You can help contribute to SPACE-SHIELD.
SPACE-SHIELD is in a constant state of development. We are always on the lookout for new information to help refine and extend what is covered. If you have additional techniques, know about variations on one already covered, have examples of techniques in use, or have other relevant information, then we would like to hear from you.
We are looking for contributions in the following areas in particular, but if you have other information you think may be useful, please reach us at spaceshield@esa.int.
All contributions and feedback to SPACE-SHIELD are appreciated.
We appreciate your help to let us know about what new techniques and technique variations adversaries are using in the wild. You can start by emailing us the technique name, a brief description, and references or knowledge about how it is being used by adversaries. We suggest you take a close look at what we already have on our site, paying attention to the level of abstraction of techniques and sub-techniques. Since we are working on adding new technique details constantly, we will deconflict what you send with what we’re working on. We’ll provide feedback and work with you to get the content added.
We understand the importance of sharing effective mitigation strategies for dealing with the techniques and sub-techniques identified on our website. We encourage you to contribute by emailing us the name of the mitigation, a brief description, and any references or real-world applications of the mitigation. Please ensure the mitigation is aligned with the level of abstraction of techniques and sub-techniques on our site. Your contribution will help others in the community better defend against evolving threats.
It’s always helpful for us to hear about how you’re using SPACE-SHIELD in your organization. We appreciate any information you can share with us about your specific use case or application of SPACE-SHIELD, and particularly any success stories you’ve had as a result.
(Sub-)Technique Name: Record and replay TC/TM or mission specific packets.
Tactic: Initial Access.
Platform: Space-link communication.
Sub-techniques: This is a sub-technique of T2XXX, or this would have T2XXX as a sub-technique.
Description: An attacker can record and replay TC/TM packets to deceive the spacecraft or the ground station, causing an unexpected behavior or an erroneous evaluation of the spacecraft status. An attacker can gain access to the data exchanged in a payload channel or even spoof TC. Usually the TM replay doesn't cause an impact, unless timing information are transmitted.
Mitigation: CCSDS SDLS protocol incorporates anti-replay protection through the use of sequence numbers. Increased sequence numbers can also permit the detection of unauthorized messages sent to the Resource.
Additional References: Here is a reference from the researcher who discovered this technique: www[.]public[.]ccsds[.]org/Pubs/350x1g3[.]pdf
Mitigation Name: Cryptographic DSSS sequence
Description: Spread Spectrum is a system to spread the signal power over a large frequency band, hiding the signal itself and protecting it. Reconstructing the original signal needs the knowledge of the spreading sequence. The resulting signal is more difficult to find and intercept, to jam or to spoof. If the DSSS sequence is protected by a cryptographic sequence, a cryptographic key is needed to predict the spreading sequence's behavior.
Techniques Addressed by Mitigation: Active Scanning (RF/Optical), In orbit proximity intelligence, Passive Interception (RF/Optical)
Additional References: Here is a reference from the researcher who discovered this mitigation: www[.]public[.]ccsds[.]org/Pubs/350x1g3[.]pdf
If you find errors or typos on the site related to content, please let us know by sending an email to spaceshield@esa.int with the subject Website Content Error.
Please let us know the following:
Examples of errors:
Thanks to those who have contributed to SPACE-SHIELD!