SPARTA: CYBER SECURITY FOR SPACE MISSIONS
SPARTA v1.3 and v1.3.1 — What’s New
The SPARTA framework offers space professionals a taxonomy of potential cyber threats to spacecraft and space missions. v1.3 delivers significant updates.
Authors: Brandon Bailey, Brad Roeher; Updated on May 9, 2023, with v1.3.1
A Brief History of SPARTA Releases:
- SPARTA version 1.0 was released on October 19th, 2022, during the Value of Space Summit hosted by the Space Information Sharing and Analysis Center (ISAC).
- On October 28th, 2022, v1.1 was released containing a few User Interface (UI) enhancements but mostly updated reference material within many of the techniques/sub-techniques.
- On December 8th, 2022, v1.2 was released and contained several noteworthy updates.
- The SPARTA update page tracks information about updates to SPARTA but this post will provide a detailed look at “what’s new” in SPARTA v1.3 and SPARTA v1.3.1.
Read more about SPARTA and SPARTA Updates on the Aero TechBlog.
Update #1: General Information Page
As SPARTA usage expands, papers/presentations/etc. will be published. To aggregate relevant information, a General Information page was created to maintain a centralized list of resources. There are already a handful of links to articles, blogs, podcasts, and presentations posted.
In v1.3, a new presentation from CySat 2023 has been posted under the presentations banner. Additionally, there now is an area on the Aero TechBlog for Space Cyber for SPARTA posts. Since the v1.2 release of SPARTA, SPARTA Countermeasures has been added.
Update #2: SPARTA Navigator
Similar to the ATT&CK Navigator, SPARTA now offers a navigator feature, a web-based tool for creating SPARTA attack chains or highlighting TTPs. It can visualize countermeasure coverage, red/blue team planning, and more. Users can create their own layers in JSON and load them at a later time to visualize attack chains, coverage maps, etc.
The most important feature of the SPARTA Navigator is the ability to export information into Excel. Users can select TTPs and export a custom dataset for attack chains, including countermeasure(s), associated TTPs/threats, and even NIST 800–53 rev5 control mappings. An example of this can be seen in the 2023 CySat presentation shown below, where four different attack chains are combined into a single layer to enable the exportation of a countermeasure baseline of controls.
Update #3: SPARTA Matrix Updates
The SPARTA team was focused primarily on capturing as many cyber-specific TTPs as possible for the initial launch of the tool. However, cyber is not explicitly called out within the name “Space Attack Research & Tactic Analysis.” It was always expected the knowledge base would expand to include TTPs related to more traditional attacks against spacecraft.
With v1.3, the SPARTA team reviewed much of the publicly available literature on traditional counterspace and electronic warfare TTPs, as well as the known counterspace capabilities of various nation-states. This is by no means a comprehensive catalog of the information but the SPARTA Team hopes it will spark additional content submissions from the community.
The initial analysis culminated in 23 new techniques and sub-techniques being added to SPARTA:
- Resource Development: RD-0001.04 — Acquire Infrastructure > Launch Facility
- Resource Development: RD-0005 — Obtain Non-Cyber Capabilities
- Resource Development: RD-0005.01 — Obtain Non-Cyber Capabilities > Launch Services
- Resource Development: RD-0005.02 — Obtain Non-Cyber Capabilities > Non-Kinetic Physical ASAT
- Resource Development: RD-0005.03 — Obtain Non-Cyber Capabilities > Kinetic Physical ASAT
- Resource Development: RD-0005.04 — Obtain Non-Cyber Capabilities > Electronic ASAT
- Initial Access: IA-0008.03 — Rogue External Entity > ASAT/Counterspace Weapon
- Execution: EX-0014.05 — Spoofing > Ballistic Missile Spoof
- Execution: EX-0016 — Jamming
- Execution: EX-0016.01 — Jamming > Uplink Jamming
- Execution: EX-0016.02 — Jamming > Downlink Jamming
- Execution: EX-0016.03 — Jamming > Position, Navigation, and Timing (PNT)
- Execution: EX-0017 — Kinetic Physical Attack
- Execution: EX-0017.01 — Kinetic Physical Attack > Direct Ascent ASAT
- Execution: EX-0017.02 — Kinetic Physical Attack > Co-Orbital ASAT
- Execution: EX-0018 — Non-Kinetic Physical Attack
- Execution: EX-0018.01 — Non-Kinetic Physical Attack > Electromagnetic Pulse (EMP)
- Execution: EX-0018.02 — Non-Kinetic Physical Attack > High-Powered Laser
- Execution: EX-0018.03 — Non-Kinetic Physical Attack > High-Powered Microwave
- Defense Evasion: DE-0009 — Camouflage, Concealment, and Decoys (CCD)
- Defense Evasion: DE-0009.01 — Camouflage, Concealment, and Decoys (CCD) > Debris Field
- Defense Evasion: DE-0009.02 — Camouflage, Concealment, and Decoys (CCD) > Space Weather
- Defense Evasion: DE-0009.03 — Camouflage, Concealment, and Decoys (CCD) > Trigger Premature Intercept
In addition to the above, SPARTA v1.3 brings in 11 new cyber-specific techniques and sub-techniques:
- Reconnaissance: REC-0003.04 — Gather Spacecraft Communications Information > Valid Credentials
- Execution: EX-0010.01 — Malicious Code > Ransomware
- Execution: EX-0010.02 — Malicious Code > Wiper Malware
- Execution: EX-0010.03 — Malicious Code > Rootkit
- Execution: EX-0010.04 — Malicious Code > Bootkit
- Persistence: PER-0005 — Valid Credentials
- Defense Evasion: DE-0010 — Overflow Audit Log
- Defense Evasion: DE-0011 — Valid Credentials
- Lateral Movement: LM-0006 — Launch Vehicle Interface
- Lateral Movement: LM-0006.01 — Launch Vehicle Interface > Rideshare Payload
- Lateral Movement: LM-0007 — Valid Credentials
In total, 44 new TTPs were added in v1.3. Certain technique titles and/or descriptions were also updated in cases where the SPARTA team felt the language could be improved.
