1. Home
  2. Techniques
  3. Degradation

Degradation

Measures designed to permanently impair (either partially or totally) the use of a system. Threat actors may target various subsystems or the hosted payload in such a way to rapidly increase it's degradation. This could potentially shorten the lifespan of the victim spacecraft.

ID: IMP-0004
Sub-techniques: 
Related Aerospace Threat IDs:  SV-AV-1 SV-AV-2 SV-AV-3 SV-AV-4 SV-AV-5 SV-AV-6 SV-MA-2 SV-MA-3 SV-MA-5 SV-MA-7 SV-MA-8 SV-SP-1 SV-SP-3 SV-SP-4 SV-SP-5 SV-SP-9
Related MITRE ATT&CK TTPs: 
Tactic:
Created: 2022/10/19
Last Modified: 2023/07/18

Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001
CM0000 Countermeasure Not Identified This technique is a result of utilizing TTPs to create an impact and the applicable countermeasures are associated with the TTPs leveraged to achieve the impact None

Related CWE Classes

Priority 1 Priority 2 Priority 3 Priority 4
CWE-118: Incorrect Access of Indexable Resource ('Range Error') CWE-228: Improper Handling of Syntactically Invalid Structure CWE-1023: Incomplete Comparison with Missing Factors CWE-114: Process Control
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-311: Missing Encryption of Sensitive Data CWE-269: Improper Privilege Management CWE-642: External Control of Critical State Data
CWE-1263: Improper Physical Access Control CWE-345: Insufficient Verification of Data Authenticity CWE-400: Uncontrolled Resource Consumption CWE-669: Incorrect Resource Transfer Between Spheres
CWE-138: Improper Neutralization of Special Elements CWE-404: Improper Resource Shutdown or Release CWE-657: Violation of Secure Design Principles CWE-913: Improper Control of Dynamically-Managed Code Resources
CWE-1384: Insecure Default Variable Initialization CWE-684: Incorrect Provision of Sensitive Information CWE-671: Lack of Accounting for Security Implications in Design CWE-922: Insecure Storage of Sensitive Information
CWE-1391: Improperly Implemented Security Check for Standard CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-704: Incorrect Type Conversion or Cast
CWE-172: Encoding Error CWE-912: Hidden Functionality
CWE-20: Improper Input Validation
CWE-285: Improper Authorization
CWE-287: Improper Authentication
CWE-326: Inadequate Encryption Strength
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-330: Use of Insufficiently Random Values
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-506: Embedded Malicious Code
CWE-610: Externally Controlled Reference to a Resource in Another Sphere
CWE-662: Improper Synchronization
CWE-665: Improper Initialization
CWE-667: Improper Locking
CWE-696: Incorrect Behavior Order
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-834: Excessive Iteration

Indicators of Behavior

ID Name Description STIX Pattern