SPAce Domain Cybersecurity framework aka. SpaDoCs

By

-

10 July 2023

The space and cyber domains have developed in parallel over the past several decades. The two domains evolved separately and have employed different architectural frameworks to guide their evolution.

An example of this difference is the fact that space systems typically maintain distinct command and control networks that operate separately from mission data communications. Computer and cyber systems typically do not maintain separate networks. Establishing best practices for cyber protections and collaboration across space enterprises requires collaboration across the different architecture frameworks,
terminologies and even cultures.

The Space Domain Cyber Security (SPADOCS) framework has been introduced to bridge the space and cyber domains with the goal of enhancing collaboration and information sharing across mission, company, international and government boundaries.

The Space Domain Cybersecurity (SpaDoCs) Framework provides a comprehensive and systematic model for understanding and tackling cybersecurity in the space domain.

SpaDoCs Framework is a process framework to organize, understand and educate

What is SpaDoCs Framework ?

SpaDoCs Framework describes the big picture challenges of cybersecurity in the space domain.

The framework describes the space domain layer by layer starting from the enterprise layer, then drilling down through mission, system and DevSecOps layers.

Threats and vulnerabilities at each layer are highlighted, keeping in mind that Confidentiality, Integrity and Availability (aka CIA Triad) are the foundation and the key objectives of cybersecurity.

SpaDoCs Framework characterizes the various layers of the space domain and the elements that comprise them

SpaDoCs Framework describes the practical issues of developing and sustaining a secure cyber environment through all phases of the space mission lifecycle.

What can SpaDoCs Framework be used for ?

SpaDoCs Framework allows to identify cyber threats to and vulnerabilities of space missions and systems

SpaDoCs Framework allows to apply cybersecurity first principles to specific space domain threats and vulnerabilities

SpaDoCs Framework allows to associate specific cybersecurity enablers with various space domain threat or vulnerability scenarios

SpaDoCs Framework allows to analyze threats and vulnerabilities and their attack vectors for various space domain scenarios at each layer

SpaDoCs Framework allows cybersecurity professionals to formulate inputs and issues to a cybersecurity assessment plan for a given space domain scenario.

To go further

If you’re interested in cybersecurity applied to space domain or if you want to learn more about SpaDoCs Framework, I recommend the following training course. It is a comprehensive 3-day Space Domain Cybersecurity course organized around the SPAce Domain Cybersecurity (SpaDoCs) Framework.

You can find more informations about this course here or here.

Sources of the contents for this article

L’OSINT, le nouveau nerf de la guerre pour la cybersécurité et l’espace

By

François Quiquet

-

7 July 2023

1

Le 5 juin dernier avait lieu, dans le cadre des Lundi de l’IHEDN (Institut des hautes études de défense nationale), une conférence à l’École militaire (Paris 7e) sur le thème de l’OSINT = Le nouveau nerf de la guerre ?

Il y avait 3 connaisseurs de ce domaine qui en ont résumé les enjeux stratégiques sous la forme de 3 approches différentes :

L’OSINT pour le journalisme
L’OSINT dans le judiciaire pour les analyses criminelles et les investigations numériques (fraudes, #cybermenaces)
L’OSINT en géographie qu’on appelle aussi GEOINT (Geospatial intelligence).

Qu’est-ce que l’OSINT ?

OSINT signifie Open Source INTelligence, c’est à dire le renseignement en source ouverte. L’OSINT est une méthode de collecte et d’analyse de renseignements en utilisant des sources d’information accessibles au public. Il s’agit d’une approche qui consiste à recueillir des données à partir de sources telles que les médias sociaux, les sites web, les forums de discussion, les bases de données publiques, les rapports gouvernementaux, les articles de presse, etc.

