Towards Principled Risk Scores for Space Cyber Risk Management

Space is an emerging domain critical to humankind. Correspondingly, space cybersecurity is an emerging field with much research to be done. To help space cybersecurity practitioners better manage cyber risks, The Aerospace Corporation proposed Notional Risk Scores (NRS) within their Space Attack Research and Tactic Analysis (SPARTA) framework, which can be applied to quantify the cyber risks associated with space infrastructures and systems. While intended for adoption by practitioners, NRS has not been analyzed with real-world scenarios, putting its effectiveness into question. In this paper we analyze NRS via a real-world cyber attack scenario against a satellite, and characterize the strengths, weaknesses, and applicability of NRS. The characterization prompts us to propose a set of desired properties to guide the design of future NRS. As a first step along this direction, we further propose a formalism to serve as a baseline for designing future NRS with those desired properties.

• Publication year

  2024

• Venue

  arXiv.org

• Publication date

  2024-02-04

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.48550/arXiv.2402.02635arXiv 2402.02635
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Characterizing Cyber Attacks against Space Systems with Missing Data: Framework and Case Study

  2023influential reference
• Introduction to Cybersecurity for Commercial Satellite Operations

  2022cited by this paper
• A Risk Based Approach to Space System Protection

  2022cited by this paper
• Building a launchpad for satellite cyber-security research: lessons from 60 years of spaceflight

  2022cited by this paper
• Satellite Ground Segment: Applying the Cybersecurity Framework to Assure Satellite Command and Control

  2022cited by this paper
• Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN)

  2022cited by this paper
• A Security Risk Taxonomy for Commercial Space Missions

  2021cited by this paper
• The Cybersecurity Dynamics Way of Thinking and Landscape

  2020cited by this paper
• Security and Privacy Controls for Information Systems and Organizations

  2020influential reference
• MITRE ATT&CK ® : Design and Philosophy

  2020cited by this paper
• Lessons learned from applying cyber risk management and survivability concepts to a space mission

  2016influential reference
• The Joint Task Force Transformation Initiative

  2013cited by this paper
• Satellite hacking: A guide for the perplexed

  2013cited by this paper
• National Institute of Standards and Technologyにおける超伝導研究及び生活

  2001cited by this paper

• SoK: Space Infrastructures Vulnerabilities, Attacks and Defenses

  2025cites this paper
• Space Cybersecurity Testbed: Fidelity Framework, Example Implementation, and Characterization

  2025cites this paper
• Jamming-Resistant Communications Via Cryptographic Secret Sharing

  2024cites this paper
• Drafting a Cybersecurity Standard for Outer Space Missions: On Critical Infrastructure, China, and the Indispensability of a Global Inclusive Approach

  2024cites this paper
• Characterizing Advanced Persistent Threats Through the Lens of Characterizing Advanced Persistent Threats Through the Lens of Cyber Attack Flows Cyber Attack Flows

  year unknowncites this paper