Multi-tiered space cyber TARA: Quantification of risk and mitigation with SPARTA TTP

Sang Seo; Dohoon Kim

doi:10.23386/joss.2025.2.1.004

Preview

Research Article

JOURNAL OF SPACE SECURITY. 30 June 2025. 36-50
https://doi.org/10.23386/joss.2025.2.1.004

Multi-tiered space cyber TARA: Quantification of risk and mitigation with SPARTA TTP

Sang Seo¹

Dohoon Kim²^*

¹Software Laboratory, NSHC Co., Ltd., Seoul 08502, South Korea

²Department of Computer Science, Kyonggi University, Suwon 16227, South Korea

^{*Corresponding Author}

ABSTRACT

As space cybersecurity undergoes profound transformation within the increasingly intelligent and networked environment, a standardized methodology for risk assessment and defense validation becomes imperative for mitigating attack surfaces through threat intelligence and Indicators of Compromise (IoCs). However, existing frameworks such as SPARTA (Space Attack Research & Tactic Analysis) lack a structured Model-Based Systems Engineering (MBSE) methodology to quantify the propagation of damage from Advanced Persistent Threats (APTs) targeting intrinsically vulnerable space infrastructure and to formulate optimal countermeasures. This study addresses this critical gap by proposing a multi-tiered Space Cyber Threat Analysis and Risk Assessment (TARA) framework, which integrates Space Risk (SR) and Space Mitigation (SM) metrics to achieve Defense-in-Depth (DiD) and Secure Space-by-Design (S2bD) within the space ecosystem. The framework further ensures interoperability with SPARTA’s risk matrix and Minimum Notional Baseline (MNB) through standardized normalization. To valid ate its effectiveness, a comprehensive best-practice assessment is conducted on the space supply chain. This TARA-based approach enables more granular quantification of threat impact metrics and mitigation response metrics—domains that have received limited attention in prior research. Furthermore, a sensitivity analysis is performed to evaluate its practical effectiveness. Future work will focus on the full-scale implementation of Space Penetration Testing as a Service (Space-PTaaS) and Space Enterprise Mission Assurance Support Service (Space-eMASS).

Keywords

Space cybersecurity

Threat modeling

Threat analysis and risk assessment

SPARTA

MAIN

1. INTRODUCTION
2. RELATED WORKS
2.1. Literature Review
2.2. Comparative Analysis of Framework
3. SPACE CYBER THREAT MODELING AND RISK ASSESSMENT WITH SPARTA
3.1. Design Principles of Multi-tierd TARA
3.2. Quantitative Baseline for Overlay and Tailoring
3.3. Proof-of-concept with Best Practice
4. CONCLUSION

1. INTRODUCTION

As the cybersecurity paradigm undergoes fundamental transformation within the New Space era, driven by rapid advancements in space technology, major space security agencies are conducting comprehensive reviews of potential vulnerabilities across the space cyber domain. In particular, following the mid-to-long-term evolution of space cybersecurity strategies outlined in Space Policy Directive-5 (SPD-5) [1], nations such as the United States and those in the EU are standardizing cybersecurity guidelines and regulations. These initiatives seek to protect all segments of the space ecosystem, including ground, space, link, and supply chain domains. Moreover, these nations are optimizing total lifecycle security management for mission-critical space infrastructure by implementing targeted security enhancements that prioritize resilience-oriented strategies giving the advantage to defenders.

To strategically implement Defense-in-Depth (DiD) and Secure-to-Build (S2bD) principles in s pace cybersecurity, frameworks such as SPARTA [2] and SPACE-SHIELD (Space Attacks and Countermeasures Engineering Shield) [3] have been developed. These frameworks, built on MITRE ATT&CK [4] and MITRE D3FEND [5], integrate space-specific TTPs (Tactics, Techniques, and Procedures) and security controls tailored for the space domain.

However, current advancements in space cybersecurity focus primarily on countering exploits targeting low-Earth orbit (LEO) CubeSat protocols and data. Vulnerability analyses of Ground Control Stations (GCS) and third-party supply chains remain limited, primarily identifying potential attack surfaces rather than offering comprehensive mitigation strategies. Furthermore, existing defense approaches rely heavily on traditional security measures such as network segment ation, access and device control, end-to-end encryption (E2EE), and public key authentication, as specified by CCSDS (Consultative Committee for Space Data Systems) [6]. While these methods provide foundational security, they fail to adequately address the growing sophistication of cyber threats in the New Space environment [7].

Without comprehensive total lifecycle security management to counter increasing latent vulnerabilities, space infrastructure will face significant risks from state-sponsored cyber threats. To effectively neutralize the defender-inferior spatiotemporal asymmetry, space threat modeling must adopt Model-Based Systems Engineering (MBSE) methodologies. This approach should be tailored to support Independent Verification & Validation (IV&V) [8] within Space-DevSecOps (Development, Security, and Operations) processes.

Accordingly, this study proposes a Multi-Tiered Space Cyber TARA (Threat Analysis and Risk Assessment) framework integrating Knowledge Management (KM) [9], Cyber Threat Susceptibility Assessment (CTSA) [10], and Cyber Risk Remediation Assessment (CRRA) [11]. This app roach quantifies Security Risk (SR) based on the impact of each threat and Security Mitigation (SM) based on the effectiveness of countermeasures. Additionally, sensitivity analysis is performed on cyber engagement scenarios within the space supply chain, providing a compliance-based Proof-of-Concept (PoC) to validate the proposed method.

The remainder of this paper is organized as follows: Section 2 reviews the state-of-the-art in space cybersecurity, focusing on existing space TTP-based frameworks and their comparative analysis. Section 3 presents a custom TARA-based threat modeling approach, assessing the effectiveness of cyber attack and defense strategies using space supply chain scenarios. Finally, Section 4 discusses insights from the PoC and concludes the study.

2. RELATED WORKS

This section examines the current state of space cybersecurity across different countries while analyzing precedents of TTP-based space-specific cybersecurity frameworks that provided foundational insights for this study.

2.1. Literature Review

This section initially analyzes developments in the United States, which has emerged as a first- mover in the space cybersecurity domain. In response to the Call-to-Action (CTA) under SPD-5, NIST, in collaboration with MITRE, established cybersecurity standards to ensure S2bD and DiD within the space cyber domain. These standards include NISTIR 8270 [12], NISTIR 8323 [13], NISTIR 8401 [14], and NISTIR 8441 [15], each of which addresses specific security aspects. For example, NISTIR 8270 ensures the secure operation of commercial satellite platforms through collaboration with private vendors. NISTIR 8323 aims to identify cyber risk factors in PNT (Positioning, Navigation, and Timing) infrastructure. NISTIR 8401 establishes detailed security requirements and countermeasures for ground stations a nd end users. NISTIR 8441 proposes a dedicated security framework and profiling mechanisms for hybrid constellation satellites that provide deep-space internet services. Additionally, NASA, leveraging MITRE ATT&CK, developed the BPG (Best Practice Guide) [16] to operational ize space security controls and established NASA-STD-1006A [17], a guideline for space system security requirements and resilience profiling. To manage DevSecOps for emerging New-Space platforms, NASA internally established the C-SCRM (Cybersecurity Supply Chain Risk Management) agency and contributed to the creation of Space-ISAC (Information Sharing and Analysis Center) [18]. This initiative facilitates the inter national sharing of space Cyber Threat Intelligence (CTI) and IoC using STIX (Structured Threat Information Expression) [19] and TAXII (Trusted Automated Exchange of Intelligence Information) [20]. Furthermore, Aerospace Corporation is actively operating MoonLighter [21] in orb it, a practical CubeSat integrated with Hack-a-Sat [22], to enhance space cyberrange capabilities and specialize in space CTI. The corporation has also, in collaboration with MITRE and NASA, further formalized SPARTA, a TTP-based space cybersecurity framework, and Space C-SoC (Cybersecurity Operations Center), an IoC-driven space cybersecurity monitoring platform.

