Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Towards Principled Risk Scores for Space Cyber Risk Management

Ekzhin Ear, Brandon Bailey, Shouhuai Xu

TL;DR

The paper tackles the challenge of principled space cyber risk assessment by providing an algorithmic description of how to apply Notional Risk Scores (NRS) within the SPARTA framework, proposing a comprehensive set of desirable properties for future NRS, and introducing a mission-centric formalism based on mission control and data flows to guide automated risk management. Through a real-world Terra satellite case study, the authors analyze the strengths, weaknesses, and applicability of NRS, illustrating how current NRS can identify high-priority techniques and corresponding mitigations while revealing gaps in justification, threat modeling, and linkage to attack flows. The contributions include a concrete algorithm for NRS usage, a structured property framework (usability, usefulness, robustness), and a formalism for designing future NRS that supports automated tools and mission-centric risk management across the life cycle. The work advances space cyber risk management by providing a principled baseline and a clear research agenda for developing more objective, scalable, and mission-aware risk scoring and defense planning.

Abstract

Space is an emerging domain critical to humankind. Correspondingly, space cybersecurity is an emerging field with much research to be done. To help space cybersecurity practitioners better manage cyber risks, The Aerospace Corporation proposed Notional Risk Scores (NRS) within their Space Attack Research and Tactic Analysis (SPARTA) framework, which can be applied to quantify the cyber risks associated with space infrastructures and systems. While intended for adoption by practitioners, NRS has not been analyzed with real-world scenarios, putting its effectiveness into question. In this paper we analyze NRS via a real-world cyber attack scenario against a satellite, and characterize the strengths, weaknesses, and applicability of NRS. The characterization prompts us to propose a set of desired properties to guide the design of future NRS. As a first step along this direction, we further propose a formalism to serve as a baseline for designing future NRS with those desired properties.

Towards Principled Risk Scores for Space Cyber Risk Management

TL;DR

The paper tackles the challenge of principled space cyber risk assessment by providing an algorithmic description of how to apply Notional Risk Scores (NRS) within the SPARTA framework, proposing a comprehensive set of desirable properties for future NRS, and introducing a mission-centric formalism based on mission control and data flows to guide automated risk management. Through a real-world Terra satellite case study, the authors analyze the strengths, weaknesses, and applicability of NRS, illustrating how current NRS can identify high-priority techniques and corresponding mitigations while revealing gaps in justification, threat modeling, and linkage to attack flows. The contributions include a concrete algorithm for NRS usage, a structured property framework (usability, usefulness, robustness), and a formalism for designing future NRS that supports automated tools and mission-centric risk management across the life cycle. The work advances space cyber risk management by providing a principled baseline and a clear research agenda for developing more objective, scalable, and mission-aware risk scoring and defense planning.

Abstract

Space is an emerging domain critical to humankind. Correspondingly, space cybersecurity is an emerging field with much research to be done. To help space cybersecurity practitioners better manage cyber risks, The Aerospace Corporation proposed Notional Risk Scores (NRS) within their Space Attack Research and Tactic Analysis (SPARTA) framework, which can be applied to quantify the cyber risks associated with space infrastructures and systems. While intended for adoption by practitioners, NRS has not been analyzed with real-world scenarios, putting its effectiveness into question. In this paper we analyze NRS via a real-world cyber attack scenario against a satellite, and characterize the strengths, weaknesses, and applicability of NRS. The characterization prompts us to propose a set of desired properties to guide the design of future NRS. As a first step along this direction, we further propose a formalism to serve as a baseline for designing future NRS with those desired properties.
Paper Structure (22 sections, 3 figures, 1 algorithm)

This paper contains 22 sections, 3 figures, 1 algorithm.

Table of Contents

  1. Introduction
  2. A Review of NRS
  3. Space System Model and Terminology
  4. Overview of the Space Cyber NRS
  5. System Criticality
  6. SPARTA Technique Likelihood
  7. SPARTA Technique Impact
  8. Risk Matrix Representation (Risk Scores)
  9. Countermeasures and Security Controls
  10. Algorithm for Using NRS
  11. Characterizing NRS
  12. Case Study Based on a Real-World Attack
  13. Characteristics of NRS
  14. Strengths of NRS
  15. Weaknesses of NRS
  16. ...and 7 more sections

Figures (3)

  • Figure 1: Space infrastructure system model (adapted from ear2023characterizing).
  • Figure 2: System model representing Terra overlaid with mission control/data flows, attack flows, and attack techniques.
  • Figure 3: 5$\times$5 risk matrix for the Terra space system.

Theorems & Definitions (5)

  • Definition 1: mission control flow
  • Definition 2: mission control flow graph
  • Definition 3: mission data flow
  • Definition 4: mission data flow graph
  • Definition 5: mission