SPARTA: CYBER SECURITY FOR SPACE MISSIONS
What’s New in SPARTA v1.2? The Cyber Security Framework for Space Missions
SPARTA, released in October 2022, provides space professionals with a taxonomy of potential cyber threats to spacecraft and space missions. v1.2 delivers some significant updates.
Authors: Brandon Bailey, Brad Roeher
SPARTA version 1.0 was released on October 19th, 2022 during the Value of Space Summit hosted by the Space Information Sharing and Analysis Center (ISAC). Subsequently, on October 28th, 2022, v1.1 was released containing some User Interface (UI) enhancements and a significant amount of updated reference material within many of the techniques/sub-techniques.
On December 8th, 2022 version 1.2 was released with several noteworthy updates. The SPARTA update page tracks these by version — this article is a supplement to provide a more detailed look at what’s new in SPARTA v1.2.
Update #1: General Information Page
As SPARTA usage expands, papers, presentations, and other materials will be published and aggregated on the General Information page to maintain a centralized list of resources for users. Currently, there are links to articles, blogs, podcasts, and presentations posted to provide additional insight about SPARTA.
Update #2: Content Export Features
SPARTA v1.2 contains export capabilities of the data within SPARTA.
Structured Threat Information Expression (STIX) is a serialization format and language used to exchange cyber threat intelligence (CTI). The standard is used to store, organize, and exchange cyber threat data in a systematic manner which creates an efficient method of sharing threat intelligence. STIX compatibility will allow for better sharing of information and enhance usability by generating a machine-digestible version of SPARTA content.
SPARTA data can be retrieved via STIX2.1 on the Working with SPARTA page. Additionally, SPARTA can be exported to Excel for ease of use and manipulation of data. All of the tactics, techniques, countermeasures, controls, and their cross-referenced mappings are exportable options within SPARTA.
Update #3: SPARTA Matrix Updates
A total of four new techniques and six new sub-techniques were added to SPARTA. Several of these are recommended additions from users of SPARTA based on experimentation being performed in their respective lab environments and conversations with communications and position, navigation, and timing subject matter experts:
- Defense Evasion: DE-0007 — Rootkit
- Defense Evasion: DE-0008 — Bootkit
- Lateral Movement: LM-0005 — Virtualization Escape
- Exfiltration: EXF-0006.02 — Modify Communications Configuration > Transponder
- Execution: EX-0013.03 — Flooding > Position, Navigation, and Timing (PNT)
- Execution: EX-0014.04 — Spoofing > Position, Navigation, and Timing (PNT)
The remaining updates were made after a review of the European Space Agency’s Adversaries Tactics and Techniques for Space (ATT4s):
- Reconnaissance: REC-0003.03 — Gather Spacecraft Communications Information > Mission-Specific Channel Scanning
- Reconnaissance: REC-0005.04 — Eavesdropping > Active Scanning (RF/Optical)
- Reconnaissance: REC-0008.04 — Gather Supply Chain Information > Business Relationships
- Exfiltration: EXF-0010 — Payload Communication Channel
ATT4s also influenced description updates to several existing techniques where the SPARTA team felt the language could be enhanced.
Update #4: Countermeasures
Three new countermeasures were created in response to reviewing the time-triggered ethernet vulnerability PCspooF. After reviewing the PCspooF paper, there were countermeasures identified that SPARTA did not cover adequately. These were added to SPARTA as they will likely mitigate more than just PCspooF.
Discussions with other space cybersecurity subject matter experts revealed that there could be design decisions made with the physical medium (i.e., copper vs fiber) and updates to communication protocols due to vulnerabilities being disclosed.
Additionally, the existing COMSEC countermeasure did not adequately address countermeasures to defeat adversary traffic flow analysis; the Traffic Flow Analysis Defense countermeasure was published to account for defenses like traffic padding to protect confidentiality.
- CM0071: Communication Physical Medium
- CM0072: Protocol Update / Refactoring
- CM0073: Traffic Flow Analysis Defense
In addition to the new countermeasures, mappings to the threat identifiers from Cybersecurity Protections for Spacecraft: A Threat Based Approach are now complete, providing a cross-reference to related work and ensuring alignment with previous Aerospace publications.
This mapping is the reason all the countermeasures show as “Modified Countermeasures” on the update page. This will enable ease of access for sample requirement language which was published under that report.
SPARTA was created to provide information to space professionals about how spacecraft and space missions may be compromised via cyber means. The framework defines and categorizes commonly identified activities that contribute to spacecraft compromises.