Subsequently, this section analyzes developments in the EU and the UK, which have establish ed themselves as independent fast-followers in the space cybersecurity domain. The ESA initiated multiple space cybersecurity projects under ARTES-4S [23]: Space Cyber Range [24]: A research initiative focused on constructing a space cybersecurity training environment and automating satellite penetration testing. 4SSTB [25]: A project dedicated to automating satellite security management. CCSDS SDLS (Space Data Link Security) [26]: A protocol designed to enhance secure satellite communications. INT-UQKD [27] and Caramuel [28]: Projects aimed at developing quantum cryptographic architectures for ground stations. Furthermore, through collaboration with NASA, ESA published the Bulk Security [29] and Bundle Protocol [30] standards to enhance GovSATCOM [31] security for IRIS2 [32]. Additionally, under the CASSINI [33] project, ESA contributed to the establishment of EU Space-ISAC [34] within EUSPA. Notably, prior to Aerospace Corporation’s SPARTA, ESA had already proposed SPACE-SHIELD, a MITRE ATT&CK-based space cybersecurity framework, structuring it for use in EU Space C-SoC. To evaluate draft security solutions and detailed algorithms, ESA initially operated the low-orbit CubeSat OPS-SAT [35], later expanding its scope with CyberCube [36]. Concurrently, the UK, led by UKSA and NCSC, developed the CAF (Cyber Assessment Framework) [37] and CST (Cybersecurity Toolkit) [38] to establish key cybersecurity management, risk assessment, and incident response guidelines for its national space cyber domain. Similarly, Germany, through BSI, developed the IT-Grundschutz Profile for Space Infrastructures [39] and TR-03184 [40], security standards aimed at ensuring S2bD in space cybersecurity. These collective initiatives have contributed to the refinement of the EU’s comprehensive space cyber risk management framework.

Furthermore, this section examines initiatives in Japan, which represents a dependent fast-follower in the space cybersecurity domain. METI standardized the Cybersecurity Guidelines for Commercial Space Systems [41] through dedicated efforts of an internal working group. This profiling standard was designed to preemptively neutralize potential malicious state actors’ compromise kill chains targeting the commercial space supply chain. Moreover, JAXA, in collaboration with the Cabinet Office, strategically developed the Space Security Initiative [42] to bench mark the NIST CSF [43], RMF [44], C-SCRM [45], and CMMC [46]. This initiative has substantively enhanced space cybersecurity cooperation between Japan and the United States.

Building upon these international precedents, the research and development maturity of space cybersecurity for each major country is systematically summarized in Table 1 according to specific attributes. In Table 1, the scoring scale is defined as follows. No Action: Indicates that no officially reported precedent exists. Identifying: Denotes that related work is in progress, but no official results have been produced yet.

TABLE 1.

Taxonomy of research and development rating of space cybersecurity by major countries

Country	Rating
Country	Secure space by design	Cybersecurity planning	Inter-operator collaboration	Strategy and norms	Technique and practices	Joint Force capabilities	International integration
USA	Leader
EU	Leader	Achieved	Leader	Achieved	Achieved	In progress	Achieved
U.K	In progress	Achieved	Achieved	Achieved	In progress	Achieved	In progress
Japan	Achieved	In progress	Leader	In progress	Developing	In progress	Achieved
Australia	In progress	Achieved	In progress	Achieved	Identifying	In progress	In progress
Switzerland	Developing	In progress	In progress	In progress	Identifying	Developing	Achieved
Canada	Achieved	In progress	Developing	Developing	Developing	Developing	In progress
China	In progress	Achieved	In progress	Achieved	In progress	Leader	Developing
Russia	In progress	Achieved	Developing	Achieved	In progress	Leader	Developing
India	No action	Developing	Developing	Achieved	Identifying	Identifying	Identifying
Korea	Developing	In progress	Developing	Developing	Identifying	Identifying	Identifying

Developing: Signifies that foundational work has been conducted, yielding preliminary results. In Progress: Represents an ongoing effort where initial results have been produced, followed by further refinements. Achieved: Indicates that a clearly differentiated technological development has been successfully completed. Leader: Refers to a country that demonstrates extensive implementation and widely recognized practices in space cybersecurity.

2.2. Comparative Analysis of Framework

This section examines SPARTA and SPACE-SHIELD, which represent exemplary space cybersecurity frameworks. For ISACs and C-SoCs, SPARTA serves as a catalog archive that normalizes specialized TTPs and countermeasures for each major segment within the space cyber domain. Specifically, SPARTA supports S2bD by tailoring security requirements and security controls from the design phase of subcomponents. Furthermore, it ensures DiD by utilizing functional decomposition methods and Notional Risk Score (NRS)-based risk matrices, which abstract operational layers. Notably, SPARTA exhibits robust structural network correlations with other frameworks, including SPACE-SHIELD, MITRE ATT&CK, and MITRE D3FEND. It also maintains complex system relationships with governance standards such as NIST CSF, RMF, NASA BFG, CCSDS, and ISO/IEC 27001 [47]. Consequently, SPARTA facilitates developers, operators, and sub-parties in the supply chain in identifying potential space cyber threats and enables the rapid optimization of countermeasures for each threat. Therefore, SPARTA is quantitatively evaluated as the most advanced standard for space CTIs and IoCs, while also being qualitatively recognized for its comprehensive coverage of space TTPs and countermeasures.

In parallel, SPACE-SHIELD represents the first dedicated operational space cybersecurity framework that was specialized as a subdomain of MITRE ATT&CK to precisely define threats, vulnerabilities, TTPs, and kill chains within the EU space cyber domain. SPACE-SHIELD was architecturally designed to be applicable to ARTES-4S, CyberCube, and EU Space-ISAC, with its record data structured accordingly. Although its content update frequency is comparatively lower than SPARTA, it is documented to achieve broader adoption for independent C-SoC development.

