Command and Control consists of techniques that adversaries may use to communicate with systems under their control. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection .
| ID | Name | Description | |
| T2047 | Protocol Tunnelling |
Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems. Tunneling involves explicitly encapsulating a protocol within another. This behavior may conceal malicious traffic by blending in with existing traffic and/or provide an outer layer of encryption |
|
| T2019 | Telecommand a Spacecraft |
Command and Control consists of techniques that adversaries may use to communicate with systems under their control. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection . If the attacker has the system under its control, he can interact with it to command it |
|
| .004 | Telecommand within a spacecraft | From inside the spacecraft (after gaining access eg to a payload), an attacker can send telecommand to the on board computer. | |
| .005 | Replay attacks | An attacker can intercept a message (e.g with jamming) stored it , and then replayed it. | |
| .006 | Telecommand capabilties | An attacker can send command with a direct access after obtaining telecommand capabilities ( e.g by hijacking a ground station). | |
| T2048 | TT&C over ISL | If the attacker has already managed to issue Telcommands to a spacecraft, then, if Inter Satellite Links (ISL) are used, he can attempt to issue Telecommands to other spacecrafts over the ISLs. | |