Hardware Supply Chain, Technique IA-0001.03

Compromise Supply Chain: Hardware Supply Chain

Threat actors may manipulate hardware components in the victim spacecraft prior to the customer receiving them in order to achieve data or system compromise. The threat actor can insert backdoors and give them a high level of control over the system when they modify the hardware or firmware in the supply chain. This would include ASIC and FPGA devices as well. A spacecraft component can also be damaged if a specific HW component, built to fail after a specific period, or counterfeit with a low reliability, breaks out.

Other Subtechniques of Compromise Supply Chain ( 3 )

ID	Name
IA-0001.01	Software Dependencies & Development Tools
IA-0001.02	Software Supply Chain
IA-0001.03	Hardware Supply Chain

ID: IA-0001.03

Sub-technique of: IA-0001

Notional Risk (H | M | L): 24 | 21 | 17

ⓘ

Tactic: Initial Access

Created: 2022/10/19

Last Modified: 2024/02/29

Countermeasures

ID	Name	Description	NIST Rev5	D3FEND	ISO 27001
CM0009	Threat Intelligence Program	A threat intelligence program helps an organization generate their own threat intelligence information and track trends to inform defensive priorities and mitigate risk. Leverage all-source intelligence services or commercial satellite imagery to identify and track adversary infrastructure development/acquisition. Countermeasures for this attack fall outside the scope of the mission in the majority of cases.	PM-16 \| PM-16(1) \| RA-10 \| RA-3 \| RA-3(2) \| RA-3(3) \| SA-3 \| SA-8 \| SI-4(24) \| SR-8	D3-PH \| D3-AH \| D3-NM \| D3-NVA \| D3-SYSM \| D3-SYSVA \|	A.5.7 \| A.5.7 \| 6.1.2 \| 8.2 \| 9.3.2 \| A.8.8 \| A.5.7 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28
CM0022	Criticality Analysis	Conduct a criticality analysis to identify mission critical functions, critical components, and data flows and reduce the vulnerability of such functions and components through secure system design. Focus supply chain protection on the most critical components/functions. Leverage other countermeasures like segmentation and least privilege to protect the critical components.	CM-4 \| CP-2 \| CP-2(8) \| PL-7 \| PL-8 \| PL-8(1) \| PM-11 \| PM-17 \| PM-30 \| PM-30(1) \| PM-32 \| RA-3 \| RA-3(1) \| RA-9 \| SA-11 \| SA-11(3) \| SA-15(3) \| SA-2 \| SA-3 \| SA-4(5) \| SA-4(9) \| SA-8 \| SA-8(25) \| SA-8(3) \| SA-8(30) \| SC-32(1) \| SC-7(29) \| SR-1 \| SR-2 \| SR-2(1) \| SR-3 \| SR-3(2) \| SR-3(3) \| SR-5(1) \| SR-7	D3-AVE \| D3-OSM \| D3-IDA \| D3-SJA \| D3-AI \| D3-DI \| D3-SWI \| D3-NNI \| D3-HCI \| D3-NM \| D3-PLM \| D3-AM \| D3-SYSM \| D3-SVCDM \| D3-SYSDM \| D3-SYSVA \| D3-OAM \| D3-ORA \|	A.8.9 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.2 \| A.5.29 \| A.8.1 \| A.5.30 \| 8.1 \| A.5.8 \| A.5.8 \| 4.4 \| 6.2 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| 10.2 \| 6.1.2 \| 8.2 \| 9.3.2 \| A.8.8 \| A.5.22 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28 \| A.8.29 \| A.8.30 \| 5.2 \| 5.3 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.1 \| A.5.2 \| A.5.4 \| A.5.19 \| A.5.31 \| A.5.36 \| A.5.37 \| A.5.19 \| A.5.20 \| A.5.21 \| A.8.30 \| A.5.20 \| A.5.21 \| A.5.22
CM0024	Anti-counterfeit Hardware	Develop and implement anti-counterfeit policy and procedures designed to detect and prevent counterfeit components from entering the information system, including tamper resistance and protection against the introduction of malicious code or hardware.	AC-14 \| AC-20(5) \| CM-7(9) \| PL-8 \| PL-8(1) \| PM-30 \| PM-30(1) \| RA-3(1) \| SA-10(3) \| SA-10(4) \| SA-11 \| SA-3 \| SA-4(5) \| SA-8 \| SA-8(11) \| SA-8(13) \| SA-8(16) \| SA-9 \| SR-1 \| SR-10 \| SR-11 \| SR-11(3) \| SR-2 \| SR-2(1) \| SR-3 \| SR-4 \| SR-4(1) \| SR-4(2) \| SR-4(3) \| SR-4(4) \| SR-5 \| SR-5(2) \| SR-6(1) \| SR-9 \| SR-9(1)	D3-AI \| D3-SWI \| D3-HCI \| D3-FEMC \| D3-DLIC \| D3-FV \|	A.5.8 \| 4.4 \| 6.2 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| 10.2 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28 \| A.5.2 \| A.5.4 \| A.5.8 \| A.5.14 \| A.5.22 \| A.5.23 \| A.8.21 \| A.8.29 \| A.8.30 \| 5.2 \| 5.3 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.1 \| A.5.2 \| A.5.4 \| A.5.19 \| A.5.31 \| A.5.36 \| A.5.37 \| A.5.19 \| A.5.20 \| A.5.21 \| A.8.30 \| A.5.20 \| A.5.21 \| A.5.21 \| A.8.30 \| A.5.20 \| A.5.21 \| A.5.23 \| A.8.29
CM0025	Supplier Review	Conduct a supplier review prior to entering into a contractual agreement with a contractor (or sub-contractor) to acquire systems, system components, or system services.	PL-8 \| PL-8(1) \| PL-8(2) \| PM-30 \| PM-30(1) \| RA-3(1) \| SA-11 \| SA-11(3) \| SA-17 \| SA-2 \| SA-3 \| SA-8 \| SA-9 \| SR-11 \| SR-3(1) \| SR-3(3) \| SR-4 \| SR-4(1) \| SR-4(2) \| SR-4(3) \| SR-4(4) \| SR-5 \| SR-5(1) \| SR-5(2) \| SR-6	D3-OAM \| D3-ODM \|	A.5.8 \| 4.4 \| 6.2 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| 10.2 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28 \| A.5.2 \| A.5.4 \| A.5.8 \| A.5.14 \| A.5.22 \| A.5.23 \| A.8.21 \| A.8.29 \| A.8.30 \| A.8.25 \| A.8.27 \| A.5.21 \| A.8.30 \| A.5.20 \| A.5.21 \| A.5.23 \| A.8.29 \| A.5.22
