Cybersecurity of space systems is an emerging topic, but there is no single
dataset that documents cyber attacks against space systems that have occurred
in the past. These incidents are often scattered in media reports while missing
many details, which we dub the missing-data problem. Nevertheless, even
"low-quality" datasets containing such reports would be extremely valuable
because of the dearth of space cybersecurity data and the sensitivity of space
systems which are often restricted from disclosure by governments. This prompts
a research question: How can we characterize real-world cyber attacks against
space systems? In this paper, we address the problem by proposing a framework,
including metrics, while also addressing the missing-data problem, by
"extrapolating" the missing data in a principled fashion. To show the
usefulness of the framework, we extract data for 72 cyber attacks against space
systems and show how to extrapolate this "low-quality" dataset to derive 4,076
attack technique kill chains. Our findings include: cyber attacks against space
systems are getting increasingly sophisticated; and, successful protection
against on-path and social engineering attacks could have prevented 80% of the
attacks.Comment: Accepted for publication: IEEE International Conference on
Communications and Network Security 2023 (IEEE CNS