L’objectif principal de l’OSINT est de rassembler des informations exploitables sur des sujets spécifiques, tels que des individus, des organisations, des événements ou des tendances, en utilisant des sources qui sont librement disponibles et accessibles à tous. Cette méthode permet d’obtenir des informations pertinentes pour divers domaines, tels que la sécurité, le renseignement, la défense, la lutte contre la criminalité, la veille concurrentielle, la gestion des risques, etc.

Les professionnels de l’OSINT utilisent souvent des techniques de collecte automatisée d’informations, telles que le web scraping (extraction de données à partir de sites web), l’analyse de données massives, la recherche avancée sur les moteurs de recherche, la surveillance des médias sociaux et d’autres outils spécialisés pour trouver, trier et analyser les informations pertinentes.

Il convient de souligner que l’OSINT se concentre uniquement sur des sources d’information publiques et légales, et ne viole pas les lois sur la confidentialité ou les droits d’auteur.

Il faut souligner que l’ère de l’internet de masse a notamment popularisé cette discipline qui est désormais accessible à tout un chacun.

Replay de la conférence OSINT = Le nouveau nerf de la guerre ?

Le résumé de la conférence sur “l’OSINT = Le nouveau nerf de la guerre ?” se trouve ici.

Le replay en vidéo se trouve ci-dessous

Au delà de l’OSINT

Il est important de noter que l’OSINT est souvent complété par d’autres méthodes de collecte de renseignements, telles que le renseignement humain (HUMINT), le renseignement signal (SIGINT) et le renseignement d’origine électromagnétique (ELINT), pour obtenir des informations plus complètes et précises.

On vient de parler de GEOINT (Geospatial intelligence), de SIGINT (Signals intelligence), de HUMINT (Human Intelligence), de ELINT (Electronic Entelligence).

Nous en profitons pour vous faire découvrir d’autres domaines de l’OSINT :

IMINT = Image Intelligence
COMINT = Communications Intelligence

L’OSINT et la cybersécurité

La cybersécurité est un autre domaine d’application de l’OSINT. En effet, l’OSINT permet d’enrichir sa stratégie de Cyber Threat Intelligence (CTI) comme l’explique cet article.

L’OSINT et le spatial

L’OSINT s’applique aussi au spatial avec ce qu’on appelle de façon informelle le Satellite-OSINT. A ce sujet, on peut vous recommander l’article sur le Space-Based Intelligence in Cybersecurity, abordé dans l’article ici ou ici.

Top 25 most dangerous software weaknesses than can affect satellites in 2023

By

François Quiquet

-

3 July 2023

0

Issues of vulnerabilities of space systems to cyber attacks has long been ignored for reasons common to industrial systems or SCADA (Supervisory Control And Data Acquisition) type.

Reality and experience show that today’s world is not the same as the old world. It’s now essential to consider the vulnerability of space systems to cyber attacks.

The latest generation of satellites, such as those from SpaceX, are looking to keep costs down, so most of them use Open Source software. This makes them just as vulnerable to cyber threats as any other piece of hardware.

In the age of globalisation, the supply chain is often internationalised. It’s difficult to control completely. The introduction of malicious components or software is not completely impossible for a motivated bad or adversary actor. For example, a backdoor could be introduced into the satellite’s components or software.

The ground stations with which satellites communicate are not all that isolated. The same applies to the command and control centres that pilot the satellites via the ground stations. Most of them need to communicate with the outside world, as they do with data centres, even if this is done via secure Internet links.

Access to the satellites may be physically impossible, but it’s still possible to gain access via their ground station or their command and control system. This is a potential gateway for a malicious actor.

Software is an inherent part of satellites, launchers and space systems. This is known as “on-board satellite software” or “software-defined satellite”.

Commercial players with an interest in cutting costs tend to ignore the cybersecurity of space systems by using Open Source software, reusing software code from other programmes, or even reusing old code.

Technically, the only way to avoid service interruptions is to ensure the technological redundancy of ground stations, electrical networks and hardware and software on board satellites. But poorly coded software, even if redundant, remains vulnerable.