CM0026	Original Component Manufacturer	Components/Software that cannot be procured from the original component manufacturer or their authorized franchised distribution network should be approved by the supply chain board or equivalent to prevent and detect counterfeit and fraudulent parts, materials, and software.	AC-20(5) \| PL-8 \| PL-8(1) \| PL-8(2) \| PM-30 \| PM-30(1) \| RA-3(1) \| SA-10(4) \| SA-11 \| SA-3 \| SA-8 \| SA-9 \| SR-1 \| SR-11 \| SR-2 \| SR-2(1) \| SR-3 \| SR-3(1) \| SR-3(3) \| SR-4 \| SR-4(1) \| SR-4(2) \| SR-4(3) \| SR-4(4) \| SR-5 \| SR-5(1) \| SR-5(2)	D3-OAM \| D3-ODM \| D3-AM \| D3-FV \| D3-SFV \|	A.5.8 \| 4.4 \| 6.2 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| 10.2 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28 \| A.5.2 \| A.5.4 \| A.5.8 \| A.5.14 \| A.5.22 \| A.5.23 \| A.8.21 \| A.8.29 \| A.8.30 \| 5.2 \| 5.3 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.1 \| A.5.2 \| A.5.4 \| A.5.19 \| A.5.31 \| A.5.36 \| A.5.37 \| A.5.19 \| A.5.20 \| A.5.21 \| A.8.30 \| A.5.20 \| A.5.21 \| A.5.21 \| A.8.30 \| A.5.20 \| A.5.21 \| A.5.23 \| A.8.29
CM0027	ASIC/FPGA Manufacturing	Application-Specific Integrated Circuit (ASIC) / Field Programmable Gate Arrays should be developed by accredited trusted foundries to limit potential hardware-based trojan injections.	AC-14 \| PL-8 \| PL-8(1) \| PL-8(2) \| PM-30 \| PM-30(1) \| RA-3(1) \| SA-10(3) \| SA-11 \| SA-3 \| SA-8 \| SA-8(11) \| SA-8(13) \| SA-8(16) \| SA-9 \| SI-3 \| SI-3(10) \| SR-1 \| SR-11 \| SR-2 \| SR-2(1) \| SR-3 \| SR-5 \| SR-5(2) \| SR-6(1)	D3-OAM \| D3-ODM \| D3-AM \| D3-FV \| D3-SFV \|	A.5.8 \| 4.4 \| 6.2 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| 10.2 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28 \| A.5.2 \| A.5.4 \| A.5.8 \| A.5.14 \| A.5.22 \| A.5.23 \| A.8.21 \| A.8.29 \| A.8.30 \| A.8.7 \| 5.2 \| 5.3 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.1 \| A.5.2 \| A.5.4 \| A.5.19 \| A.5.31 \| A.5.36 \| A.5.37 \| A.5.19 \| A.5.20 \| A.5.21 \| A.8.30 \| A.5.20 \| A.5.21 \| A.5.20 \| A.5.21 \| A.5.23 \| A.8.29
CM0028	Tamper Protection	Perform physical inspection of hardware to look for potential tampering. Leverage tamper proof protection where possible when shipping/receiving equipment. Anti-tamper mechanisms are also critical for protecting software from unauthorized alterations. Techniques for preventing software tampering include code obfuscation, integrity checks, runtime integrity monitoring (e.g. self-checking code, watchdog processes, etc.) and more.	AC-14 \| AC-25 \| CA-8(1) \| CA-8(3) \| CM-7(9) \| MA-7 \| PL-8 \| PL-8(1) \| PL-8(2) \| PM-30 \| PM-30(1) \| RA-3(1) \| SA-10(3) \| SA-10(4) \| SA-11 \| SA-3 \| SA-4(5) \| SA-4(9) \| SA-8 \| SA-8(11) \| SA-8(13) \| SA-8(16) \| SA-8(19) \| SA-8(31) \| SA-9 \| SC-51 \| SR-1 \| SR-10 \| SR-11 \| SR-11(3) \| SR-2 \| SR-2(1) \| SR-3 \| SR-4(3) \| SR-4(4) \| SR-5 \| SR-5(2) \| SR-6(1) \| SR-9 \| SR-9(1)	D3-PH \| D3-AH \| D3-RFS \| D3-FV \|	A.5.8 \| 4.4 \| 6.2 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| 10.2 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28 \| A.5.2 \| A.5.4 \| A.5.8 \| A.5.14 \| A.5.22 \| A.5.23 \| A.8.21 \| A.8.29 \| A.8.30 \| 5.2 \| 5.3 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.1 \| A.5.2 \| A.5.4 \| A.5.19 \| A.5.31 \| A.5.36 \| A.5.37 \| A.5.19 \| A.5.20 \| A.5.21 \| A.8.30 \| A.5.20 \| A.5.21 \| A.5.20 \| A.5.21 \| A.5.23 \| A.8.29
CM0018	Dynamic Testing	Employ dynamic analysis (e.g., using simulation, penetration testing, fuzzing, etc.) to identify software/firmware weaknesses and vulnerabilities in developed and incorporated code (open source, commercial, or third-party developed code). Testing should occur (1) on potential system elements before acceptance; (2) as a realistic simulation of known adversary tactics, techniques, procedures (TTPs), and tools; and (3) throughout the lifecycle on physical and logical systems, elements, and processes. FLATSATs as well as digital twins can be used to perform the dynamic analysis depending on the TTPs being executed. Digital twins via instruction set simulation (i.e., emulation) can provide robust environment for dynamic analysis and TTP execution.	CA-8 \| CA-8(1) \| CM-4(2) \| CP-4(5) \| RA-3 \| RA-5(11) \| RA-7 \| SA-11 \| SA-11(3) \| SA-11(5) \| SA-11(8) \| SA-11(9) \| SA-3 \| SA-8 \| SA-8(30) \| SC-2(2) \| SC-7(29) \| SI-3 \| SI-3(10) \| SI-7 \| SR-6(1)	D3-DA \| D3-FBA \| D3-PSA \| D3-PLA \| D3-PA \| D3-SEA \| D3-MBT \|	6.1.2 \| 8.2 \| 9.3.2 \| A.8.8 \| 6.1.3 \| 8.3 \| 10.2 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28 \| A.8.29 \| A.8.30 \| A.8.7

