Module 01 inventory: 54 enumerated taxonomic elements. Use your browser's print dialog to save as PDF.

← Back to module
Full Spectrum Space Cybersecurity Professional

Module 01 Inventory

54 Enumerated Taxonomic Elements

The full Day-1 decomposition of the telecommand example produced in Module 01. Two PCE entries, four SEG enclaves, twenty-three SVC services, and twenty-five AST assets, every parent link populated, every ETEN in canonical LAYER:TAG:LABEL:ORDINAL:Description form. This is the structural record Modules 02–05 attach threats, attack paths, detection signatures, and resilience measures to.

PCE
2
Environments
SEG
4
Segments
SVC
23
Services
AST
25
Assets
Exported by verifying identity…
Exported at
Classification TLP:GREEN · SCORP² community only
Distribution Internal cohort and confirmed instructors only
TLP:GREEN SCORP² community only · do not redistribute outside cohort
Exported by: Exported at: Distribution: Internal cohort + confirmed instructors
If you received this file from outside the cohort, please notify william.o.ferguson@ethicallyhacking.space and delete it.

Decomposition Diagram, All 54 ETENs at a Glance

The four segment blocks (Space, Link, Ground, User), each holding its Services and Assets, linked up through Segments to the two PCE environments. Tables below give the full ETEN form and description for every node.

Module 01 decomposition diagram: four colored segment blocks (Space, Link, Ground, User) each containing the SVC services and AST assets that belong to that segment, with arrows showing AST-to-SVC and SVC-to-SEG parent links, and the four SEG entries linking up to the two PCE environments (Orbital and Terrestrial) on the right. SEG-LI:Link spans both environments.

Source: module1/assets/mod01-decomposition.dot. Regenerate with dot -Tpng -o mod01-decomposition.png mod01-decomposition.dot.

PCEPrimary Capability Environment, 2 entries

The two physical regimes the telecommand path crosses. Every SEG, SVC, and AST traces back to one (or both, for the cross-environment link) of these PCE entries.

ElementFull ETEN
PCE-TEPCE:TE:Terrestrial:00:Continental US surface operational regime where the platform ground stations, mission operations centers, and launch facilities are located.
PCE-ORPCE:OR:Orbital:00:The orbital regime in which the Space Vehicle operates and executes uplinked commands.

SEGSegment Layer, 4 entries

Four operational enclaves along the command path. Each names its parent PCE; the Link segment names both PCEs because the signal physically spans both regimes.

ElementLinks toFull ETEN
SEG-SPPCE:OR:Orbital:00SEG:SP:Space:00:Space-segment enclave: platform and payload subsystems on orbit.
SEG-LIPCE:OR + PCE:TESEG:LI:Link:00:Link-segment enclave: the RF/optical signal path between Space and Ground.
SEG-GRPCE:TE:Terrestrial:00SEG:GR:Ground:00:Ground-segment enclave: mission operations, command authority, cryptography, launch control.
SEG-USPCE:TE:Terrestrial:00SEG:US:User:00:User-segment enclave: operator consoles and end-user applications that consume mission product and originate commands.

SVC + ASTServices and Assets, per Segment

Twenty-three services and twenty-five assets, grouped by the segment they live in. Each SVC names its parent SEG; each AST names one (or more) parent SVC(s).

SEG-SP
Space segment
Platform and payload subsystems on orbit. Hosts every uplinked-command execution endpoint and the on-board mission/payload data planes.
Parent: PCE:OR:Orbital:00

SVC, 8 services

ETENDescription
SVC-CP:00SVC:CP:Control Plane:00:Attitude determination and control service (ADCS) orchestrating platform attitude.
SVC-CP:01SVC:CP:Control Plane:01:Cryptographic service, space-side.
SVC-CP:02SVC:CP:Control Plane:02:Electrical power management service (EPS) on the spacecraft.
SVC-CP:03SVC:CP:Control Plane:03:Flight termination service (FTS) on the spacecraft.
SVC-CP:04SVC:CP:Control Plane:04:Thermal control service (TCS) on the spacecraft.
SVC-DP:00SVC:DP:Data Plane:00:Mission downlink and uplink data plane on the SV.
SVC-DP:01SVC:DP:Data Plane:01:Payload data plane.
SVC-HY:00SVC:HY:Hybrid:00:Command and Data Handling service (C&DH) combining bus commanding and mission-data routing; receives every uplinked telecommand.