With this in mind, we’ve decided to take an increasing interest in software. We take this opportunity to remind you that the MITRE has just released the Top 25 most dangerous software weaknesses for 2023.

The list is based on an analysis of public vulnerability data in the National Institute of Standards and Technology (NIST)’s National Vulnerability Data (NVD) for root cause mappings to CWE (Common Weaknesses Enumeration) for years 2021 and 2022.

A total of 43,996 CVE from the Known Exploited Vulnerabilities (KEV) database were examined and a score was attached to each of them based on prevalence and severity.

A the top, you have : Out-of-bounds Write, Cross-site Scripting, SQL Injection, Use After Free, OS Command Injection, Improper Input Validation, Out-of-bounds Read, Path Traversal, Cross-Site Request Forgery (CSRF), and Unrestricted Upload of File with Dangerous Type.

More info here : https://cwe.mitre.org/top25/

🌠🛰️ Space Cybersecurity Watch by CyberInflight, W25 – 2023

By

François Quiquet

-

26 June 2023

0

CyberInflight and Florent Rizzo released a new Space Cybersecurity Weekly Watch for Week 25 (June 13-19, 2023). The team consolidates a weekly watch with all the space cybersecurity news you shouldn’t miss

In this new Space Cybersecurity Watch, you will find Articles, company’s communications, whitepapers, academic works, podcast, and sources not to be missed on the topic of space cybersecurity over a specified timeframe.

The areas covered by this watch are : geopolitic, market & competition, threat intelligence, regulation, technology, training & education, important news.

Do not hesitate to register to their weekly watch service !

You can download this Space Cybersecurity Weekly Watch for W25 here.

Also, their Space Cybersecurity Market Intelligence Report, Edition 2023, is available with a set of databases gathering a list of space cybersecurity stakeholders, a list of cyberattacks on space systems, a list of contracts and so forth…

You can check a sample here.

🌠🛰️ Space Cybersecurity Watch by CyberInflight, W23 – 2023

By

François Quiquet

-

22 June 2023

0

CyberInflight and Florent Rizzo released a new 🌠🛰️ Space Cybersecurity Weekly Watch 🛰️🌠 for Week 23 (May 30 – June 5, 2023). The team consolidates a weekly watch with all the space cybersecurity news you shouldn’t miss 🎯

In this new Space Cybersecurity Watch, you will find Articles, company’s communications, whitepapers, academic works, podcast, and sources not to be missed on the topic of space cybersecurity over a specified timeframe.

The areas covered by this watch are : geopolitic, market & competition, threat intelligence, regulation, technology, training & education, important news.

📰 Do not hesitate to register to their weekly watch service !👍

You can download this second Space Cybersecurity Weekly Watch here.

⭐Also, their Space Cybersecurity Market Intelligence Report, Edition 2023, is available with a set of databases gathering a list of space cybersecurity stakeholders, a list of cyberattacks on space systems, a list of contracts and so forth…⭐

You can check a sample here.

Sample of the last Space Cybersecurity Market Intelligence 2023 Report from CyberInflight

By

François Quiquet

-

16 June 2023

1

CyberInflight and Florent Rizzo shared an excerpt of their last Space Cybersecurity Market Intelligence 2023 Report.

Here is what Florent said in French about this report :

“📢 Les systèmes spatiaux 🚀 constituent l’infrastructure critique de toutes les infrastructures critiques.

2022 a marqué une rupture dans le domaine de la cybersécurité spatiale🛰️, tant au niveau de la croissance des menaces que de l’émergence de nouveaux modes d’actions.

C’est au cœur de ce contexte en rapide évolution que CyberInflight se positionne. Acteur clé de l’intelligence économique dans le domaine de la cybersécurité appliquée à l’aérospatiale, CyberInflight accompagne les acteurs du secteur en leur fournissant les données essentielles à leurs activités que ce soit par de la production d’études d’intelligence économique ou au travers d’activités de conseil et de formation.

