Active Scanning (RF/Optical), Technique CM0029

Eavesdropping: Active Scanning (RF/Optical)

Threat actors may interfere with the link by actively transmitting packets to activate the transmitter and induce a reply. The scan can be similar to a brute force attack, aiming to guess the used frequencies and protocols to obtain a reply.

Other Subtechniques of Eavesdropping ( 4 )

ID	Name
REC-0005.01	Uplink Intercept
REC-0005.02	Downlink Intercept
REC-0005.03	Proximity Operations
REC-0005.04	Active Scanning (RF/Optical)

ID: CM0029

Sub-technique of: REC-0005

Related Aerospace Threat IDs: SV-AC-7 | SV-CF-1 | SV-CF-2

Related MITRE ATT&CK TTPs: T1595

ⓘ

Tactic: Reconnaissance

Created: 2022/12/08

Last Modified: 2022/12/08

Countermeasures

ID	Name	Description	NIST Rev5	D3FEND	ISO 27001
CM0002	COMSEC	A component of cybersecurity to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. COMSEC includes cryptographic security, transmission security, emissions security, and physical security of COMSEC material. It is imperative to utilize secure communication protocols with strong cryptographic mechanisms to prevent unauthorized disclosure of, and detect changes to, information during transmission. Systems should also maintain the confidentiality and integrity of information during preparation for transmission and during reception. Spacecraft should not employ a mode of operations where cryptography on the TT&C link can be disabled (i.e., crypto-bypass mode). The cryptographic mechanisms should identify and reject wireless transmissions that are deliberate attempts to achieve imitative or manipulative communications deception based on signal parameters.	AC-17(1) \| AC-17(10) \| AC-17(10) \| AC-17(2) \| AC-18(1) \| AC-2(11) \| AC-3(10) \| IA-4(9) \| IA-5 \| IA-5(7) \| IA-7 \| SA-8(18) \| SA-9(6) \| SC-10 \| SC-12 \| SC-12(1) \| SC-12(2) \| SC-12(3) \| SC-12(6) \| SC-13 \| SC-13(1) \| SC-13(2) \| SC-16(3) \| SC-28(1) \| SC-28(3) \| SC-7 \| SC-7(10) \| SC-7(11) \| SC-7(18) \| SC-7(5) \| SI-10 \| SI-10(3) \| SI-10(5) \| SI-10(6) \| SI-19(4) \| SI-3(8)	None	A.8.16 \| A.5.16 \| A.5.17 \| A.5.14 \| A.8.16 \| A.8.20 \| A.8.22 \| A.8.23 \| A.8.26 \| A.8.12 \| A.8.20 \| A.8.24 \| A.8.24 \| A.8.26 \| A.5.31 \| A.5.33 \| A.8.11
CM0029	TRANSEC	Utilize TRANSEC in order to prevent interception, disruption of reception, communications deception, and/or derivation of intelligence by analysis of transmission characteristics such as signal parameters or message externals. Note: TRANSEC is that field of COMSEC which deals with the security of communication transmissions, rather than that of the information being communicated.	AC-18(5) \| CP-8 \| SC-40 \| SC-40(1) \| SC-40(3) \| SC-40(4) \| SC-5 \| SC-8(4)	None	A.5.29 \| A.7.11

References

Derived from ESA Adversaries Tactics and Techniques for Space (ATT4s) T2001
https://attack.mitre.org/techniques/T1595/