太空威胁态势分析报告

SPACE THREATLANDSCAPE MARCH2025 ABOUT ENISA TheEuropean Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated toachieving a high common level of cybersecurity across Europe. Established in 2004 andstrengthened by the EU Cybersecurity Act, the European Union Agency for Cybersecuritycontributes to EU cyber policy, enhances the trustworthiness of ICT products, services andprocesses with cybersecurity certification schemes, cooperates with Member States and EUbodies, and helps Europe prepare for the cyber challenges of tomorrow. Through knowledgesharing, capacity building and awareness raising, the Agency works together with its keystakeholders to strengthen trust in the connected economy, to boost resilience of the Union’sinfrastructure, and, ultimately, to keep Europe’s society andcitizens digitally secure. Moreinformation about ENISA and its work can be foundhere:www.enisa.europa.eu. CONTACT Forcontactingthe authors please usemarket@enisa.europa.euFor media enquiries about this paper, please usepress@enisa.europa.eu EDITORS Evangelos Rekleitis, ENISAMonika Adamczyk, ENISA ACKNOWLEDGEMENTS We would like to thank the ENISA Advisory Group and the National Liaison Officers network fortheir valuable feedback. We would also like to thank experts from the European Commission (DG CNECT) and theEuropean Union Agency for the SpaceProgramme (EUSPA), national authorities including theBelgian Institute for Postal Services and Telecommunications (BIPT, Belgium), CommunicationsRegulation Commission (CRC, Bulgaria), National Agency for the Security of InformationSystems (ANSSI, France), National Centre for Space Studies (CNES, France), Federal Officefor Information Security (BSI, Germany), Ministry of Foreign Affairs and InternationalCooperation (Italy), National Cybersecurity Agency (ACN, Italy), Authority for DigitalInfrastructure(Netherlands), Regulatory Authority for Electronic Communications and PostalServices (RATEL, Serbia), Ministry for Digital Transformation (Spain), private sectorstakeholders including Thales and Rhea Cyber Security Services, and Expert Group Space ofBSI Alliance for Cybersecurity (in particular: Aris Patronis, Christoph Möbius, Florian Göhler,Manuel Hoffmann, Max Roth, Sascha Fankhänel, Stefanie Grundner),andthe ENISAcolleagues:Nikolaos TantourisandDimitrios Papamartzivanos. LEGAL NOTICE This publication represents the views and interpretations of ENISA, unless stated otherwise. Itdoes not endorse a regulatory obligation of ENISA or of ENISA bodies pursuant to theRegulation (EU) No 2019/881.ENISA has the right to alter, update or remove thepublication orany of its contents. It is intended for information purposes only and it must be accessible free ofcharge. All references to it or its use as a whole or partially must contain ENISA as its source.Third-party sources are quoted as appropriate. ENISA is not responsible or liable for the contentof the external sources including external websites referenced in this publication.Neither ENISAnor any person acting on its behalf is responsible for the use that might be made of theinformation contained in this publication.ENISA maintains its intellectual property rights inrelation to this publication. COPYRIGHT NOTICE © European Union Agency for Cybersecurity (ENISA), 2025This publication is licenced under CC-BY 4.0“Unless otherwise noted,the reuse of thisdocument is authorised under the Creative Commons Attribution 4.0 International (CC BY 4.0)licence (https://creativecommons.org/licenses/by/4.0/). This means that reuse is allowed,provided that appropriate credit is given and any changes are indicated”. For any use or reproduction of photos or other material that is not under the ENISA copyright,permission must be sought directly from the copyright holders. Luxembourg: Publications Office of the European Union, 2025 TABLE OF CONTENTS 1.INTRODUCTION71.1BACKGROUND AND CONTEXT81.2POLICIES & STANDARDS101.3SCOPE & OBJECTIVES111.4METHODOLOGY121.5TARGET AUDIENCE131.6STRUCTURE OF THE REPORT132.COMMERCIAL SATELLITES LIFECYCLE MODEL152.1.GENERIC LIFECYCLE MODEL AND ACTORS163.ASSET TAXONOMIES233.1. GROUND SEGMENT253.2. SPACE SEGMENT263.3. USER SEGMENT273.4. HUMAN RESOURCESSEGMENT284.SPACE THREATS294.1.SPACE THREAT TRENDS294.2.THREAT ACTORS314.3.THREAT TAXONOMY METHODOLOGY334.4.THREAT TAXONOMY345.RISK ASSESSMENT375.1.SCENARIO 1: COMMUNICATIONS PROTOCOL COMPROMISE VIA SOCIALENGINEERING375.2.SCENARIO 2: EXPLOITING OBC/OBSW VULNERABILITIES VIA MALICIOUS CODE405.3.SCENARIO 3: NETWORK INTRUSION DUE TO A LACK OF SECURITY PROTOCOLS AND MISCONFIGURATION 43 6.CYBERSECURITY CONTROL FRAMEWORK476.1.CONTROLS TO THREATS MAPPING507.CONCLUSIONS AND RECOMMENDATIONS69ANNEX A-LIST OF ACRONYMS AND ABBREVIATIONS73ANNEX B–DETAILED ASSET TAXONOMY75ANNEX C–SPACE THREAT TAXONOMY85ANNEX D–CYBERSECURITY CONTROL FRAMEWORK96 EXECUTIVE SUMMARY Thisreport underlinesthe growingimportance of cybersecurity considerations for thespaceindustry, withanemphasis on c