DARTA
TA005 Persistence · T005.001 — Technique

Firmware Implant

Min. actor: L3 – Nation-State All

Modification of flight controller or companion computer firmware to embed persistent backdoor code that survives standard updates.

Sub-techniques (4)

Applicable countermeasures

CM-003 Firmware Integrity and Secure Boot
Cryptographic signing and hardware-enforced verification of all firmware images at boot using a hardware root of trust.
NIST SP 800-53 SI-7 · NIST SP 800-193 · DO-326A · IEC 62443-4-2 CR 3.4
CM-007 Physical Debug Interface Protection
Disabling or cryptographically protecting all JTAG/UART/USB debug interfaces on production hardware.
NIST SP 800-53 AC-3 · IEC 62443-4-2 CR 1.1 · NIST SP 800-193 · DO-326A Sec 5
CM-008 GCS Network Segmentation and Hardening
Isolation of GCS from enterprise networks, least-privilege access enforcement, host hardening, and network anomaly detection.
NIST SP 800-53 SC-7 · CIS Controls v8 Control 12 · ISO/IEC 27001 A.13 · NSA/CISA Segmentation Guide
CM-010 Swarm Node Mutual Authentication
Cryptographic mutual authentication between all swarm nodes with message integrity to prevent rogue insertion and hopping.
NIST SP 800-53 IA-3 · IEEE 1609.2 · STANAG 4586 · IEC 62443-3-3 SR 1.2
Open in the interactive matrix