Indicators of Behavior

ID	Name	Description	STIX Pattern
SIUU-23	Detection of Unauthorized Hardware Debugging	Identifies unauthorized activation of hardware debugging features, which could facilitate backdoor access. This pattern checks if the hardware debugging mode is activated at an unexpected time (activation_time != 'expected_time'). It is useful for scenarios where debugging activity might occur outside of predefined operational windows, potentially signaling malicious activity or tampering.	[x-opencti-hardware-log:debug_mode = true AND x-opencti-hardware-log:activation_time != 'expected_time']

Priority 1	Priority 2	Priority 3	Priority 4
CWE-118: Incorrect Access of Indexable Resource ('Range Error')	CWE-311: Missing Encryption of Sensitive Data	CWE-1023: Incomplete Comparison with Missing Factors	CWE-114: Process Control
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer	CWE-345: Insufficient Verification of Data Authenticity	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	CWE-573: Improper Following of Specification by Caller
CWE-1263: Improper Physical Access Control	CWE-404: Improper Resource Shutdown or Release	CWE-269: Improper Privilege Management	CWE-668: Exposure of Resource to Wrong Sphere
CWE-1390: Weak Authentication	CWE-684: Incorrect Provision of Sensitive Information	CWE-400: Uncontrolled Resource Consumption	CWE-669: Incorrect Resource Transfer Between Spheres
CWE-172: Encoding Error	CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	CWE-671: Lack of Accounting for Security Implications in Design	CWE-913: Improper Control of Dynamically-Managed Code Resources
CWE-20: Improper Input Validation	CWE-912: Hidden Functionality		CWE-922: Insecure Storage of Sensitive Information
CWE-287: Improper Authentication
CWE-326: Inadequate Encryption Strength
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-330: Use of Insufficiently Random Values
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-506: Embedded Malicious Code
CWE-662: Improper Synchronization
CWE-665: Improper Initialization
CWE-667: Improper Locking
CWE-696: Incorrect Behavior Order
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Compromise Supply Chain: Hardware Supply Chain

Other Subtechniques of Compromise Supply Chain ( 3 )

Countermeasures

Related CWE Classes

Related Aerospace Threat ID

Related MITRE ATT&CK TTPs

Related ESA SPACE-SHIELD TTPs

Related MITRE EMB3D Threats

Indicators of Behavior

References