SPARTA: CYBER SECURITY FOR SPACE MISSIONS
SPARTA v1.4 — What’s New?
The SPARTA framework offers space professionals a taxonomy of potential cyber threats to spacecraft and space missions. v1.4 delivers significant updates.
Authors: Brandon Bailey, Brad Roeher, Randi Tinney; August 2023
Update #1: TTP Notional Risk Scores
This update builds on previous work published in Aerospace Report TOR-2021–01333-REV A which details a generic threat model and risk assessment approach that considers a high-level view of adversary capabilities and ranks them into tiers.
Given the difficulty of establishing the likelihood of an attack due to the uniqueness of every mission and system implementation, this generic tiered adversary system is leveraged to illustrate adversary capability which contributes to the likelihood that an actor can execute certain SPARTA TTPs.
Combined with analysis from Aerospace subject matter experts on the TTPs potential impact, this results in a NOTIONAL risk determination which can be represented in a standard 5x5 risk matrix.
Three notional risk values are now provided for TTPs, sorted by system/mission criticality as follows:
- HIGH Criticality System (critical infrastructure, military, intelligence, or similar)
- MEDIUM Criticality System (civil, science/weather, commercial, or similar)
- LOW Criticality System (academic, research, or similar)
Ranging from 1–25, each of these three distinct values can be placed on the risk cube 5x5.
A combined table and tool are provided under the Tools menu via Notional Risk Scores. This table is sortable and searchable.
As with all SPARTA content, this process and the notional scores are expected to evolve over time. There are plans to implement future functionality to allow more tailoring within the tool to better reflect system/mission-specific parameters. For the time being, it is up to SPARTA users to consider additional tailoring that should take place so that these notional scores are adjusted to reflect their own unique mission.
Example tailoring considerations the notional values do not reflect:
- specific architectures/technologies
- existence of specific sub-systems/functions
- mission objectives and the components critical to their success
- mission importance of confidentiality, integrity, and availability of data
- mission-specific threat intelligence, including geo-political developments or future plans that might increase the likelihood of adversarial action
Update #2: ISO 27001 Mapping
ISO/IEC 27001 is an international standard to manage information security. The standard details requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
Many organizations/corporations across the world leverage ISO 27001 to certify their systems are considered secure and are following best practices. In some circumstances, ISO 27001 is applied beyond terrestrial system elements to include elements within the space segment as well.
Therefore, to help bridge the gap between SPARTA countermeasures and ISO 27001 a mapping has been performed. This mapping was performed using NIST’s published mapping between NIST 800–53 rev5 and ISO 270001.
According to NIST, “the mapping of SP 800–53 Revision 5 controls to ISO/IEC 27001:2022 requirements and controls reflects whether the implementation of a security control from Special Publication 800–53 satisfies the intent of the mapped security requirement or control from ISO/IEC 27001 and conversely, whether the implementation of a security requirement or security control from ISO/IEC 27001 satisfies the intent of the mapped control from Special Publication 800–53.”
There could be gaps or mistakes within the NIST to ISO mappings as this is the as-provided mapping from NIST and the space system context was not considered in this initial mapping. Improvements will be made in future releases of SPARTA and driven by community feedback.
The intent of mapping SPARTA countermeasures to standards like NIST SP 800–53 and ISO 27001 is to provide SPARTA users with an additional perspective of the security principle as well as how the SPARTA countermeasure aligns with compliance/regulatory/best practices published by such standards bodies. The ISO relationships will also be exportable to Excel.
Update #3: D3FEND Technique and Artifact Mappings
MITRE published Detection, Denial, and Disruption Framework Empowering Network Defense (D3FEND) in 2021 and defines D3FEND as a “knowledge graph of cybersecurity countermeasure techniques.” Like SPARTA, D3FEND discusses cyber countermeasures which are actions that need to be taken to increase cyber defense. D3FEND’s goal is not to prescribe the exact implementation for a countermeasure, but rather, to provide a lexicon and framework for defensive techniques. Similar to other frameworks (i.e., ATT&CK, SPARTA, etc.), the D3FEND Matrix contains a definition of the countermeasure, how it works, considerations when using the countermeasure, and information about relevant types of digital artifacts.
D3FEND provides its own reference that depicts which countermeasures will help mitigate against various ATT&CK elements. Similarly, SPARTA wanted to provide a translation/mapping of D3FEND techniques and artifacts to the relevant SPARTA countermeasures. This should enable users of SPARTA to bridge the gap between countermeasures/courses of actions (COAs). Currently, SPARTA’s countermeasures provide varying levels of abstraction on details. Mapping SPARTA countermeasures to NIST 800–53, ISO 27001, and now D3FEND gives SPARTA users additional context and data to improve cyber defenses on space systems. Below are screenshot snippets of the D3FEND integration which can be reached within the Countermeasure menu via Tactics, Techniques, and Artifacts. D3FEND mappings will show up in various tables similar to where NIST controls have been displayed in previous versions of SPARTA.
Each D3FEND technique within SPARTA will contain some of the same information as the D3FEND website but it will also bring in the SPARTA countermeasures and SPARTA TTPs that are applicable. The D3FEND relationships will also be exportable to Excel.
Update #4: Additional References
In SPARTA version 1.3.2, over 20 TTP references were updated using CyberInflight’s Market Intelligence Team’s space attack database. In version 1.4, the integration of their data has been fully completed. Due to this integration, approximately 50 attacks were added to the appropriate techniques/sub-techniques under the reference section for each TTP. Roughly 60% of the attacks from CyberInflight’s space attack database fall within the Reconnaissance and Resource Development tactics, which is a precursor to almost all attacks. This reinforces how important the Protect Sensitive Information countermeasure is because threat actors are actively extracting sensitive design information. In some cases, threat actors’ objectives are simply Exfiltration or Theft, and these attacks could be achieving their objective simply by stealing the information.
Update #5: DEF CON 31 SPARTA Presentation
Under the General Information page, a new presentation has been posted titled: DEF CON 31: Building Space Attack Chains using SPARTA. This presentation demonstrates best practices for extracting TTPs from reports and building various attack chains using SPARTA. SPARTA can be used to build attack chains to drive baseline countermeasures and security controls for the spacecraft. Six hacks against spacecraft are presented and then combined into SPARTA’s navigator feature to demonstrate how a security engineer could better determine protections needed within their space system.
Comments? Please visit the contribute page or email sparta@aero.org.
New to SPARTA on Medium? Catch up on the Aerospace TechBlog.