Le marché de la cybersécurité spatiale est particulièrement complexe à définir et à délimiter. CyberInflight fournit l’effort de répertorier ces acteurs, de les catégoriser et d’observer leur évolution. De fait, notre « Space Cybersecurity Market Intelligence Report » apporte une approche particulièrement complète sur le marché de la cybersécurité spatiale🛰️. Cette étude de plus de 150 pages se veut exhaustive et analytique en s’appuyant sur un ensemble de base de données.

👉Retrouvez ici la table des matières et l’extrait de notre rapport d’intelligence économique sur le marché de la cybersécurité spatiale ainsi que le teaser des différentes bases de données constituées par CyberInflight.”

👉En cas de question ou de demande d’information, n’hésitez pas à contacter à l’adresse suivante : research@cyberinflight.com“

Find below the executive summary of the report

“The ever-increasing demand for data and the growing dependency on space applications is pushing the need for processing more data on board and to send them to the ground. A new set of technologies is being developed allowing for higher performance, increased throughput and secure communications.

The improvement of existing technologies (RISC, ARM, FPGA), the creation or the adaption of new ones to space applications (lightweight cryptography, confidential computing,
containerization, quantum) the shift to new business models (such as GSaaS, and as-a-service models in general) are a set of new challenges to be overcome not only to meet the growing demand for space data but also to reliably secure these services in front of an expanding threat landscape.

Embedding more technologies within the spacecraft implies meeting current and future operational and environmental constraints. It requires additional performance, power, weight or size (the SWaP tradeoff).

The soar of COTS has pushed the use of technologies which are well-used within traditional IT applications such as containerization (virtualization, Kubernetes, Docker). Trust is implemented at different level from hardware (root-of-trust) to software (LWC or confidential computing). The ground segment is also sustaining significant transformation – becoming more and more cloud-oriented. Future technologies such as quantum or artificial intelligence or machine learning may be seen as disruptors when reaching a higher maturity level.

Cybersecurity technologies are evolving between current and future requirements mainly driven by the rapid evolution and growing interest for space by the cyberthreat landscape.”

Find below the excerpt of the last Space Cybersecurity Market Intelligence 2023 Report edited by Cyberinflight

This full excerpt of the report can be downloaded here

A quick comparaison of recently released Cybersecurity Frameworks for Space Sector

By

François Quiquet

-

14 June 2023

0

« The space sector is in need of frameworks and methodologies specific to our unique operating environment » said Gregory Falco (Aerospace Security & Space Technology Asst. Prof at Johns Hopkins, Cybersecurity PhD from MIT).

In this article, we will present some recently released cybersecurity frameworks for space domain :

SPARTA : The Aerospace Corporation’s Space Attack Research and Tactic Analysis
SPACE-SHIELD : The Space Attacks and Countermeasures Engineering Shield from ESA
TREKS : The Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles Cybersecurity Framework
SpaDoCs : The Space Domain Cybersecurity Framework
EMB3D : A Cybersecurity Threat Model dedicated for Embedded Devices.

The Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA)

Space Attack Research and Tactic Analysis (SPARTA) matrix

The Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA) framework was already in place. SPARTA is an ATT&CK® like knowledge-base framework but for for Space Missions.

SPARTA matrix is intended to provide unclassified information to space professionals about how spacecraft may be compromised due to adversarial actions across the attack lifecycle.

You can learn more about SPARTA in our article here.

The SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) from ESA

There was also the SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) from ESA. SPACE-SHIELD is an ATT&CK® like knowledge-base framework for Space Systems.

It is a collection of adversary tactics and techniques, and a security tool applicable in the Space environment to strengthen the security level. The matrix covers the Space Segment and communication links, and it does not address specific types of mission.

You can learn more about SPACE-SHIELD in our article here.

The Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles (TREKS) Cybersecurity Framework

TREKS (Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles) is a new Cybersecurity Framework that highlights the unique kill chain for the space vehicle.

