Challenges in threat modelling of new space systems: A teleoperation use-case

Abstract

A growing number of adversaries are targeting space missions, and as such, there have been increasing academic and industrial efforts in identifying threats and risks through modelling techniques. In parallel, the research communities are collaborating to lower the entry barriers for space activities to deliver more innovative and cost-effective space missions. This evolution has been termed as New Space. However, this transformation of the space ecosystem has led to changes in the threat landscape, introducing new threat vectors and threat actors intent on compromising space systems and missions. As a result, it is expected that cyber threats could increase against space systems. Furthermore, teleoperation, a significant use case for building extraterrestrial habitats, has already been shown vulnerable in other domains as well. For example, teleoperated robots developed for remote surgery have been shown to be vulnerable to threats, such as malicious control due to an elevation-of-privilege attack. Threat modelling is a systematic and structured method to determine associated system vulnerabilities, possible attack entry points and vectors, and potential impacts on the system. In this work, we examine the efficacy of the de facto threat modelling methods such as STRIDE/DREAD in capturing highly adaptive security requirements and threats from a system-centric perspective for the teleoperation mission scenario. Understanding and protecting these hardware-software assets and their interaction in the mission is of foremost importance since security breaches threaten human safety across the broader New Space ecosystem. This research presents the limitations of existing threat modelling approaches in capturing hardware-software interaction in space systems, which is an open area for scientific enquiry. Moreover, research challenges are raised to improve the safety and security of the teleoperation mission. The output of this work can then be used to develop more appropriate threat modelling approaches to support security requirement engineering for different New Space mission scenarios.