Ultimately, the comparative analysis of each framework is comprehensively summarized in Table 2. Based on this classification, when evaluating the damage ripple effect for each threat and validating the mitigation response effectiveness for each countermeasure within this study, and particularly when concretizing the Multi-tiered Space Cyber TARA, the analysis confirmed that SPARTA’s record data constitutes the most suitable foundation.

TABLE 2.

Taxonomy of space & legacy TTP-based cybersecurity framework

Features	SPARTA	SPACE-SHIELD		MITRE ATT&CK
Goal	Quantifying and sharing space TTP		Threat modeling and risk analysis
Type	Knowledge database
Target	DiD-based space ecosystem	Satellites and ground stations		Organization and infrastructure
Baseline knowledge	SPACE-SHIELD, ATT&CK, D3FEND, CSF, RMF, BPG, CCSDS	ATT&CK, CSF		CTI with APT, CAPEC, CSF
Assessment domain	Space, ground, link, user	space, ground		enterprise, ICS, mobile
Major metric	TTP and countermeasure, control	TTP and countermeasure		baseline of CTI-TTP, control
Main contributor	Aerospace Corp., MITRE, NASA	ESA		MITRE
Foundation year	2022~	2021~		2013~

3. SPACE CYBER THREAT MODELING AND RISK ASSESSMENT WITH SPARTA

This section formalizes key procedures within the proposed Multi-tiered Space Cyber TARA and specifies its novel metrics for cyber engagement effectiveness analysis, including the risk matrix and defense coverage, using both baseline layers and detailed pseudo-code. Furthermore, by conceptualizing segment-specific space system architectures and engagement scenarios within the supply chain as best practices, this study empirically demonstrates the qualitative and quantitative applicability of the proposed method.

3.1. Design Principles of Multi-tierd TARA

Initially, based on the TTPs and security controls in SPARTA, this section concretizes TARA- based threat modeling, which systematically performs cyber threat assessment and maps optimal countermeasures for secure IV&V in the space cyber domain. In this context, threat modeling constitutes a quantitative analysis method that identifies potential vulnerabilities from the design lifecycle of key test units, such as complex digital infrastructure, software components, and service applications. It then optimizes countermeasures to internalize both perimeter and n on-perimeter defenses, incorporating the degree of CIA (Confidentiality, Integrity, and Availability). This advanced threat modeling structure is abstracted into a five-step process, as shown in Fig. 1.

https://cdn.apub.kr/journalsite/sites/JOSS/2025-002-01/N0670020104/images/Figure_joss_02_01_04_F1.jpg

FIG. 1.

Overview of threat modeling mechanism.

Based on the criticality and severity of key test units, this threat modeling concept is structured as a hierarchical TARA approach, which serves as an MBSE-based mechanism to ensure IV&V. The TARA framework represents a custom threat modeling strategy developed by MIT RE, designed to identify cyber threats throughout the critical system acquisition lifecycle and strategically select optimized defense measures. Within this framework, it contributes to DevSecOps by analyzing the effectiveness of cyber engagements and optimizing security controls using baselines. As shown in Fig. 2, TARA is divided into three distinct phases: Define and Model—the preprocessing step, where threats and vulnerabilities are structured. Analyze and Assess—the quantitative verification step, where risk levels and potential impacts are evaluated. Mitigate and Operate—the decision- making optimization step, where optimal defense measures are selected and operationalized. The primary objective of TARA is to preemptively identify vulnerable points and potential attack surfaces within an adaptive acquisition process, ensuring that all defensive actions are implemented before an attack occurs. Moreover, it guarantees the functional safety and operational resilience of protected space platforms, thereby maintaining service reliability. Additionally, TARA determines the baseline solution for qualitative security profiles and quantitative damage/mitigation metrics of key test units. It also optimizes Standard Operating Procedures (SOPs) by applying overlay and tailoring schemes.

https://cdn.apub.kr/journalsite/sites/JOSS/2025-002-01/N0670020104/images/Figure_joss_02_01_04_F2.jpg

FIG. 2.

Conceptual diagram of TARA.

Accordingly, the main diagram of the proposed Multi-tiered Space Cyber TARA, which incorporates both the threat modeling structure and TARA procedures, is structured into three key sequences, as illustrated in Fig. 3. First, KM serves as the preprocessing step, organizing and cataloging space cyber threats and countermeasures to establish a knowledge archive for effectiveness analysis. Specifically, KM is responsible for normalizing combat data within the space cyber ecosystem into a structured TARA-compatible knowledge set. To achieve this, KM integrates the structural and technical total lifecycle system management steps of operational space systems. Furthermore, it abstracts TTP-based kill chains and the chain of compromises using the pivot concept, thereby embedding hierarchical correlations across different catalogs.

https://cdn.apub.kr/journalsite/sites/JOSS/2025-002-01/N0670020104/images/Figure_joss_02_01_04_F3.jpg

FIG. 3.

Detailed configuration diagram of Multi-tiered Space Cyber TARA.

Subsequently, CTSA constitutes the stage that evaluates attack vectors, vulnerabilities, and weaknesses that could precipitate adverse impacts. It defines the degree of cyber risk and quantifies the damage ripple effect. In CTSA, which pertains to threat analysis, potential attack surfaces and candidate vulnerable points are identified based on a data flow diagram. Risk assessment is then conducted by referencing cataloged compromising information, which enables the standardization of both a two-dimensional impact-likelihood-based risk matrix and the Notional SR and Notional SM.

Finally, CRRA represents the stage that derives and validates the optimal countermeasures and security profiles for mitigation. It establishes categorization results, formulates defense baselines, and quantifies the mitigation response level. In CRRA, which focuses on the mapping of defense measures, candidates are optimized by structuring the Pareto front of trade-offs based on prioritization. Moreover, regression analysis is performed to minimize residual risk to realize S2bD and DiD within the space ecosystem.

3.2. Quantitative Baseline for Overlay and Tailoring

Subsequently, the Multi-tiered Space Cyber TARA and its subprocedures (KM, CTSA, and CRRA) are integrated with TSN to tailor and overlay the augmented SR for evaluating the damage ripple effect of each threat and the defined SM for validating the mitigation response of each countermeasure. During this phase, by utilizing CTSA within TARA, the impact-based propagation scope for each threat and the likelihood-based attack type are configured. Similarly, by applying CRRA within TARA, the impact-based response scope and likelihood-based defense measures for each countermeasure are constructed. Consequently, the TSN-based refined TARA analysis procedures are delineated in Fig. 4.

https://cdn.apub.kr/journalsite/sites/JOSS/2025-002-01/N0670020104/images/Figure_joss_02_01_04_F4.jpg

FIG. 4.

Advanced TSN-based process of Multi-tiered Space Cyber TARA.

