Save these enumerated entries as a PDF using your browser’s print dialog.

← Back to module
Full Spectrum Space Cybersecurity Professional

Day 2 Enumerated Threats

14 AN-THR ETENs, Each TOE-Anchored to SVC + AST

Fourteen AN-THR entries against the platform. Each entry’s TOE field names the services and assets it is directed against.

USER
2
AN-THR
GROUND
5
AN-THR
LINK
3
AN-THR
SPACE
4
AN-THR
Exported by verifying identity…
Exported at
Classification TLP:GREEN · SCORP² community only
Distribution Internal cohort and confirmed instructors only
TLP:GREEN SCORP² community only · do not redistribute outside cohort
Exported by: Exported at: Distribution: Internal cohort + confirmed instructors
If you received this file from outside the cohort, please notify william.o.ferguson@ethicallyhacking.space and delete it.

Decomposition with Threat Mapping

The Module 01 platform decomposition with all 14 AN-THR entries drawn as red ellipses, each connected via TOE to the services and assets it is directed against. Use to see threat coverage per segment at a glance.

Module 02 decomposition diagram. Four colored segment blocks (Space, Link, Ground, User) each containing the SVC services and AST assets that belong to that segment, plus a per-segment red AN-THR cluster with edges to the SVCs and ASTs each threat is directed against via TOE.

Source: assets/mod02-decomposition-with-threats.dot · regenerate with dot -Tpng -o mod02-decomposition-with-threats.png mod02-decomposition-with-threats.dot

How to Read

Each row is one AN-THR entry. The ID column carries the AN:THR:Threat:ORDINAL identifier. The ETEN column carries the full Description. The TOE column names the services and assets the threat is directed against. SOURCE for every entry: OSINT.

USERUser Segment, 2 AN-THR

IDAN-THR ETENTOE · SVC + AST
AN-THR:00AN:THR:Threat:00:End-user application tampering: degrades operator’s trust in mission product by modifying the consuming application or the displayed data.SVC: SVC-DP:02
AST: AST-SW:08, AST-DA:04
AN-THR:01AN:THR:Threat:01:Operator console credential theft: steals operator or service-account credentials from the console workstation to impersonate the operator.SVC: SVC-CP:13, SVC-CP:15
AST: AST-HW:04, AST-SW:04, AST-DA:03

GROUNDGround Segment, 5 AN-THR

IDAN-THR ETENTOE · SVC + AST
AN-THR:02AN:THR:Threat:02:Long-dwell network intrusion: nation-state intrusion set pursuing persistent access to ground-side crypto and ACA.SVC: SVC-CP:08, SVC-CP:09
AST: AST-SW:02, AST-DA:01
AN-THR:03AN:THR:Threat:03:Operator credential theft: criminal actor pursuing operator and ground-station service-account credentials.SVC: SVC-CP:09, SVC-CP:13
AST: AST-DA:01
AN-THR:04AN:THR:Threat:04:Privileged insider misuse: cleared operator with command authority misuses commanding workstations to issue unauthorized commands.SVC: SVC-CP:09, SVC-CP:13
AST: AST-HW:04, AST-SW:04
AN-THR:05AN:THR:Threat:05:Lateral movement into mission control: external actor pivots from the operator network onto mission-control hosts.SVC: SVC-CP:13, SVC-CP:09
AST: AST-HW:04, AST-SW:04
AN-THR:06AN:THR:Threat:06:Ransomware against launch infrastructure: criminal or politically-motivated actor encrypts launch-control and update-pipeline systems.SVC: SVC-CP:10, SVC-CP:12
AST: AST-DA:02, AST-SW:03

LINKLink Segment, 3 AN-THR

IDAN-THR ETENTOE · SVC + AST
AN-THR:07AN:THR:Threat:07:Jamming campaign: RF actor sustains noise injection across uplink/downlink bands to deny communications.SVC: SVC-CP:05, SVC-HY:01, SVC-HY:02
AST: AST-SI:00
AN-THR:08AN:THR:Threat:08:Replay-and-spoof on uplink: RF actor captures and replays or forges command waveforms, bypassing authentication if keys are also compromised.SVC: SVC-CP:05, SVC-CP:09
AST: AST-SI:00, AST-DA:00
AN-THR:09AN:THR:Threat:09:Downlink interception: passive collector reads mission product and telemetry off the downlink waveform.SVC: SVC-HY:02
AST: AST-SI:00, AST-SW:01

SPACESpace Segment, 4 AN-THR

IDAN-THR ETENTOE · SVC + AST
AN-THR:10AN:THR:Threat:10:Destructive bus attack: state-linked actor targets attitude, power, and flight-termination to render the platform inoperable.SVC: SVC-CP:00, SVC-CP:02, SVC-CP:03
AST: AST-HW:00, AST-SW:00, AST-HW:01, AST-HW:02, AST-FW:00
AN-THR:11AN:THR:Threat:11:Command-path integrity attack: actor manipulates commands flowing through C&DH and space-side cryptography to trust unauthorized inputs.SVC: SVC-HY:00, SVC-CP:01
AST: AST-HW:06, AST-FW:01, AST-SW:06
AN-THR:12AN:THR:Threat:12:Pre-launch supply-chain firmware compromise: adversary embeds backdoors in firmware delivered through vendor supply paths before integration.SVC: SVC-CP:03, SVC-CP:04, SVC-CP:02
AST: AST-FW:00, AST-FW:01, AST-FW:02
AN-THR:13AN:THR:Threat:13:Payload-data tampering: on-board manipulation of mission data between the science instrument and the downlink encryptor.SVC: SVC-DP:00, SVC-DP:01
AST: AST-HW:07, AST-FW:02