SPARTA v3.1 expands space cybersecurity with updated controls, new techniques, and research contributions
The Aerospace Corporation has released Space Attack Research and Tactic Analysis (SPARTA) v3.1, adding space segment guidance for NIST (National Institute of Standards and Technology) controls, a new user guide, mappings to MITRE’s EMB3D, and techniques contributed by researchers. The update also incorporates the DEF CON 33 presentation ‘Hacking Space to Defend It: Generating IoBs with SPARTA,’ along with some general bug fixes and aesthetic updates to the GUI to enhance usability.
SPARTA v3.1 introduces dedicated guidance aligned with and leveraged by the Committee for National Security Systems Instruction (CNSSI) 1253 Attachment 2 to Appendix F, Space Platform Overlay, the Aerospace Corporation, detailed in a Tuesday Medium post. “This update translates NIST SP 800–53 security controls into space segment-specific context, giving engineers and operators clear interpretation of how to tailor NIST controls for space segment threats and vulnerabilities.”
“While CNSSI 1253 has long provided baseline overlays for National Security Systems, the general nature of the main control baselines required significant tailoring and justification when applied to spacecraft,” the post added.
SPARTA 3.1 is expanding with the addition of two new techniques submitted by outside researchers. The first, IA-0013: Compromise Host SV, highlights a new initial access vector where attackers target the host spacecraft itself to pivot into a hosted payload. By exploiting vulnerabilities in the host vehicle’s onboard systems, command interfaces, or software, adversaries could move laterally into the payload, especially when buses, processors, or communication links are shared.
The second, DE-0012: Component Collusion, introduces a novel form of defense evasion. In this approach, adversaries compromise multiple modules during the supply chain process and design them to work together in ways that look benign when inspected individually. One component may quietly trigger conditions, while another executes the malicious action, undermining traditional detection methods like log analysis or code review.
The previous CNSSI 1253 Space Platform Overlay was published in 2013, and it provided tailoring guidance for that era of the space enterprise knowledge.
A new update to the Space Platform Overlay was released under the direction of EO 14144, and the new content provides modernized cybersecurity guidance for space segment protection. The new overlay builds upon the previous overlay content, but now significantly leverages TOR-2023–02161 Rev A content and directly references the SPARTA framework, nomenclature, and knowledge for analyzing attacks on space systems.
Securing spacecraft requires addressing threats at multiple layers of the architecture: from mission-level adversary tactics down to the hardware and firmware of onboard subsystems. The SPARTA framework has become the community’s reference model for describing spacecraft-specific adversary behaviors (techniques, sub-techniques, and countermeasures). SPARTA excels at enumerating mission-relevant threats and their countermeasures, and this mapping complements it by extending coverage into embedded device-level weaknesses and defenses, which is the foundational layer upon which spacecraft are built.
The MITRE EMB3D framework provides a curated, evidence-based knowledge base of embedded device threats and mitigations. EMB3D explicitly maps device properties (hardware, firmware, networking, and system software) to threats, weaknesses (CWEs), and tiered mitigations. Its focus on embedded security directly aligns with the realities of spacecraft, where size, weight, power (SWaP), and technology readiness level (TRL) constraints often dictate design trade-offs.
To bridge these complementary frameworks, the SPARTA team, in coordination with the EMB3D team, developed a crosswalk mapping between SPARTA techniques and countermeasures and EMB3D threats and mitigations.
One of the primary benefits of mapping SPARTA to EMB3D is the ability to align mission-level threats with their embedded systems exploit paths. SPARTA techniques describe what adversaries attempt, such as malicious firmware injection or bus eavesdropping, while EMB3D threats capture how those attempts technically manifest through mechanisms, such as insecure bootloader verification or exploitable network stack components.
By connecting the two, engineers can map high-level attack techniques directly to the underlying embedded weaknesses that enable them. The mapping also enriches countermeasure guidance by linking abstract protections to practical defenses. SPARTA countermeasures, such as ‘COMSEC’ or ‘Secure Boot,’ provide essential high-level direction, and EMB3D adds further perspective by offering concrete technical implementations organized into Foundational, Intermediate, and Leading tiers. Together, they deliver both strategic guidance and detailed engineering pathways for securing spacecraft.