Initially, in KM, the Categorization of Asset and Implementation of Metrics phase is structured into several sub-processes based on capability assessment to systematically evaluate space as sets and their potential risks. Criticality Analysis: Classifies potential security failures and accident levels for each space asset, then determines the priority of countermeasure implementation for each entity. Space Risk and Threat Assessment: Identifies attack surfaces within the space cyber ecosystem and analyzes threat types associated with each potential risk. Space Vulnerability Assessment: Identifies detailed kill chains and compromise sequences for each threat and analyzes the types of damages that may occur. Resulting Consequence of Space Cybersecurity Loss: Enhances the SR score by supplementing the NRS with impact considerations. Resulting Probability of Space Cybersecurity Loss: Refines the SR score by incorporating likelihood considerations based on NRS. Each of these sub-processes is systematically structured and concretized within the KM-based categorization framework. Subsequently, in CTSA, the Risk Assessment phase initially determines TTPs and threat-specific SR based on an impact-likelihood-based risk matrix, while referencing the criticality of protected assets through an initial verification flow. Ultimately, in CRRA, the Selection of Countermeasure and Mitigation Tailoring phase is subdivided into multiple sub-processes: Identification of Countermeasure: Defines SM by mapping applicable countermeasures and security profile elements for each threat. It then quantifies the degree of mitigation response using the SM. Decision, Optimization, and Tailoring: Implements a defensive decision-making model based on the identified mitigation response. It further reduces residual risk by optimizing security strategies according to the system and architecture structure. These sub- processes comprehensively structure the countermeasure selection and risk mitigation process within CRRA.

Within the TSN-based process, the SR, which is inherited from SPARTA’s NRS as a baseline for threat assessment, is structured to interoperate seamlessly with the threat modeling procedures. As shown in Algorithm 1, SR is decomposed into atomic templates, including Identify & Configure, Populate, and Select, ensuring optimal integration within the modeling workflow.

Algorithm 1.

Pseudo code of space risk (SR) metric for threat quantification

INPUT	SPARTA’s tactic set ( $T$ ), SPARTA’s technique element ( $t \in T$ ), Set of risk score ( $s_{t} \in S_{T}$ ), Set of counter-measure ( $c_{t} \in C_{T}$ ), Set of security control ( $M_{C_{T}}$ ), Impact baseline of $t$ ( $I_{T}$ ), Likelihood baseline of $t$ ( $L_{T}$ ), Threshold for risk assessment of $t$ (𝜃, $θ \in {'low', 'medium', 'high', 'critical'}$ ).
OUTPUT	Set of security control with $c_{T}$ that must be employed to mitigate intolerable risks.
1:	for each $t \in T$ do
2:	Identify each $s_{t} \in S_{T}$
3:	Configure $s_{t} = (I_{T}, L_{T})$ considered space cyber attack-defense conditions
4:	Populate $t$ on the black 5 × 5 risk matrix in SPARTA
5:	if arbitrary risk occurred by $t ≻ θ$ then
6:	Select optimized counter-measure subset $c_{T}$ to mitigate $t$ , ${c_{t}} \in C_{t}$
7:	Select optimized control subset $M_{{c_{t}}}$ to perform the counter-measure { $c_{T}$ }, ${M_{{c_{t}}}} \in M$
8:	return $\cup_{t \in T} {M_{{c_{t}}}}$

As illustrated in Fig. 5, the threshold for attack efficiency per threat is determined based on consequence attributes, which are associated with an arbitrary space asset’s mission, CIA, reputation, and regulatory impact. Conversely, the threshold for attack type per threat is calculated based on probability attributes, which are linked to the space asset’s ability, attention, opportunity, and scope. Through this process, the risk assessment domain within SR is systematically established.

https://cdn.apub.kr/journalsite/sites/JOSS/2025-002-01/N0670020104/images/Figure_joss_02_01_04_F5.jpg

FIG. 5.

Conceptual equation scope of SR.

Subsequently, the NRS metric, inherited by SR from SPARTA, was originally proposed only as a baseline for qualitatively recommending countermeasures and controls that are closely linked to each technique. Consequently, relying solely on SR may introduce bias-induced errors. Moreover, there is a lack of evaluation regarding the mitigation response generated by mapped countermeasures. To address these limitations, SM is introduced as a novel baseline, divided into SM1 and SM2, as shown in Fig. 6. This is achieved by leveraging MITRE Engenuity’s mitigation efficiency factor and SPARTA’s defense coverage factor. Unlike conventional matrix axis shifts that define the degree of mitigation response, SM is conceptualized to directly attenuate the cascading impact of cyber threats. The threshold for mitigation efficiency for each countermeasure is based on impact attributes correlated with reduction degrees, classified as low, medium, high, and critical. Correspondingly, the threshold for defense type for each countermeasure is based on likelihood attributes, considering the effect on both attackers and arbitrary space assets when applying defense mechanisms. These attributes are categorized into: Detect & Prevent, Neutralize & Eliminate, Limit & Stop, Resilience & Recover. Through this process, the security verification domain within SM is systematically structured.

https://cdn.apub.kr/journalsite/sites/JOSS/2025-002-01/N0670020104/images/Figure_joss_02_01_04_F6.jpg

FIG. 6.

Conceptual equation scope of SM.

Consequently, SM1 is established as the first baseline, which is directly correlated with the impact- likelihood layer, as defined in Table 3. It serves as an essential metric for defense effectiveness analysis of each countermeasure.

TABLE 3.

Baseline of SM1 with risk matrix

SM1’s value		Likelihood metric
SM1’s value		Detect & prevent (DP)	Neutralize & eliminate (NE)	Limit & stop (LS)	Resilience & recover (RR)
Impact metric		3	5	3	1
Critical	4	12	20	12	4
High	3	9	15	9	3
Medium	2	6	10	6	2
Low	1	3	5	3	1

Conversely, SM2 is structured as the second baseline, as outlined in Table 4. It is directly related to operational segments and defensive coverage, based on the SPARTA navigator. SM2 is selectively applied when a comprehensive analysis is required, considering the sequential interconnectivity of aggressive kill chains and the hierarchical multi-redundancy of cybersecurity solutions.

TABLE 4.

Baseline of SM2 with defense coverage

SM2’s value		Defense coverage metric (DC)
SM2’s value		DC < 50% (L)	50% < DC < 75% (M)	DC > 75% (H)
Location metric		0.6	0.8	1.0
Space	0.8	0.48	0.64	0.80
Link	0.6	0.36	0.48	0.60
Ground	0.4	0.24	0.32	0.40
User & S/C	0.2	0.12	0.16	0.20

Subsequently, SM, which is conceptualized for validating mitigation responses within the TSN-based process, is globally interoperable with detailed TARA procedures, as shown in Algorithm 2. It is structured into atomic templates, including: Prepare, Decide, Calculate, and Mitigate. This methodology further ensures seamless integration within alternative custom TARA frameworks.

Algorithm 2.

