Towards Principled Risk Scores for Space Cyber Risk Management

TL;DR

This paper evaluates the Notional Risk Scores (NRS) for space cyber risk management using a real-world satellite attack, identifying strengths and weaknesses, and proposing a formal framework for future risk score designs.

Contribution

It analyzes NRS with real-world data, highlights its limitations, and introduces a formal baseline for developing improved space cyber risk scores.

Findings

NRS has specific strengths in quantifying space cyber risks.

NRS exhibits weaknesses when applied to real-world scenarios.

A formal baseline for future NRS design is proposed.

Abstract

Space is an emerging domain critical to humankind. Correspondingly, space cybersecurity is an emerging field with much research to be done. To help space cybersecurity practitioners better manage cyber risks, The Aerospace Corporation proposed Notional Risk Scores (NRS) within their Space Attack Research and Tactic Analysis (SPARTA) framework, which can be applied to quantify the cyber risks associated with space infrastructures and systems. While intended for adoption by practitioners, NRS has not been analyzed with real-world scenarios, putting its effectiveness into question. In this paper we analyze NRS via a real-world cyber attack scenario against a satellite, and characterize the strengths, weaknesses, and applicability of NRS. The characterization prompts us to propose a set of desired properties to guide the design of future NRS. As a first step along this direction, we further propose a formalism to serve as a baseline for designing future NRS with those desired properties.