This is an European Space Agency Space instance of the MITRE ATT&CK Website.

MITIGATIONS

Accountability of actions

Anti-replay protection mechanisms

Application of Least Privilege principle

Authenticated encryption

Authentication combined with means to ensure the identity of the other party using certificates or pre-shared keys

Authentication mechanisms using approved cryptographic means

Bulk data link encryption

CCSDS Coding & Synchronization sublayer

CCSDS SDLS Sequence numbers

Credential Access Protection

Cryptographic DSSS sequence

Data integrity schemes

Defense-in-depth measures

Detection of abnormal behaviour at avionics bus / Prevention mechanisms

Detection techniques of exploitation attempts

Digital certificates

Digital signing of software components

Dynamic Routing

Encrypt Sensitive Information

Encryption of communications

End-to-End Security Measures for Space Systems

Establish processes, procedures, and security measures to protect cryptographic keys / key management

Filter Network Traffic

Frequency Hopping

Fuzzing / testing

High-power up-link

Implementation on Trusted Execution Environments for critical parts of procedures

Internal segregation and /or authentication

Log integrity protection

Multi-factor authentication

Network Intrusion Prevention

Network Segmentation

Non-repudiation mechanisms

On Board Authentication for executing critical commands

Opaque spacecraft design

Operating Systems partitioning

Overloading / flooding detection mechanisms

Partitioning/Separation

Patching to the latest available software version

Payload specific countermeasures

Physical and network protection of key management systems

Physical protection and isolation of root keys

Physical security

Platform protection

Proper Information Classification and Flow-Down Guidelines

Protect OTAR Key Management Service

Protect/isolate Key Mangement Facility

Recovery to a known good state

Remote attestation

Revoke keys and replace with new ones (including master keys, if needed)

Role Based Access Control

Secure Design and Implementation of Ground Segment for Space Systems

Secure PKI implementation

Secure Safe Mode

Separate authentication for critical commands

Software segregation / isolation

Source code review

Space Link Extension

Spread Spectrum

Strong authentication of Telecommands

Supply chain confidence

Supply chain protections

Supply from trustworthy sources only

Track debris and space vehicles

Usage of directive transmit antenna

Use keys of sufficient length

Vulnerability/malware scanning

Zero Trust Architecture

MITIGATIONS

A-C

Accountability of actions

Anti-replay protection mechanisms

Application of Least Privilege principle

Authenticated encryption

Authentication combined with means to ensure the identity of the other party using certificates or pre-shared keys

Authentication mechanisms using approved cryptographic means

Bulk data link encryption

CCSDS Coding & Synchronization sublayer

CCSDS SDLS Sequence numbers

Credential Access Protection

Cryptographic DSSS sequence

D-F

Data integrity schemes

Defense-in-depth measures

Detection of abnormal behaviour at avionics bus / Prevention mechanisms

Detection techniques of exploitation attempts

Digital certificates

Digital signing of software components

Dynamic Routing

Encrypt Sensitive Information

Encryption of communications

End-to-End Security Measures for Space Systems

Establish processes, procedures, and security measures to protect cryptographic keys / key management

Filter Network Traffic

Frequency Hopping

Fuzzing / testing

G-I

High-power up-link

Implementation on Trusted Execution Environments for critical parts of procedures

Internal segregation and /or authentication

J-L

Log integrity protection

M-O

Multi-factor authentication

Navigation Message Authentication (NMA)

Network Intrusion Prevention

Network Segmentation

Non-repudiation mechanisms

On Board Authentication for executing critical commands

Opaque spacecraft design

Operating Systems partitioning

Overloading / flooding detection mechanisms

P-R

Partitioning/Separation

Patching to the latest available software version

Payload specific countermeasures

Physical and network protection of key management systems

Physical protection and isolation of root keys

Physical security

Platform protection

Proper Information Classification and Flow-Down Guidelines

Protect OTAR Key Management Service

Protect/isolate Key Mangement Facility

Recovery to a known good state

Remote attestation

Revoke keys and replace with new ones (including master keys, if needed)

Role Based Access Control

S-U

Secure Design and Implementation of Ground Segment for Space Systems

Secure PKI implementation

Secure Safe Mode

Separate authentication for critical commands

Software segregation / isolation

Source code review

Space Link Extension

Spread Spectrum

Strong authentication of Telecommands

Supply chain confidence

Supply chain protections

Supply from trustworthy sources only

Track debris and space vehicles

Usage of directive transmit antenna

Use keys of sufficient length

V-X

Vulnerability/malware scanning

Y-Z

Zero Trust Architecture

Data integrity schemes

Use data integrity schemes to protect data from unauthorized modifications, or from unintentional corruptions due to noise or storage defects (hashing, check values, digital signatures). SDLS provides integrity protection on the transmitted data, with the computation of a MAC. ^[1]

ID: M2019

Version: 1.3

Created: 29 September 2022

Last Modified: 21 April 2023

Techniques Addressed by Mitigation

Domain	ID		Name	Use
	T2014		Backdoor Installation
	T2010		Modification of On Board Control Procedures modification
	T1195		Supply Chain Compromise

References

CCSDS. (2022, February). REPORT CONCERNING SECURITY THREATS AGAINST SPACE MISSIONS, CCSDS 350.1-G-3. Retrieved September 29, 2022.