TA005 Persistence · T005.005 — Technique
Swarm Node Persistence
Persistent compromise of swarm nodes enabling re-entry into the swarm network after partial remediation.
Sub-techniques (3)
- Persistent mesh network implant
- Swarm coordination protocol backdoor
- Node identity spoofing for re-insertion
Applicable countermeasures
CM-003 Firmware Integrity and Secure Boot
Cryptographic signing and hardware-enforced verification of all firmware images at boot using a hardware root of trust.
NIST SP 800-53 SI-7 · NIST SP 800-193 · DO-326A · IEC 62443-4-2 CR 3.4
CM-007 Physical Debug Interface Protection
Disabling or cryptographically protecting all JTAG/UART/USB debug interfaces on production hardware.
NIST SP 800-53 AC-3 · IEC 62443-4-2 CR 1.1 · NIST SP 800-193 · DO-326A Sec 5
CM-008 GCS Network Segmentation and Hardening
Isolation of GCS from enterprise networks, least-privilege access enforcement, host hardening, and network anomaly detection.
NIST SP 800-53 SC-7 · CIS Controls v8 Control 12 · ISO/IEC 27001 A.13 · NSA/CISA Segmentation Guide
CM-010 Swarm Node Mutual Authentication
Open in the interactive matrix
Cryptographic mutual authentication between all swarm nodes with message integrity to prevent rogue insertion and hopping.
NIST SP 800-53 IA-3 · IEEE 1609.2 · STANAG 4586 · IEC 62443-3-3 SR 1.2