Pseudo code of space mitigation (SM) metric for countermeasure quantification

INPUT	SPARTA’s tactic set ( $T$ ), SPARTA’s technique element ( $t \in T$ ), Set of previous risk score ( $p s_{t} \in P S_{T}$ ), Set of counter-measure ( $c_{t} \in C_{T}$ ), Set of security control ( $M_{C_{T}}$ ), Impact mitigation baseline of $t$ ( $α_{t}$ , $α_{t} \in \{[{}^{'}l o w^{'} : 1], [{}^{'}{medium}^{'} : 2], [{}^{'}{high}^{'} : 3], [{}^{'}{critical}^{'} : 4]\}$ ), Likelihood mitigation baseline of $t$ ( $β_{t}$ , $β_{t} \in \{[{}^{'}D P^{'} : 3], [{}^{'}\neq {}^{'}: 5], [{}^{'}L S^{'} : 3], [{}^{'}R R^{'} : 1]\}$ ), Set of SM1 ( ${s m}_{t}^{1} \in {S M}_{T}^{1}$ , ${s m}_{t}^{1} = α_{t} \times β_{t}$ ), Operation factor of $t$ ( $γ_{t}$ , $γ_{t} \in \{['Space' : 0.8], ['Link' : 0.6], [' Ground' : 0.4], ['User and S/C' : 0.2]\}$ ), Compound determinant of $t$ ( $τ_{t}$ , $τ_{t} \in {True, False}$ ), Compound factor of $t$ ( $ϵ_{t}$ , $ϵ_{t} \in {[' ϵ_{t} ≺ 0.5' : 0.6], [' 0.5 ≺ ϵ_{t} ≺ 0.75' : 0.8], [' ϵ_{t} ≻ 0.75' : 1.0]}$ ), Set of SM2 ( ${s m}_{t}^{2} \in {S M}_{T}^{2}$ , ${s m}_{t}^{2} = γ_{t} \times ε_{t}$ ).
OUTPUT	Set of mitigated risk score ( $m s_{t} \in M S_{T}$ , $m s_{t} = p s_{t} - {s m}_{t}^{1}$ or $p s_{t} - ({s m}_{t}^{1} \times {S M}_{T}^{2})$ \| (if $m s_{t} ≺ 0, m s_{t} = 0$ )).
1:	for each $p s_{t} \in P S_{T}$ do
2:	Prepare each $p s_{t} = (I_{t}, L_{t})$ on the fulfilled 5 × 5 risk matrix with SPARTA-based SRs
3:	Decide $α_{t}$ and $β_{t}$ for reduction of each $p s_{t}$
4:	Calculate ${s m}_{t}^{1}$ with $α_{t}$ and $β_{t}$
5:	if $τ_{t}$ is $F a l s e$ then
6:	Mitigate $p s_{t}$ with $m s_{t}$ , $m s_{t} = p s_{t} - {s m}_{t}^{1}$
7:	else then
8:	Calculate ${s m}_{t}^{2}$ with $γ_{t}$ and $ϵ_{t}$
9:	Mitigate $p s_{t}$ with $m s_{t}$ , $m s_{t} = p s_{t} - ({s m}_{t}^{1} \times {s m}_{T}^{2})$
10:	return $m s_{t} \in M S_{T}$

3.3. Proof-of-concept with Best Practice

To empirically validate the efficacy and novelty of the proposed Multi-tiered Space Cyber TARA, SR, and SM, a comprehensive validation of best practice is conducted, focusing on the software supply chain within the space system architecture. As depicted in Fig. 7, the space cyber ecosystem subject to cybersecurity assessment in this study is structured as a data flow diagram and is systematically normalized into three primary segments: Space Segment, Link Segment, and Ground Segment. In the Space Segment, two key platforms are categorized: Operational Platform: Centrally controls mission-oriented propulsion and maneuvering in space. Pay load Platform: Executes sub-party missions, such as weather observation, by utilizing RF antennas and CCSDS protocol-based telemetry and telecommand to communicate with ground stations. In the Ground Segment, multiple sub- segments are hierarchically structured: Operational Ground Sub-Segment: Remotely manages TT&C (Telemetry, Tracking, and Command) Systems and GNSS (Global Navigation Satellite Systems) for segmented GCS. Launch Ground Sub-Segment: Controls space asset launch and maneuvering. Space Supply Chain Segment: Manages logistics and security aspects of the space supply chain. User Ground Sub-Segment: Implements access and device control within the space ecosystem via VPN (Virtual Private Network).

https://cdn.apub.kr/journalsite/sites/JOSS/2025-002-01/N0670020104/images/Figure_joss_02_01_04_F7.jpg

FIG. 7.

Conceptual topology of space system architecture based on major segments.

Through this best practice, the applicability of Multi-tiered Space Cyber TARA to space system architectures is comprehensively demonstrated.

Given that the space supply chain segment encompasses numerous sub-party organizations and development vendors with comparatively weaker security postures, it represents the most vulnerable attack surface. Therefore, the supply chain segment is designated as the initial attack vector, predicated on the assumption that malicious state actors could exploit it to propagate space cyber warfare in a cascading manner.

Based on this assumption, as illustrated in Fig. 8, an adversarial kill chain case is conceptualized, focusing on social engineering attacks and backdoor concealment activities.

https://cdn.apub.kr/journalsite/sites/JOSS/2025-002-01/N0670020104/images/Figure_joss_02_01_04_F8.jpg

FIG. 8.

Space cyber warfare scenario in supply chain segment.

3.3.1. Definition of APT

･Prepares malware that establishes a reverse connection based on external constraint conditions.

･Conducts social-engineering attacks (e.g., spear phishing and water ing hole attacks) targeting employees of SMEs (Small and Medium-Sized Enterprises) with relatively weaker security management.

･Injects malware into spacecraft software under development.

･After development completion, the malware remains persistently concealed within the operational spacecraft software.

･During PNT communications with the GCS, the geofencing trigger is exploited to establish RCE (Remote Code Execution).

･Achieves T-DDoS (Telemetry-centric Distributed Denial-of-Service) via a reverse shell based on C2 (Command and Control).

3.3.2. Identification of Attack Surfaces

･Human and physical layers of commercial vendors with relatively lower security (No DiD).

･Unverified security assessment and defense validation procedures for software subcomponents and subsystems (No S2bD).

･Absence of security controls established through total life-cycle system management (No Space-DevSecOps).

･Non-redundant authorization/authentication mechanisms.

･Unprotected operational zones of internal units, lacking sandboxing mechanisms.

3.3.3. Normalization of Kill Chain Sequences

･Conducts social-engineering attacks to obtain legitimate internal access within a vulnerable commercial vendor.

･Exploits the compromised access to inject a C2 backdoor into the space system software during development.

･Before transportation, conceals execution to evade vulnerability analysis and inspection. Additionally, fragments and distributes malicious code in memory to bypass anomaly detection mechanisms.

･Disrupts communication services by triggering automatic RCE through PNT geofencing.

･Introduces persistent issues in the GCS, preventing realtime TC execution and payload operations.

Additionally, as shown in Fig. 8, the initial SR for each threat is derived by embedding the correlations among referenced space cybersecurity frameworks within the Multi-tiered Space Cyber TARA. These results are systematically summarized in Table 5. Moreover, to adaptively defend against this adversarial kill chain case, a defensive chain case is formulated, as illustrated in Fig. 9. This defensive approach is structured based on the competitive engagement concept of the C-SoC, which continuously monitors the status of space infrastructure.

