The evolution of SPARTA is a perfect illustration of how the cyber domain is increasingly taking into account the specificities of the space domain. This adaptation is carried out through multiple publications by NIST, MITRE and others. SPARTA is at the forefront of this trend and continues to include new elements to facilitate its use.
1- TTP Notional Risk Scores
Two objectives:
To establish the likelihood of an attack due to the uniqueness of every mission and system implementation.
To illustrate adversary capability which contributes to the likelihood that an actor can execute certain SPARTA TTPs.
In order to produce an analysis on the TTPs potential impact, this results in a NOTIONAL risk determination with three notional risk values sorted by system/mission criticality (high, medium, low).
2- ISO 27001 Mapping
SPARTA is adapting to other regional contexts and rules. This mapping was performed using NIST’s published mapping between NIST 800–53 rev5 and ISO 270001.
3- D3FEND Technique and Artifact Mappings
SPARTA aims to provide a translation/mapping of D3FEND (Denial, and Disruption Framework Empowering Network Defense) techniques from MITRE and artifacts to the relevant SPARTA countermeasures. This should enable users of SPARTA to bridge the gap between countermeasures/courses of actions (COAs).
4- Additional References
In SPARTA version 1.3.2, over 20 TTP references were updated using CyberInflight’s Market Intelligence Team’s space attack database. In version 1.4, the integration of our data has been fully completed. Approximately 50 attacks were added to the appropriate techniques/sub-techniques under the reference section for each TTP.
Roughly 60% of the attacks that we provided fall within the Reconnaissance and Resource Development tactics, which is a precursor to almost all attacks. This reinforces how important the Protect Sensitive Information countermeasure is because threat actors are actively extracting sensitive design information. In some cases, threat actors’ objectives are simply Exfiltration or Theft, and these attacks could be achieving their objective simply by stealing the information.
For more information, don’t hesitate to check the DEFCON31 presentation and SPARTA
Source: https://medium.com/the-aerospace-corporation/sparta-v1-4-whats-new-1ecdbf4873d7
#satellite #cybersecurity #cybersécurité #space