Save these enumerated resilience measures as a PDF using your browser’s print dialog.

← Back to module
Full Spectrum Space Cybersecurity Professional

Day 5 Enumerated Resilience Measures

14 AN-RES ETENs, Written with SatOps + SatDev/Eng

Fourteen resilience measures protecting the reference platform’s structural elements against the attack paths enumerated earlier in the week. Each measure names what it protects (TRE), what attacker option it removes (Counters), the resiliency objective it carries (Anticipate / Withstand / Recover / Adapt per NIST SP 800-160 v2), and the team(s) who own it (a SatOps procedure, a SatDev/Eng change, or both).

USER
2
AN-RES
GROUND
5
AN-RES
LINK
3
AN-RES
SPACE
4
AN-RES
ANTICIPATE
7
WITHSTAND
6
RECOVER
1
ADAPT
0
Exported byverifying identity…
Exported at
ClassificationTLP:GREEN · SCORP² community only
DistributionInternal cohort and confirmed instructors only
TLP:GREEN SCORP² community only · do not redistribute outside cohort
Exported by: Exported at: Distribution: Internal cohort + confirmed instructors
If you received this file from outside the cohort, please notify william.o.ferguson@ethicallyhacking.space and delete it.

Cumulative Decomposition Diagram

The complete artifact stack against the reference platform as of end of this module. New layer added this module is highlighted; prior layers show as context.

Cumulative decomposition diagram

How to Read

Each entry is one AN-RES (resilience measure). ID is the AN:RES:Resilience Measure:ORDINAL identifier (shortened to AN-RES:NN here). Description names the protective action. Protects (TRE) names the structural element(s) the measure protects, in canonical TEN/ETEN form. Counters names the attack path or threat the measure removes the adversary’s option from. Objective is the NIST SP 800-160 v2 resiliency objective (Anticipate, Withstand, Recover, Adapt). Owner names the team(s) carrying the measure: SatOps for procedure work, SatDev/Eng for architectural change, or Both. Source cites the framework, standard, or post-incident reference behind the measure. The set is a living artifact: as the architecture, the attack-path set, and the adversary evolve, the set evolves with them.

USERUser Segment, 2 AN-RES

IDAN-RES ETEN
AN-RES:00Phishing-resistant MFA on operator-console authentication, plus just-in-time access elevation: stolen static credentials cease to be useful; any compromise window is constrained.Protects (TRE)AST:HW:Hardware:04 console workstation; SVC:CP:Control Plane:13 console ops; SVC:CP:Control Plane:15 user-side ACACountersAN:ATT:Attack Path:00; AN:THR:Threat:01ObjectiveAnticipateOwnerBoth, SatOps owns the operational rollout and access-elevation procedure; SatDev/Eng owns the identity-provider integration.SourceNIST SP 800-63B (phishing-resistant MFA); NIST SP 800-160 v2 anticipate-objective guidance.
AN-RES:01End-user application hash verification at the workstation, plus signed mission-product manifests: a tampered binary or modified mission product fails verification before it reaches the operator’s eyes.Protects (TRE)AST:SW:Software:08 end-user app SW; AST:DA:Data:04 mission product data; SVC:DP:Data Plane:02 mission product displayCountersAN:ATT:Attack Path:01; AN:THR:Threat:00ObjectiveWithstandOwnerSatDev/Eng, Owns the signing pipeline and verification integration in the end-user app.SourceNIST SP 800-193 (Platform Firmware Resilience) integrity guidance; NIST SP 800-160 v2 withstand-objective guidance.