Finally, this integration improves consistency and reduces subjectivity in threat modeling. Risk assessments often vary depending on analyst expertise, but EMB3D’s curated set of technical artifacts, CWEs, and engineering references helps standardize how threats are identified and mitigated at the embedded system level. This strengthens the overall reliability of SPARTA-based risk assessments across organizations and missions.
The Aerospace Corporation mentioned that integrating EMB3D into SPARTA offers several distinct benefits for spacecraft security. First, it enhances the protection of spacecraft embedded hardware, such as a single-board computer or reaction wheel firmware. While SPARTA provides essential high-level countermeasures, EMB3D adds further value by offering detailed coverage of hardware debug ports, firmware update processes, cryptographic key handling, and memory protections. Together, they provide both the strategic guidance and the engineering depth needed to secure these critical subsystems.
Another major benefit is the ability to prioritize mitigations through EMB3D’s tiered model. By adopting this approach, spacecraft engineers can implement Foundational defenses, such as memory-safe languages and basic bootloader authentication immediately, while planning for Intermediate or Leading mitigations, such as hardware-backed roots of trust or control-flow integrity, as technology readiness levels and size, weight, and power constraints allow. This creates a phased security roadmap that aligns with the realities of spacecraft development lifecycles.
Finally, the alignment anchors spacecraft protections within globally recognized standards. As EMB3D mitigations are mapped to ISA/IEC 62443–4–2 security controls, this crosswalk connects space cybersecurity to the broader industrial and embedded device security ecosystem. The result is reduced fragmentation, greater interoperability, and the adoption of practices already validated across other critical infrastructure sectors.
Overall, the mapping advances the maturity of space system defense by ensuring that spacecraft are protected at the mission and operations level, as well as at the embedded foundations where many of the most impactful vulnerabilities reside.
The SPARTA team is releasing Version 1 of the SPARTA User’s Guide, a living resource that will continue to be updated as the framework evolves and new capabilities are added. The guide provides a structured walkthrough of the framework’s tools and features, including techniques, countermeasures, and Indicators of Behavior (IOBs). It explains the underlying data elements, how to navigate the site, and how to leverage the built-in mappings to NIST controls, CWE classes, and secure-by-design principles.
The User’s Guide is designed to make SPARTA more accessible for a broad community of users. Whether conducting a threat-informed risk assessment, tailoring requirements, or developing intrusion detection logic, the guide illustrates how SPARTA’s resources can be applied to practical engineering and assessment needs. By offering this reference, the SPARTA team aims to lower the barrier of entry and enable government, industry, and academic partners to confidently leverage SPARTA in securing space systems.
The Medium post also pointed to an Aerospace report that explores how adversary TTPs can be systematically applied to strengthen the security of space systems. Titled ‘Recommended Practices for Integrating TTP Frameworks to Secure and Defend Space Systems,’ the paper shows how SPARTA, ATT&CK, and SPACE-SHIELD can be leveraged together to bridge the gap between high-level policy and hands-on engineering.
The document accounts for threat-informed engineering that connects adversary behaviors directly to subsystem protections, ensuring that defenses are mapped to real-world tactics. Cross-segment defense extends these protections across ground, link, and space environments, applying TTPs in a coordinated way.
It also addresses policy alignment, integrates SPD-5, NIST, and CNSSP with practical security requirements, closing the gap between standards and implementation. Finally, detection-ready practices emphasize building intrusion detection and monitoring systems that use IOCs and IOBs in STIX to strengthen threat visibility.
The paper highlights the unique challenges of applying frameworks to spacecraft, including technology readiness gaps and the need for onboard intrusion detection capabilities. The report provides a table of recommended practices that can be directly adopted by engineers, operators, and acquisition professionals to make it practical.
link