AST, 11 assets

ETENDescription
AST-HW:00AST:HW:Hardware:00:ADCS sensors (star trackers, gyros, magnetometers).
AST-SW:00AST:SW:Software:00:ADCS flight software.
AST-HW:01AST:HW:Hardware:01:Electrical power chain hardware (solar arrays, battery, PCDU).
AST-HW:02AST:HW:Hardware:02:FTS receiver and ordnance hardware.
AST-FW:00AST:FW:Firmware:00:FTS firmware governing flight-termination logic.
AST-HW:03AST:HW:Hardware:03:Thermal control hardware (heaters, radiators, MLI).
AST-HW:06AST:HW:Hardware:06:On-board computer (OBC) and OBDH bus hardware.
AST-FW:01AST:FW:Firmware:01:OBC boot firmware and bus-controller firmware.
AST-SW:06AST:SW:Software:06:C&DH flight software handling command processing and data routing.
AST-HW:07AST:HW:Hardware:07:Payload electronics hardware.
AST-FW:02AST:FW:Firmware:02:Payload repeater firmware.
SEG-LI
Link segment
RF/optical signal path between Space and Ground. Authenticates every uplinked command, handles error correction, and runs the tracking/telemetry exchange.
Parent: PCE:OR:Orbital:00, PCE:TE:Terrestrial:00 (cross-environment link)

SVC, 5 services

ETENDescription
SVC-CP:05SVC:CP:Control Plane:05:Authentication and command-acceptance service (ACA) on the link; gates every uplinked command.
SVC-CP:06SVC:CP:Control Plane:06:Attack detection and recovery service on the link.
SVC-CP:07SVC:CP:Control Plane:07:Payload command service on the link.
SVC-HY:01SVC:HY:Hybrid:01:Error handling (FEC/ECC) on the uplink and downlink.
SVC-HY:02SVC:HY:Hybrid:02:Tracking and telemetry (T2) service on the link.

AST, 3 assets

ETENDescription
AST-SI:00AST:SI:Signal:00:TC uplink waveform on the link.
AST-DA:00AST:DA:Data:00:Link ACA credentials including session keys and certificates.
AST-SW:01AST:SW:Software:01:Payload command encoder software.
SEG-GR
Ground segment
Mission operations, command authority, cryptography, launch control. Where commands are authorized and prepared before leaving Earth.
Parent: PCE:TE:Terrestrial:00

SVC, 5 services

ETENDescription
SVC-CP:08SVC:CP:Control Plane:08:Cryptographic service, ground-side.
SVC-CP:09SVC:CP:Control Plane:09:Authentication and command-acceptance service (ACA) on the ground.
SVC-CP:10SVC:CP:Control Plane:10:Launch control service.
SVC-CP:11SVC:CP:Control Plane:11:Autonomous flight safety service (AFSS).
SVC-CP:12SVC:CP:Control Plane:12:Patch update pipeline service.

AST, 4 assets

ETENDescription
AST-SW:02AST:SW:Software:02:Ground ACA software performing command authentication on the ground.
AST-DA:01AST:DA:Data:01:ACA credential store (master keys, certificate authority data).
AST-DA:02AST:DA:Data:02:Patch binaries for firmware and software updates.
AST-SW:03AST:SW:Software:03:Patch deployment pipeline software.
SEG-US
User segment
Operator consoles and end-user applications. Where commands originate and where mission product is consumed.
Parent: PCE:TE:Terrestrial:00

SVC, 5 services

ETENDescription
SVC-CP:13SVC:CP:Control Plane:13:Satellite console operations service.
SVC-CP:14SVC:CP:Control Plane:14:Cryptographic and key-management service, user-side.
SVC-CP:15SVC:CP:Control Plane:15:Authentication and command-acceptance service (ACA) on the user side.
SVC-CP:16SVC:CP:Control Plane:16:Satellite-ground command transport service.
SVC-DP:02SVC:DP:Data Plane:02:End-user application data plane consuming mission product.

AST, 7 assets

ETENDescription
AST-HW:04AST:HW:Hardware:04:Operator console hardware (workstation, peripherals).
AST-SW:04AST:SW:Software:04:Console operator software.
AST-HW:05AST:HW:Hardware:05:User-side hardware security module (HSM).
AST-DA:03AST:DA:Data:03:Cryptographic keys held by user-side HSM.
AST-SW:05AST:SW:Software:05:User-side ACA software for outbound command signing.
AST-SW:08AST:SW:Software:08:End-user application software.
AST-DA:04AST:DA:Data:04:Mission product data consumed by end-user application.