GROUNDGround Segment, 5 AN-RES

IDAN-RES ETEN
AN-RES:02Air-gap or strict zero-trust segmentation of the device management plane from external networks; hardware-rooted attestation on any management-plane access; dual-approval workflow on firmware pushes with enforced maintenance windows.Protects (TRE)SVC:CP:Control Plane:08 ground crypto; SVC:CP:Control Plane:09 ground ACA; AST:SW:Software:03 patch deployment SW; AST:DA:Data:02 patch binariesCountersAN:ATT:Attack Path:02 (KA-SAT-style); AN:THR:Threat:02ObjectiveAnticipateOwnerBoth, SatDev/Eng owns the segmentation and dual-approval rebuild; SatOps owns the maintenance-window discipline.SourceViasat / CISA / SentinelLabs KA-SAT post-incident guidance (2022); NIST SP 800-207 (Zero Trust Architecture).
AN-RES:03Phishing-resistant MFA + short-lived session tokens + per-operator behavior baselines on ground-station service accounts: a stolen credential alone cannot authenticate; anomalous sessions are short-lived.Protects (TRE)AST:DA:Data:01 ACA credentials; SVC:CP:Control Plane:09 ground ACA; SVC:CP:Control Plane:13 console opsCountersAN:ATT:Attack Path:03; AN:THR:Threat:03ObjectiveAnticipateOwnerBoth, SatDev/Eng owns identity-provider integration; SatOps owns operational rollout and behavior-baseline maintenance.SourceNIST SP 800-63B; NIST SP 800-207.
AN-RES:04Dual-control commanding for high-impact actions (a second operator must approve before transmission); per-operator behavior baselines and pre-pass briefings make out-of-pattern actions stand out.Protects (TRE)AST:HW:Hardware:04 console workstation; AST:SW:Software:04 console SW; SVC:CP:Control Plane:13 console ops; SVC:CP:Control Plane:09 ground ACACountersAN:ATT:Attack Path:04; AN:THR:Threat:04ObjectiveWithstandOwnerBoth, SatDev/Eng owns the dual-control workflow in the commanding software; SatOps owns the operational discipline of peer review.SourceNIST SP 800-53 SC-3 / AC-6 (separation of duties / least privilege); NIST SP 800-160 v2 withstand-objective guidance.
AN-RES:05Microsegmentation of the operator network from mission-control hosts with explicit allow-list of east-west flows; logging and alerting on any flow outside the list.Protects (TRE)AST:HW:Hardware:04 console HW; AST:SW:Software:04 console SW; SVC:CP:Control Plane:13 console ops; SVC:CP:Control Plane:09 ground ACACountersAN:ATT:Attack Path:05; AN:THR:Threat:05ObjectiveAnticipateOwnerSatDev/Eng, Owns the segmentation rebuild and allow-list maintenance.SourceNIST SP 800-207 (Zero Trust); MITRE ATT&CK TA0008 mitigation guidance.
AN-RES:06Immutable, isolated backups of launch-control state and patch binaries with quarterly tested restore drills; restoration is faster than negotiation.Protects (TRE)SVC:CP:Control Plane:10 launch control; SVC:CP:Control Plane:12 patch pipeline; AST:DA:Data:02 patch binaries; AST:SW:Software:03 patch deployment SWCountersAN:ATT:Attack Path:06; AN:THR:Threat:06ObjectiveRecoverOwnerBoth, SatDev/Eng owns the backup architecture; SatOps owns the quarterly restore drill cadence.SourceCISA Stop Ransomware (backup guidance); NIST SP 800-160 v2 recover-objective guidance.

LINKLink Segment, 3 AN-RES

IDAN-RES ETEN
AN-RES:07Frequency-agile / spread-spectrum link operation with pre-arranged backup band; SatOps switches bands automatically when noise floor exceeds threshold; SatDev/Eng owns the agility waveform.Protects (TRE)SVC:CP:Control Plane:05 link ACA; SVC:HY:Hybrid:01 FEC/ECC; SVC:HY:Hybrid:02 T2 tracking; AST:SI:Signal:00 uplink/downlink waveformsCountersAN:ATT:Attack Path:07; AN:THR:Threat:07ObjectiveWithstandOwnerBoth, SatDev/Eng owns the frequency-agile waveform implementation; SatOps owns the band-switching procedure.SourceITU interference-mitigation guidance; SPARTA SPACE-T1429 mitigation patterns.
AN-RES:08Forward-secret session keys with short rotation intervals; replay-protection sequence numbering on the command waveform; out-of-band acknowledgement for command acceptance.Protects (TRE)SVC:CP:Control Plane:05 link ACA; SVC:CP:Control Plane:09 ground ACA; AST:SI:Signal:00 uplink waveform; AST:DA:Data:00 link ACA credentialsCountersAN:ATT:Attack Path:08; AN:THR:Threat:08ObjectiveAnticipateOwnerSatDev/Eng, Owns the crypto and protocol implementation.SourceSPARTA SPACE-T1428 mitigation guidance; NIST SP 800-77 (Guide to IPsec) forward-secrecy guidance.
AN-RES:09End-to-end downlink encryption from on-board encryptor to authorized ground receiver, with key-rotation cadence shorter than the time-to-break assumption; eliminates the value of passive interception.Protects (TRE)SVC:HY:Hybrid:02 T2 tracking; AST:SI:Signal:00 downlink waveform; AST:SW:Software:01 payload command encoderCountersAN:ATT:Attack Path:09; AN:THR:Threat:09ObjectiveAnticipateOwnerSatDev/Eng, Owns the encryption architecture and key-management integration.SourceSPARTA SPACE-T1427 mitigation guidance; NIST SP 800-57 key-management guidance.

