SPARTA: CYBER SECURITY FOR SPACE MISSIONS

What’s New in SPARTA v1.2? The Cyber Security Framework for Space Missions

SPARTA, released in October 2022, provides space professionals with a taxonomy of potential cyber threats to spacecraft and space missions. v1.2 delivers some significant updates.

The Aerospace Corporation
Aerospace TechBlog

--

Authors: Brandon Bailey, Brad Roeher

SPARTA version 1.0 was released on October 19th, 2022 during the Value of Space Summit hosted by the Space Information Sharing and Analysis Center (ISAC). Subsequently, on October 28th, 2022, v1.1 was released containing some User Interface (UI) enhancements and a significant amount of updated reference material within many of the techniques/sub-techniques.

On December 8th, 2022 version 1.2 was released with several noteworthy updates. The SPARTA update page tracks these by version — this article is a supplement to provide a more detailed look at what’s new in SPARTA v1.2.

Update #1: General Information Page

As SPARTA usage expands, papers, presentations, and other materials will be published and aggregated on the General Information page to maintain a centralized list of resources for users. Currently, there are links to articles, blogs, podcasts, and presentations posted to provide additional insight about SPARTA.

General Information page, left; Working with SPARTA page, right.

Update #2: Content Export Features

SPARTA v1.2 contains export capabilities of the data within SPARTA.

Structured Threat Information Expression (STIX) is a serialization format and language used to exchange cyber threat intelligence (CTI). The standard is used to store, organize, and exchange cyber threat data in a systematic manner which creates an efficient method of sharing threat intelligence. STIX compatibility will allow for better sharing of information and enhance usability by generating a machine-digestible version of SPARTA content.

SPARTA data can be retrieved via STIX2.1 on the Working with SPARTA page. Additionally, SPARTA can be exported to Excel for ease of use and manipulation of data. All of the tactics, techniques, countermeasures, controls, and their cross-referenced mappings are exportable options within SPARTA.

Update #3: SPARTA Matrix Updates

A total of four new techniques and six new sub-techniques were added to SPARTA. Several of these are recommended additions from users of SPARTA based on experimentation being performed in their respective lab environments and conversations with communications and position, navigation, and timing subject matter experts:

  • Defense Evasion: DE-0007 — Rootkit
  • Defense Evasion: DE-0008 — Bootkit
  • Lateral Movement: LM-0005 — Virtualization Escape
  • Exfiltration: EXF-0006.02 — Modify Communications Configuration > Transponder
  • Execution: EX-0013.03 — Flooding > Position, Navigation, and Timing (PNT)
  • Execution: EX-0014.04 — Spoofing > Position, Navigation, and Timing (PNT)

The remaining updates were made after a review of the European Space Agency’s Adversaries Tactics and Techniques for Space (ATT4s):

  • Reconnaissance: REC-0003.03 — Gather Spacecraft Communications Information > Mission-Specific Channel Scanning
  • Reconnaissance: REC-0005.04 — Eavesdropping > Active Scanning (RF/Optical)
  • Reconnaissance: REC-0008.04 — Gather Supply Chain Information > Business Relationships
  • Exfiltration: EXF-0010 — Payload Communication Channel

ATT4s also influenced description updates to several existing techniques where the SPARTA team felt the language could be enhanced.

Update #4: Countermeasures

Three new countermeasures were created in response to reviewing the time-triggered ethernet vulnerability PCspooF. After reviewing the PCspooF paper, there were countermeasures identified that SPARTA did not cover adequately. These were added to SPARTA as they will likely mitigate more than just PCspooF.

Discussions with other space cybersecurity subject matter experts revealed that there could be design decisions made with the physical medium (i.e., copper vs fiber) and updates to communication protocols due to vulnerabilities being disclosed.

Additionally, the existing COMSEC countermeasure did not adequately address countermeasures to defeat adversary traffic flow analysis; the Traffic Flow Analysis Defense countermeasure was published to account for defenses like traffic padding to protect confidentiality.

In addition to the new countermeasures, mappings to the threat identifiers from Cybersecurity Protections for Spacecraft: A Threat Based Approach are now complete, providing a cross-reference to related work and ensuring alignment with previous Aerospace publications.

This mapping is the reason all the countermeasures show as “Modified Countermeasures” on the update page. This will enable ease of access for sample requirement language which was published under that report.

SPARTA was created to provide information to space professionals about how spacecraft and space missions may be compromised via cyber means. The framework defines and categorizes commonly identified activities that contribute to spacecraft compromises.

--

--