Characterizing Cyber Attacks against Space Systems with Missing Data: Framework and Case Study

Cybersecurity of space systems is an emerging topic, but there is no single dataset that documents cyber attacks against space systems that have occurred in the past. These incidents are often scattered in media reports while missing many details, which we dub the missing-data problem. Nevertheless, even "low-quality" datasets containing such reports would be extremely valuable because of the dearth of space cybersecurity data and the sensitivity of space systems which are often restricted from disclosure by governments. This prompts a research question: How can we characterize real-world cyber attacks against space systems? In this paper, we address the problem by proposing a framework, including metrics, while also addressing the missing-data problem, by "extrapolating" the missing data in a principled fashion. To show the usefulness of the framework, we extract data for 72 cyber attacks against space systems and show how to extrapolate this "low-quality" dataset to derive 4,076 attack technique kill chains. Our findings include: cyber attacks against space systems are getting increasingly sophisticated; and, successful protection against on-path and social engineering attacks could have prevented 80% of the attacks.Comment: Accepted for publication: IEEE International Conference on Communications and Network Security 2023 (IEEE CNS

Comprehensive security strategy for all-optical networks

Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015.Cataloged from PDF version of thesis.Includes bibliographical references (pages 107-109).Optical networking is a powerful means of communication in modem times of high bandwidth demands and high data speeds. While developments in optical networking continue to progress, however, the security implications they create have not yet caught up. In this thesis, we characterize a selection of damaging attacks against optical networks. By providing a detailed description of the attacks, we are also able to better understand their effects across the different layers of the network model. We also propose the current best practices for sensing and detection of these attacks when they occur, as well as mitigation techniques to limit the damage they incur. The attacks are not fully eliminated, however, and so we also identify remaining vulnerabilities these attacks can exploit. After characterizing the attacks, we propose a method for diagnosing attacks as they occur within a network given the analysis we have conducted. We also propose an algorithm for diagnosing attacks, as well as a monitoring system framework that relies on the establishment of autonomous zones of the network in order to efficiently limit damage and quarantine problem areas from the rest of the healthy network. This framework can be applied to a wide variety of network set-ups and topologies, with the ability to customize it to fit the needs of the system.by Antonia Lynn Feffer.S.M