Characterizing Cyber Attacks against Space Infrastructures with Missing Data: Framework and Case Study
Ekzhin Ear, Jose Luis Castanon Remy, Caleb Chang, Qiren Que, Antonia Feffer, Shouhuai Xu
TL;DR
<3-5 sentence high-level summary> This paper tackles the lack of publicly available data documenting cyber attacks on space infrastructures by proposing a general framework that combines SPARTA and MITRE ATT&CK with missing-data extrapolation to characterize real-world incidents. It defines a Unified Space Cyber Kill Chain ($USCKC$) and three core metrics—attack consequence, attack sophistication, and $USCKC$ likelihood—and applies them to a newly assembled dataset of 108 space cyber attacks, generating 6,206 probable $USCKC$s. The case study reveals that many attacks pivot through the ground and link segments, that attacks are becoming more sophisticated, and that hardening the ground and link segments could significantly mitigate risk. The work provides a foundation for data-driven space cybersecurity analysis and releases the extrapolated dataset for public use, while acknowledging the need for automated, objective methods to handle missing data.
Abstract
Cybersecurity of space infrastructures is an emerging topic, despite space-related cybersecurity incidents occurring as early as 1977 (i.e., hijacking of a satellite transmission signal). There is no single dataset that documents cyber attacks against space infrastructures that have occurred in the past; instead, these incidents are often scattered in media reports while missing many details, which we dub the missing-data problem. Nevertheless, even ``low-quality'' datasets containing such reports would be extremely valuable because of the dearth of space cybersecurity data and the sensitivity of space infrastructures which are often restricted from disclosure by governments. This prompts a research question: How can we characterize real-world cyber attacks against space infrastructures? In this paper, we address the problem by proposing a framework, including metrics, while also addressing the missing-data problem by leveraging methodologies such as the Space Attack Research and Tactic Analysis (SPARTA) and the Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) to ``extrapolate'' the missing data in a principled fashion. We show how the extrapolated data can be used to reconstruct ``hypothetical but plausible'' space cyber kill chains and space cyber attack campaigns that have occurred in practice. To show the usefulness of the framework, we extract data for 108 cyber attacks against space infrastructures and show how to extrapolate this ``low-quality'' dataset containing missing information to derive 6,206 attack technique-level space cyber kill chains. Our findings include: cyber attacks against space infrastructures are getting increasingly sophisticated; successful protection of the link segment between the space and user segments could have thwarted nearly half of the 108 attacks. We will make our dataset available.