SPACESpace Segment, 4 AN-RES

IDAN-RES ETEN
AN-RES:10Safe-mode triggers in flight software that reject command sequences violating defined operational envelopes (attitude, power, FTS); dual-signoff on the ground for any command that would push the envelope; on-board veto on FTS commands outside arming windows.Protects (TRE)SVC:CP:Control Plane:00 ADCS; SVC:CP:Control Plane:02 EPS; SVC:CP:Control Plane:03 FTS; AST:HW:Hardware:00/01/02; AST:SW:Software:00; AST:FW:Firmware:00CountersAN:ATT:Attack Path:10; AN:THR:Threat:10ObjectiveWithstandOwnerBoth, SatDev/Eng owns the on-board safe-mode logic; SatOps owns the dual-signoff procedure for envelope-pushing commands.SourceSPARTA SPACE-T1029 mitigation guidance; NIST SP 800-160 v2 withstand-objective guidance.
AN-RES:11On-board FSW attestation: cryptographically signed configuration with write-once enforcement; runtime hash verification of running images; on-ground correlation of every accepted command against attestation state.Protects (TRE)SVC:HY:Hybrid:00 C&DH; SVC:CP:Control Plane:01 space-side crypto; AST:HW:Hardware:06 OBC/OBDH; AST:FW:Firmware:01 OBC firmware; AST:SW:Software:06 C&DH FSWCountersAN:ATT:Attack Path:11; AN:THR:Threat:11ObjectiveWithstandOwnerSatDev/Eng, Owns the attestation architecture and write-once enforcement.SourceNIST SP 800-193 (Platform Firmware Resilience); SPARTA SPACE-T1014 mitigation guidance.
AN-RES:12Measured-boot firmware attestation with signed-vendor manifest; supply-chain provenance verification at integration; quarantine of any component whose hash does not match the signed expected value.Protects (TRE)SVC:CP:Control Plane:03 FTS; SVC:CP:Control Plane:04 TCS; SVC:CP:Control Plane:02 EPS; AST:FW:Firmware:00 FTS; AST:FW:Firmware:01 OBC; AST:FW:Firmware:02 payloadCountersAN:ATT:Attack Path:12; AN:THR:Threat:12ObjectiveAnticipateOwnerSatDev/Eng, Owns the measured-boot architecture, signing pipeline, and supply-chain verification process.SourceNIST SP 800-193 (Platform Firmware Resilience); SLSA framework supply-chain guidance.
AN-RES:13End-to-end mission-product signing from the science instrument through to the ground consumer: payload data is signed on-board immediately after acquisition; downstream verification rejects any product whose signature is invalid.Protects (TRE)SVC:DP:Data Plane:00 mission data plane; SVC:DP:Data Plane:01 payload data plane; AST:HW:Hardware:07 payload electronics; AST:FW:Firmware:02 payload firmwareCountersAN:ATT:Attack Path:13; AN:THR:Threat:13ObjectiveWithstandOwnerSatDev/Eng, Owns the on-board signing infrastructure and ground-side verification.SourceSPARTA SPACE-T1059 mitigation guidance; NIST SP 800-160 v2 withstand-objective guidance.