TABLE 5.

List of initial SR for space cyber warfare scenario

Seq	SPARTA				SPACE-SHIELD		MITRE ATT&CK		SR scoring
	Tactic	Techni- que	Descrip- tion	Threat	Techni- que	Threat	Techni- que	Threat	H			M			L
	Tactic	Techni- que	Descrip- tion	Threat	Techni- que	Threat	Techni- que	Threat	Imp.	Lik.	${}_{i n i t}S R$	Imp.	Lik.	${}_{i n i t}S R$	Imp.	Lik.	${}_{i n i t}S R$
1	Reconnai- ssance (ST0001)	REC- 0008.04	∙ Gather Supply Chain Information: Business Relationships	∙ SV-CF-3 \| SV-SP-4	∙ T1591	∙ TA0043	∙ T1591. 002	∙ G0035 \| G1004 \| G0034	1	4	6	1	3	4	1	2	2
2	Initial Access (ST0003)	IA- 0001.01	∙ Compromise Supply Chain: Software Dependencies & Development Tools	∙ SV-SP-1 \| SV-SP-3 \| SV-SP-4 \| SV-SP-6 \| SV-SP-7 \| SV-SP-9 \| SV-SP-10	∙ T1195 \| T1195.001	∙ TA0001	∙ T1195 \| T1195. 001	∙ S0658	4	4	22	4	3	19	4	2	14
3	Initial Access (ST0003)	IA- 0001.02	∙ Compromise Supply Chain: Software Supply Chain	∙ SV-IT-2 \| SV-IT-3 \| SV-SP-1 \| SV-SP-3 \| SV-SP-4 \| SV-SP-6 \| SV-SP-7 \| SV-SP-9 \| SV-SP-10	∙ T1195 \| T1195.002	∙ TA0001	∙ T1195 \| T1195. 002	∙ G0096 \| S0222 \| G0080 \| G0035 \| G0046 \| G0115 \| S0493 \| G0034 \| C0024 \| S0562 \| G0027	4	4	22	4	3	19	4	2	14
4	Execution (ST0004)	EX- 0002	∙ Position, Navigation, and Timing (PNT) Geofencing	∙ SV-MA-3 \| SV-SP-3	-	-	∙ T1627. 001	∙ S1094 \| S0507 \| G0112	5	1	12	5	1	12	5	1	12
5	Impact (ST0009)	IMP- 0002	∙ Disruption	∙ SV-AV-1 \| SV-AV-2 \| SV-AV-3 \| SV-AV-4 \| SV-AV-5 \| SV-AV-6 \| SV-MA-2 \| SV-MA-3 \| SV-MA-5 \| SV-MA-7 \| SV-MA-8 \| SV-SP-1 \| SV-SP-3 \| SV-SP-4 \| SV-SP-5 \| SV-SP-9	∙ T2055 \| T2055.001 \| T1496 \| T2052 \| T2052.001 \| T2026 \| T2026.001	∙ TA0040	-	-	-

https://cdn.apub.kr/journalsite/sites/JOSS/2025-002-01/N0670020104/images/Figure_joss_02_01_04_F9.jpg

FIG. 9.

C-SoC-based cybersecurity scenario against advanced cyber warfare.

3.3.4. Determination of Countermeasures

･Implement secure TDD (Test-Driven Development) for hardware components and embedded software within space systems (Yes DiD).

･Adopt specialized space cybersecurity profiles and leverage TTP-based CTI and IoCs (Yes S2bD).

･Establish hierarchical access control policies and multi-layered device control principles (Yes Space- DevSecOps).

･Standardize asset management and mission control mechanisms through SBO

･M (Software Bill of Materials) while simultaneously structuring POA&M (Plan of Action & Milestones) governance within the SOPs.

As illustrated in Fig. 9, the SM1 list for reducing the initial SR is determined based on impact and likelihood layers, as summarized in Table 6. Through this approach, the quantitative assessment for IV&V demonstrates that all kill chain activities of adversaries targeting the space supply chain can be significantly mitigated. Notably, by focusing on preemptive counter measures against weaponization tactics—particularly those in the reconnaissance and initial access stages, which occur before the exploit and execution stages—the analysis explicitly demon strates that the continuity of an advanced space attack can be proactively disrupted.

TABLE 6.

List of calculated mandatory SM1 with SPARTA

Technique
(SPARTA)

{}_{i n i t}S R

SM1 scoring

Impact layer

Likelihood layer

{}_{i m p .}S

{}_{L i k .}S

SM1

REC-0008.04

✓

IA-0001.01

✓

IA-0001.02

✓

EX-0002

✓

IMP-0002

However, mitigation measures based solely on SM1 fail to comprehensively capture the correlations assigned to specific countermeasures and CTI catalogs, nor do they adequately reflect the latent sequential dependencies within TTPs and IoCs in adversarial kill chains. To address these limitations, the SM2 list is derived based on location layers and defense coverage layers, as summarized in Table 7. SM2 is then integrated with SM1, as shown in Table 8, for integrated application. Through this approach, the analysis demonstrates that risk assessment procedures can be operationalized more effectively from a management perspective, leveraging the SPARTA navigator. Furthermore, in the space cyber domain, this framework enables more granular quantitative security evaluation by layering and interlinking perimeter and non-perimeter defense solutions, ensuring enhanced multi-dimensional risk mitigation with multi-redundancy.

TABLE 7.

List of mitigated SR with SM1

S.	Technique (SPARTA)	${}_{i n i t}S R$			SM1 scoring
		${}_{i n i t}S R$			SM1	${}_{m i t i g a t e d}S R 1$
		Previous H	Previous M	Previous L		${}_{m i t i g a t e d}S R 1$
		Previous H	Previous M	Previous L		Mitigated H	Mitigated M	Mitigated L
1	REC-0008.04	6	4	2	6	0	0	0
2	IA-0001.01	22	19	14	15	7	4	0
3	IA-0001.02	22	19	14	9	13	10	5
4	EX-0002	12	12	12	9	3	3	3
5	IMP-0002	-

TABLE 8.

List of calculated optional SM2 with SPARTA

S.	SPARTA		Avail.	SM2 scoring
	Tactic	Avg. defense coverage (%)		Location layer				Compound val 1.	Defense coverage layer			Compound val 2.	SM2
	Tactic	Avg. defense coverage (%)		S	L	G	U	Compound val 1.	L	M	H	Compound val 2.	SM2
1	Reconnaissance (ST0001)	76.76	✓				✓	0.2			✓	1.0	0.20
2	Resource Development (ST0002)	27.5		-
3	Initial Access (ST0003)	42.775	✓			✓		0.4	✓			0.6	0.24
4	Execution (ST0004)	48.207	✓	✓				0.8	✓			0.6	0.48
5	Persistence (ST0005)	56.084		-
6	Defense Evasion (ST0006)	55.867		-
7	Lateral Movement (ST0007)	21.306		-
8	Exfiltration (ST0008)	21.811		-
9	Impact (ST0009)	-		-

4. CONCLUSION

This study has introduced the Multi-tiered Space Cyber TARA, incorporating SR and SM metrics, to extend the IV&V applicability of established space cybersecurity frameworks including SPARTA and SPACE-SHIELD. The framework systematically evaluated the damage ripple effect and validated mitigation responses based on the competitive dynamics of supply chain actors. Security controls, intelligence, and IoCs were analyzed, demonstrating the proposed method as a quantitative MBSE-based risk assessment toolkit for secure space IV&V. Moreover, its interoperability with SPARTA, MITRE ATT&CK, and NIST CSF was qualitatively validated through MNB-based overlay and tailoring mechanisms.