It’s a Cybersecurity Framework released by Dr. Jacob Oakley after more than five years spent researching and working on space system cybersecurity.

You can learn more about TREKS in our article here.

SpaDoCs, the Space Domain Cybersecurity Framework

SpaDoCs, or the Space Domain Cybersecurity Framework, is a comprehensive and systematic model designed to address cybersecurity challenges in the space domain. Developed to bridge the gap between space and cyber domains, SpaDoCs aims to enhance collaboration and information sharing across mission, company, international, and government boundaries.

The framework provides a layered approach to understanding and tackling cybersecurity issues in space systems, starting from the enterprise layer and drilling down through mission, system, and DevSecOps layers. At each layer, SpaDoCs highlights specific threats and vulnerabilities, keeping the CIA triad (Confidentiality, Integrity, and Availability) as the foundation and key objectives of cybersecurity.

You can learn more about SpaDoCs in our article here.

EMB3D, the Cybersecurity Threat Model dedicated for Embedded Devices

EMB3D (Embedded Device Threat Model) is a comprehensive framework developed by MITRE Corporation to address cybersecurity challenges specific to embedded devices. Launched in May 2024, EMB3D serves as a central repository of information on cyber threats targeting embedded systems used in various industries, including critical infrastructure, IoT, automotive, healthcare, manufacturing and also space sector.

EMB3D aims to provide a common language and understanding of embedded device threats, facilitating better communication and collaboration among vendors, asset owners/operators, security researchers, and testing organizations. By offering a standardized approach to threat identification and mitigation, EMB3D supports the development of more secure embedded devices from the design phase onwards.

The framework’s dynamic nature ensures its relevance in the face of evolving cyber threats, making it a valuable tool for enhancing the security posture of embedded systems across various critical sectors like space.

You can learn more about EMB3D in our article here.

What about SPARTA vs. ATT&CK MITRE ?

The current cyber-security frameworks – MITRE’s ATT&CK and Microsoft’s Kubernetes – while representing the industry standard for analyzing attacks on terrestrial devices, however, do not sufficiently cover the space segment scenarios.

What about SPARTA vs. SPACE-SHIELD ?

SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) is an ATT&CK® like knowledge-base framework for Space Systems. It is a collection of adversary tactics and techniques, and a security tool applicable in the Space environment to strengthen the security level. The matrix covers the Space Segment and communication links, and it does not address specific types of mission. You can learn more about SPACE-SHIELD here.

What about TREKS vs. other frameworks

TREKS is intended to provide a bridge between the existing frameworks available to address, categorize, taxonomize and analyze cybersecurity compromises of traditional terrestrial based network architectures and the future of cybersecurity for space where those frameworks become more applicable as compromises become more frequent, prolific, and acknowledged. This framework can provide a taxonomy that can be used to characterize foundational aspects of cyber threats to SVs in a way that allows for the identification of trends and enables analysis of this niche target set at the intersection of the space and cyber domains.

Conclusion

In conlusion, “We need frameworks, this is sure. But we need also to ensure that we are not diverging or duplicating the efforts.” said Paul Varela, CyberSecurity/Risk Expert and Trainer at EUSPA.

My position is that it’s right but I think these frameworks are complementory.

An analysis of the Thales satellite hacking demo CYSAT 2023 by SPARTA team

By

François Quiquet

-

12 June 2023

0

Brandon Bailey & Brad Roeher from the SPARTA team analyzed, in this article, Thales Group’s CYSAT ’23 presentation material to deconstruct the experiment, extract lessons learned, and document potential countermeasures.

Summary of the full attack flow

The SPARTA (Space Attack Research and Tactic Analysis) Framework was used to identify the tactics, techniques, and associated countermeasures associated with the experiment/attack.