In addition to the semantic updates, the SPARTA team spent substantial time reviewing NIST 800–53 rev5 to ensure proper mapping of countermeasures to NIST controls. This resulted in several new mappings to countermeasures, and this work will continue to evolve as the space community attempts to translate NIST controls to the space domain.
It is good practice to cross-check NIST mappings with each SPARTA release as mappings will continue to be updated.
Update #4: Countermeasures
Fourteen new countermeasures (CMs) address the broad nature of the capabilities captured in the new counterspace TTPs:
- CM0074: Distributed Constellations
- CM0075: Proliferated Constellations
- CM0076: Diversified Architectures
- CM0077: Space Domain Awareness
- CM0078: Space-Based Radio Frequency Mapping
- CM0079: Maneuverability
- CM0080: Stealth Technology
- CM0081: Defensive Jamming and Spoofing
- CM0082: Deception and Decoys
- CM0083: Antenna Nulling and Adaptive Filtering
- CM0084: Physical Seizure
- CM0085: Electromagnetic Shielding
- CM0086: Filtering and Shuttering
- CM0087 : Defensive Dazzling/Blinding
No additional CMs were created to address the new cyber-specific techniques and sub-techniques. They were adequately addressed by existing CMs and the associated mappings are reflected.
Update #5: SPARTA Countermeasure Mapper
Building upon the SPARTA Navigator feature, the SPARTA team developed a Countermeasure Mapper GUI and an update to the GUI in v.1.3.1. This tool enables users to select countermeasure(s) using the Defense-in-Depth view and visually determine their coverage of SPARTA techniques/sub-techniques.
This feature is particularly useful when chaining together countermeasures to build a security architecture for the spacecraft. Before selecting any countermeasures, all the techniques/sub-techniques will appear in red. As the user selects a countermeasure, the colors will change based on the number of countermeasures implemented to address the TTP. Green/Yellow/Orange indicates some level of coverage; Red indicates no coverage of the TTP.
When done selecting countermeasures, the user can export the TTP graphic. More importantly, the user can export the data to Excel. The exported Excel workbook will report the selected countermeasures, the TTPs covered as well as the gaps in TTP coverage in respective tabs of the workbook. From a security engineering perspective, this will ensure system designers can better understand where the gaps and potential risk resides.
Update #6: Exporting Requirements / Shall Statements
The Excel export features within SPARTA have been updated to include associated requirements language (i.e., shall statements) tied to SPARTA Countermeasures and NIST 800–53 rev5 controls. Exporting requirement language from the navigator feature, countermeasure mapper, and working with SPARTA page are all supported by SPARTA 1.3.1 updates.
Update #7: ESA’s SPACE-SHIELD Mapping
In the same vein as SPARTA, the European Space Agency (ESA) has launched SPACE-SHIELD, Space Attacks and Countermeasures Engineering Shield. According to ESA: SPACE-SHIELD is an ATT&CK®-like knowledge base framework for Space Systems. It is a collection of adversary tactics and techniques, and a tool applicable in the Space environment to strengthen security. It is composed of threats relevant to Space systems, leveraging available and related literature. The matrix is tailored to the Space Segment and communication links, and it does not address specific types of mission, maintaining a broad and general point of view.
In v1.3.1, the SPARTA team performed an analysis of all SPACE-SHIELD TTPs, creating a mapping between the two matrices. For each TTP within SPARTA, there is now a Related ESA SPACE-SHIELD TTPs listing.
This new mapping to SPACE-SHIELD gives SPARTA users additional context about SPARTA at the TTP level. As of the initial release of SPACE-SHIELD, all TTPs have a current mapping to SPARTA TTPs. Our analysis confirmed SPARTA did not have any TTPs gaps compared to the SPACE-SHIELD matrix. This was a valuable but not surprising confirmation exercise as personnel from ESA have contributed to SPARTA TTP development and peer review. As ESA expands SPACE-SHIELD, SPARTA will continually perform analysis and update mappings with SPARTA as appropriate.
Comments? Please visit the contribute page or email sparta@aero.org.
New to SPARTA on Medium? Catch up on the Aerospace TechBlog.