Nevertheless, a key limitation of this study is that the conceptualized Multi-tiered Space Cyber TARA primarily references atomic records derived from SPARTA, MITRE ATT&CK TTPs, and their countermeasures. Its applicability to other space cybersecurity frameworks, such as S PACE- SHIELD, remains limited to mediating SPARTA-related elements. To minimize discrepancies in threat representations across frameworks, direct normalization of SPACE-SHIELD into an archival format is imperative.

Additionally, SM1’s likelihood assessment relies upon MITRE’s Cyber Risk Remediation Asses sment (CRRA), while SM2’s defense coverage depends on SPARTA’s navigator component.

To enhance the generalizability of Space Mitigation (SM), diversification of referenced assessment artifacts is essential. Moreover, in the Proof-of-Concept (PoC), the space system architecture and supply chain scenarios were abstracted into a generalized model to control the analysis scope. This abstraction encompassed subordinate platforms, infrastructure, peripherals, auxiliary modules, and unit components. Nevertheless, as these assumptions may not fully align with the specific policies, doctrines, and SOPs of space agencies and security organizations, addressing this heterogeneity is imperative for broader applicability.

To address these limitations, future work will expand the PoC scope to space cyber-electronic warfare (S-CEW) and constellation satellite best practices. The research will also integrate additional framework components, including SPACE- SHIELD, MITRE ENGAGE, and MITRE EMB3D. Building on these foundations, the development of Space-PTaaS solutions for S2bD and Space- eMASS appliances for DiD is anticipated.

Acknowledgements

All authors express gratitude for the financial support from the Korean Academy of Space Security in 2024.

References

White House (n.d.) Memorandum on space policy directive-5: cybersecurity principles for space systems. Available at https://trumpwhitehouse.archives.gov/presidential-actions/memorandum-space-policy-directive-5-cybersecurity-principles-space-systems/. Accessed 6 February 2025

Aerospace Corporation (n.d.) Space attack research & tactic analysis (SPARTA). Available at https://aerospace.org/sparta/. Accessed 6 February 2025

European Space Agency (n.d.) "Space attacks and countermeasures engineering shield (SPACE-SHIELD). Available at https://spaceshield.esa.int/. Accessed 6 February 2025

MITRE (n.d.) Adversarial tactics, techniques, and common knowledge (ATT&CK). Available at https://attack.mitre.org/. Accessed 6 February 2025

MITRE (n.d.) Detection, denial, and disruption framework empowering network defense (D3FEND). Available at https://d3fend.mitre.org/. Accessed 6 February 2025

CCSDS (n.d.) Consultative committee for space data systems. Available at https://public.ccsds.org/default.aspx/. Accessed 6 February 2025

Department of Defense (n.d.) Trusted systems and networks (TSN) analysis. Available at https://rt.cto.mil/wp-content/uploads/2019/06/Trusted-Systems-and-Networks-TSN-Analysis.pdf/. Accessed 6 February 2025

NASA (n.d.) IVV 09-1: independent verification and validation technical framework. Available at https://www.nasa.gov/wp-content/uploads/2015/09/ivv_09-1_independent_verification_and_validation_technical_framework_-_ver_p_-_10-25-2017.pdf/. Accessed 6 February 2025

MITRE (n.d.) Knowledge management at The MITRE corporation. Available at https://www.researchgate.net/profile/Mark-Maybury-2/publication/228858770_Knowledge_Management_at_The_MITRE_Corporation/links/00b495295de7574a29000000/Knowledge-Management-at-The-MITRE-Corporation.pdf/. Accessed 6 February 2025

MITRE (n.d.) Threat assessment & remediation analysis (TARA). Available at https://www.mitre.org/sites/default/files/2021-10/pr-11-4982-tara-methodology-and-description.pdf/. Accessed 6 February 2025

Hasan K, Shetty S, Hassanzadeh A, Ullah S (2019) Towards optimal cyber defense remediation in cyber physical systems by balancing operational resilience and strategic risk. MILCOM 2019. Norfolk, VA, USA, pp 1-8. doi:10.1109/MILCOM47813.2019.9021076/

10.1109/MILCOM47813.2019.9021076

NIST (n.d.) NIST IR 8270 - Introduction to cybersecurity for commercial satellite operations. Available at https://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8270.pdf/. Accessed 6 February 2025

NIST (n.d.) NIST IR 8323 Rev. 1 - Foundational PNT Profile: applying the cybersecurity framework for the responsible use of positioning, navigation, and timing (PNT) services. Available at https://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8323r1.pdf/. Accessed 6 February 2025

NIST (n.d.) NIST IR 8401 - Satellite ground segment: applying the cybersecurity framework to satellite command and control. Available at https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8401.pdf/. Accessed 6 February 2025

NIST (n.d.) NIST IR 8441 - Cybersecurity framework profile for hybrid satellite networks (HSN). Available at https://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8441.pdf/. Accessed 6 February 2025

NASA (n.d.) Space security: best practices guide (BPG) Rev. B. Available at https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/space-security-best-practices-guide-bpg-rev-1.pdf/. Accessed 6 February 2025

NASA (n.d.) NASA-STD-1006A: space system protection standard. Available at https://standards.nasa.gov/standard/NASA/NASA-STD-1006/. Accessed 6 February 2025

Space-ISAC (n.d.) Space information sharing and analysis center. Available at https://spaceisac.org/. Accessed 6 February 2025

Aerospace Corporation (n.d.) STIX-Based threat detection: observables and IOCs for space systems. Available at https://cwe.ccsds.org/sea/_layouts/15/WopiFrame.aspx?sourcedoc=%7BD292C2AE-170C-4805-A8B3-6A4ACA9A8313%7D&file=DRAFT_OTR-2025-00042%20-%20STIX-Based%20Threat%20Detection_Observables%20and%20IOCs%20for%20Space%20Systems.pdf&action=default/. Accessed 6 February 2025

OASIS (n.d.) Introduction to TAXII. Available at https://oasis-open.github.io/cti-documentation/taxii/intro.html/. Accessed 6 February 2025

Aerospace Corporation (n.d.) MoonLighter. Available at https://aerospace.org/sites/default/files/2023-04/AK23_114_Fact%20Sheet_Moonlighter_REVB.pdf/. Accessed 6 February 2025