More about the SPARTA Framewok

They utilized the SPARTA Navigator tool to construct the attack chain and generated an Excel export to pinpoint relevant countermeasures. Subsequently, a thorough analysis is conducted to ensure the applicability of the associated countermeasures to the specific Tactics, Techniques, and Procedures (TTPs).

The SPARTA Navigator proves invaluable in presenting a comprehensive array of countermeasures categorized by defense-in-depth, effectively minimizing the risk posed by TTPs. By leveraging the SPARTA Navigator, we successfully map the attack chain to SPARTA TTPs, as exemplified below.

The attack chain mapped in SPARTA navigator

Upon exporting the data from the SPARTA Navigator, they have identified eight countermeasures. Out of these, five pertain to terrestrial countermeasures intended to prevent vulnerable software from infiltrating the spacecraft. The remaining three countermeasures are implemented onboard the spacecraft itself, serving to protect against and/or detect the TTPs executed during the experiment.

More about the analysis of the CYSAT 2023 Demo by SPARTA team

More about the demo

Check this demo in video

Space Odyssey: An Experimental Software Security Analysis of Satellites

By

François Quiquet

-

1 June 2023

0

The abstact below is taken from a paper written by Johannes Willbold, Moritz Schloegel, Manuel Vogele, Maximilian Gerhardt, Thorsten Holz and Ali Abbasi.

This paper was presented at the 44th IEEE Symposium on Security and Privacy (S&P) and received a distinguished paper award.

In this paper, they analyze the security of three real-world satellites and discover 13 vulnerabilities that enable attackers take over two of them. They also publish a survey confirms that these are widespread issues.

Terms used in this abstract are : satellites, satellite security, space segment, satellite firmware, threat taxonomy, software security.

The paper can be downloaded here : source 1, source 2, source 3

Abstract — Satellites are an essential aspect of our modern society and have contributed significantly to the way we live today, most notable through modern telecommunications, global positioning, and Earth observation. In recent years, and especially in the wake of the New Space Era, the number of satellite deployments has seen explosive growth. Despite its critical importance, little academic research has been conducted on satellite security and, in particular, on the security of onboard firmware. This lack likely stems from by now outdated assumptions on achieving security by obscurity, effectively preventing meaningful research on satellite firmware.

In this paper, we first provide a taxonomy of threats against satellite firmware. We then conduct an experimental security analysis of three real-world satellite firmware images. We base our analysis on a set of real-world attacker models and find several security-critical vulnerabilities in all analyzed firmware images. The results of our experimental security assessment show that modern in-orbit satellites suffer from different software security vulnerabilities and often a lack of proper access protection mechanisms. They also underline the need to overcome prevailing but obsolete assumptions. To substantiate our observations, we also performed a survey of 19 professional satellite developers to obtain a comprehensive picture of the satellite security landscape.

The figure below is a taxonomy of threats against satellite firmware

The figure below is a the OPS-SAT threat model

The figure below is an overview of the vulnerabilities identified in the satellite bus and their attacker paths

CISPA researchers have contributed to twelve papers at this year’s. Four of these papers have received the highest honor: A Distinguished Paper Award, given out to the top 1% of submitted papers. Congratulations to everyone involved!

Go to this paper here : source 1, source 2, source 3

ATT&CK v13 released with significant updates : Pseudocode, Swifter Search, Mobile Data Sources and ICS asset refactoring, …

By

François Quiquet

-

30 May 2023

0

🔥 On Tuesday 25 April 2023, the MITRE Corporation released ATT&CK v13, the new version of its framework.

This new version includes significant updates and affects all matrices: Enterprise, Mobile and ICS.

In this article, we summarize the biggest changes : and will go through more details.

✔️ Addition of “Pseudocode analytics for Detection”: I understand this is the most important change in ATT&CK v13. It adds detailed recommendations to the TTPs in the Enterprise matrix to improve their detection by providing more precision and context on what to look for and collect. This new information can be consulted in the CAR (Cyber Analytics Repository) database.

