14(3) A.8.20
CM0029 TRANSEC Utilize TRANSEC to secure data transmissions from being infiltrated, exploited, or intercepted. AC-18(5) CP-8 SC-40 SC-40(1) SC-40(3) SC-40(4) SC-8(4) A.5.29 A.7.11

References

  • Sec and schneider:Iridium Hacking: please don't sue us In:Chaos Communication Camp 2015