Werremeyer M, Williams J, Wood S, Walker M, Ameen J, Kerley B (2024) Hack-A-Sat: four years from the cromulence tech team. 2024 IEEE Aerospace Conference, Big Sky, MT, USA, pp 1-17. doi:10.1109/AERO58975.2024.10521107/. Accessed 6 February 2025

10.1109/AERO58975.2024.10521107

ESA (n.d.) ARTES-4S: safety & security. Available at https://connectivity.esa.int/space-systems-safety-and-security-4s/. Accessed 6 February 2025

ESA (n.d.) Space cyber range (SCR). Available at https://connectivity.esa.int/projects/scr/. Accessed 6 February 2025

ESA (n.d.) 4S system and services testbed (4SSTB). Available at https://connectivity.esa.int/projects/4sstb/. Accessed 6 February 2025

CCSDS (n.d.) CCSDS 355.0-B-2: space data link security protocol. Available at https://public.ccsds.org/Pubs/355x0b2.pdf/. Accessed 6 February 2025

ESA (n.d.) International use cases for operational QKD applications and services (INT-UQKD). Available at https://connectivity.esa.int/projects/intuqkd/. Accessed 6 February 2025

ESA (n.d.) GEO QKD hosted payload (caramuel). Available at https://connectivity.esa.int/projects/caramuel/. Accessed 6 February 2025

NASA (n.d.) GSFC-STD-8012: bulk security standard for spacecraft communication. Available at https://standards.nasa.gov/standard/GSFC/GSFC-STD-8012/. Accessed 6 February 2025

IETF (n.d.) RFC 9172: bundle protocol security (BPSec). Available at https://www.rfc-editor.org/rfc/rfc9172.pdf/. Accessed 6 February 2025

EUSPA (n.d.) GOVSATCOM. Available at https://www.euspa.europa.eu/eu-space-programme/secure-satcom/govsatcom/. Accessed 6 February 2025

EUSPA (n.d.) IRIS2: infrastructure for resilience, interconnectivity and security by satellite. Available at https://www.euspa.europa.eu/sites/default/files/2024-03/IRIS2.pdf/. Accessed 6 February 2025

EUSPA (n.d.) CASSINI challenge. Available at https://www.euspa.europa.eu/cassinichallenges/. Accessed 6 February 2025

EUSPA (n.d.) EU space-ISAC. Available at https://www.euspa.europa. eu/newsroom-events/news/eu-space-isac/. Accessed 6 February 2025

ESA (n.d.) OPS-SAT. Available at https://www.esa.int/Enabling_Support/Operations/OPS-SAT/. Accessed 6 February 2025

ESA (n.d.) The ESA CyberCube mission. CYSAT 2024. Available at https://www.youtube.com/watch?v=IzOVRHfQHZQ/. Accessed 6 February 2025

NCSC (n.d.) Cyber assessment framework. Available at https://www.ncsc.gov.uk/collection/cyber-assessment-framework/. Accessed 6 February 2025

UKSA (n.d.) Cyber security toolkit. Available at https://assets.publishing.service.gov.uk/media/5ec298a3e90e071e2f955ebc/Space_cyber_toolkit_final_v4.pdf/. Accessed 6 February 2025

BSI (n.d.) IT-Grundschutz profile for space infrastructures - minimum protection for satellites covering their entire life cycle. Available at https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/profiles/Profile_Space-Infrastructures.pdf?__blob=publicationFile&v=2/. Accessed 6 February 2025

BSI (n.d.) Technical guideline BSI TR-03184 information security for space systems - Part 1: space segment. Available at https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03184/BSI-TR-03184_part1.pdf?__blob=publicationFile&v=3/. Accessed 6 February 2025

METI (n.d.) Cybersecurity guidelines for commercial space systems ver. 2.0. Available at https://www.meti.go.jp/shingikai/mono_info_service/sangyo_cyber/wg_seido/wg_uchu_sangyo/pdf/20240327_1.pdf/. Accessed 6 February 2025

Cabinet Secretariat of Japan (n.d.) Space security initiative 2023. Available at https://www8.cao.go.jp/space/anpo/kaitei_fy05/enganpo_fy05.pdf/. Accessed 6 February 2025

NIST (n.d.) NIST CSWP 20 - The NIST cybersecurity framework (CSF) 2.0. Available at https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf/. Accessed 6 February 2025

10.6028/NIST.CSWP.29.nor

NIST (n.d.) NIST SP 800-37 Rev. 2 - risk management framework for information systems and organizations: a system life cycle approach for security and privacy. Available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf/. Accessed 6 February 2025

NIST (n.d.) NIST SP 800-161 Rev. 1 - C-SCRM: cybersecurity supply chain risk management practices for systems and organizations. Available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf/. Accessed 6 February 2025

CyberAB (n.d.) Cybersecurity maturity model certification (CMMC) assessment process ver 2.0. Available at https://cyberab.org/Portals/0/CMMC%20Assessment%20Process%20v2.0.pdf?ver=fEk1pUK1Fg26fVtopxv_DA%3D%3D/. Accessed 6 February 2025

ISO (n.d.) ISO/IEC 27001:2022 - information security, cybersecurity and privacy protection - information security management systems - Requirements. Available at https://www.iso.org/standard/27001/. Accessed 6 February 2025

JOURNAL OF SPACE SECURITY ISSN:3058-5759(Print) 한국우주안보학회지

Preview

Multi-tiered space cyber TARA: Quantification of risk and mitigation with SPARTA TTP

ABSTRACT

MAIN

TABLE 1.

Taxonomy of research and development rating of space cybersecurity by major countries

TABLE 2.

Taxonomy of space & legacy TTP-based cybersecurity framework

FIG. 1.

Overview of threat modeling mechanism.

FIG. 2.

Conceptual diagram of TARA.

FIG. 3.

Detailed configuration diagram of Multi-tiered Space Cyber ​​TARA.

FIG. 4.

Advanced TSN-based process of Multi-tiered Space Cyber ​​TARA.

Algorithm 1.

Pseudo code of space risk (SR) metric for threat quantification

FIG. 5.

Conceptual equation scope of SR.

FIG. 6.

Conceptual equation scope of SM.

TABLE 3.

Baseline of SM1 with risk matrix

TABLE 4.

Baseline of SM2 with defense coverage

Algorithm 2.

Pseudo code of space mitigation (SM) metric for countermeasure quantification

FIG. 7.

Conceptual topology of space system architecture based on major segments.

FIG. 8.

Space cyber warfare scenario in supply chain segment.

TABLE 5.

List of initial SR for space cyber warfare scenario

FIG. 9.

C-SoC-based cybersecurity scenario against advanced cyber warfare.

TABLE 6.

List of calculated mandatory SM1 with SPARTA

TABLE 7.

List of mitigated SR with SM1

TABLE 8.

List of calculated optional SM2 with SPARTA

Acknowledgements

References

Detailed configuration diagram of Multi-tiered Space Cyber TARA.

Advanced TSN-based process of Multi-tiered Space Cyber TARA.