✔️ Addition of new data sources for the Mobile matrix: Data sources represent information that can be collected from logs or probes. They also include characteristics that make it possible to identify the specific properties/values of a data source that are relevant to the detection of a technique or sub-technique.

✔️ Update of the ICS matrix: overhaul of assets, addition of new techniques and refresh of campaign mapping

✔️ Update of APT groups and attack campaigns with the possibility of cross-domain mapping

✔️ Improved coverage of the Cloud: addition of new technologies and completion of execution and lateral movement techniques

✔️ Improved coverage of Linux: updated techniques and sub-techniques with a better understanding of attacks

✔️ Improvements to the web interface, mainly in the search module

✔️ New changelog types to help identify more precisely what has changed in ATT&CK.

“we’re working toward enhanced tools for lower-resourced defenders, improving ATT&CK’s website usability, enhancing ICS and Mobile parity with Enterprise, and evolving overall content and structure this year”

Amy L. Robertson

🤩 A v14 is already announced for October with more details at ATT&CKCon 4.0 which takes place on 24-25 October 2023 :

upgraded coverage across domains
renovated mitigations
new cross-domain mappings
more pseudocodes
mobile structured detections

👉 More details in this article on the MITRE blog

More about MITRE ATT&CK framework

The MITRE ATT&CK framework is a globally recognized knowledge base and methodology for understanding, organizing, and classifying cyber threats and tactics used by adversaries during different stages of a cyber attack. ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge.

The framework was developed by MITRE, a not-for-profit organization that operates federally funded research and development centers (FFRDCs) to address various challenges faced by the U.S. government. However, the framework has gained widespread adoption in the cybersecurity community and is used by organizations around the world.

The MITRE ATT&CK framework provides a comprehensive model that describes the entire lifecycle of a cyber attack, from initial reconnaissance and weaponization to lateral movement, data exfiltration, and impact. It consists of a matrix that outlines various tactics and techniques employed by adversaries, along with information on the platforms they target (e.g., Windows, macOS, Linux) and the types of software they use.

The framework is organized into several categories, including Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Exfiltration, and Impact. Each category is further divided into specific techniques and sub-techniques that adversaries may employ.

For each technique, the framework provides detailed information on how it works, the potential impact, and real-world examples of its usage by known threat actors. This knowledge base allows organizations to better understand the tactics and techniques employed by adversaries and assists in building effective defensive strategies and improving incident response capabilities.

By utilizing the MITRE ATT&CK framework, organizations can map observed adversary behaviors to specific techniques, identify security gaps, prioritize defenses, develop threat intelligence, and share information with the broader cybersecurity community. The framework serves as a common language and reference point for cybersecurity professionals, enabling them to collaborate and exchange knowledge on emerging threats and effective defense strategies.

Overall, the MITRE ATT&CK framework plays a crucial role in enhancing cybersecurity awareness and readiness, facilitating the development of proactive defense measures, and improving the overall resilience of organizations against cyber attacks.

Go to the MITRE ATT&CK framework here.

What is SpaDoCs Framework ?

What can SpaDoCs Framework be used for ?

To go further

Qu’est-ce que l’OSINT ?

Replay de la conférence OSINT = Le nouveau nerf de la guerre ?

Au delà de l’OSINT

L’OSINT et la cybersécurité

L’OSINT et le spatial

The Aerospace Corporation’s Space Attack Research and Tactic Analysis (SPARTA)

The SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) from ESA

The Targeting, Reconnaissance, & Exploitation Kill-Chain for Space Vehicles (TREKS) Cybersecurity Framework

SpaDoCs, the Space Domain Cybersecurity Framework

EMB3D, the Cybersecurity Threat Model dedicated for Embedded Devices

What about SPARTA vs. ATT&CK MITRE ?

What about SPARTA vs. SPACE-SHIELD ?

What about TREKS vs. other frameworks

Conclusion

Last Posts

Popular Category

Popular posts

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY