Stratosphere-Aware Threat Taxonomy

• The paper presents a comprehensive framework that categorizes HAPS cybersecurity threats by subsystem, offering targeted risk quantification.
• It integrates quantitative risk scoring, standardized mitigations, and simulation-based assessments to inform defense strategies.
• The taxonomy aligns technical insights with regulatory mandates, enabling actionable decisions for secure, resilient HAPS deployments.

High-Altitude Platform Stations (HAPS) operate at ∼20 km altitude as quasi-stationary nodes, serving as critical infrastructure within non-terrestrial networks. The unique stratospheric environment and specific subsystem architectures expose HAPS to specialized cybersecurity and privacy threats not encountered in terrestrial or low-earth-orbit systems. The development of a stratosphere-aware threat taxonomy enables targeted risk characterization and defense selection rooted in quantifiable impact, regulatory guidance, and operational feasibility (Hjaiji et al., 16 Nov 2025).

1. HAPS Architecture and Principal Communication Links

HAPS architectures are distinguished by the integration of several key subsystems: (i) Flight Control, which utilizes GNSS/inertial sensors and ADCS for station-keeping and beam pointing; (ii) Control & Data Handling (C&DH), featuring mission logic and telemetry routing through onboard processors and ML inference engines; (iii) Power Management, relying on solar arrays, batteries, MPPT, and load shedding under stratospheric thermal and radiation constraints; (iv) Communication Payload, providing end-user access and backhaul via RF (microwave/mmWave), FSO, MIMO, and beamforming; (v) Telemetry, Tracking & Control (TT&C), ensuring command functions and telemetry on separate S/X/payload bands to minimize interference; and (vi) Structural Components, encompassing envelope, parachute, and gondola. Core links include HAPS↔Ground Station for control/payload, HAPS↔HAPS for backhaul/coordination, HAPS↔Satellite for relay, and HAPS↔UAV for FANET hub functions.

2. Stratosphere-Aware Threat Taxonomy

Threats are mapped granularly by affected subsystem, each with categories, definitions, and representative attack scenarios:

A. Communication Payload & TT&C

• Jamming: High-power interference in operational frequencies (e.g., barrage jammer on Ka-band).
• Replay: Capture and rebroadcast of legitimate TT&C frames (e.g., SDR-based telemetry spoofing).
• DoS/DDoS: Flood attacks that exhaust bandwidth/CPU (NTP amplification saturating uplink).
• Data Manipulation / Identity Spoofing: Packet tampering or node impersonation (malicious beam-steering command injection).

B. Flight Control & Navigation

• GPS Spoofing: Fake GNSS signals resulting in mispositioning (ground spoofer causing 500 m drift).
• Sensor Data Tampering: Modification of inertial or sun-tracker readings (false inputs to ADCS).

C. Control & Data Handling (C&DH)

• System Intrusion: Unauthorized code execution via software vulnerabilities (RTOS buffer overflow to root).
• Adversarial ML Attacks: Perturbations misleading onboard AI (adversarial noise degrading CNN-based modulation recognition).

D. Power Management

• Supply-Chain Hardware Trojan: Malicious IC introduction during fabrication (timer disables power regulator).
• Software/Firmware Tampering: Backdoors in MPPT firmware (energy rerouted at night, draining batteries).

E. Entire Platform

• Supply-Chain Software: Compromised toolchains, libraries (trojanized cryptographic library leakage).
• Insider Threat: Illicit actions by authorized maintainers (backdoor USB firmware installation by operator).

3. Quantitative Risk Assessment

Risk is rated by likelihood (L) and impact (I) on a 1–5 scale, yielding a Risk Score $R = L \times I$. Notable metrics:

• Jamming (Payload): $L = 4$, $I = 5$ $\rightarrow R = 20$ (Critical). Beam pointing error: $$P_{err} \approx P_{jam} + \sigma_{scint}^2 / \theta_{beam}^2$$.
• GPS Spoofing: $L = 3$, $I = 4$ $\rightarrow R = 12$ (High).
• DDoS (TT&C): $L = 4$, $I = 5$ $\rightarrow R = 20$. Required flood bandwidth: $B_{req} = \sum_{i=1}^N (R_i + H_i)$.
• System Intrusion: $L = 3$, $I = 5$ $\rightarrow R = 15$ (High).
• Supply-Chain (Hardware): $L = 2$, $I = 5$ $\rightarrow R = 10$ (Medium).

This quantification enables critical prioritization and resourcing of mitigation measures.

4. Threat-Mitigation Mapping and Defensive Alignment

Each threat invites mitigations mapped to subsystem constraints and operational context:

• Jamming/Replay: FHSS (hop-rate ≥ 10 kHz via FPGA synthesizers), beam steering (narrower $\sigma_{\theta}$), encryption/authentication (AES-GCM, DTLS; 3GPP NTN suites).
• DoS/DDoS: Intrusion detection (rate-limited ICMP, anomaly detection), ACLs, adaptive filtering (anti-jamming, GNSS denoising).
• Spoofing/Data Manipulation: Secure boot and chain-of-trust (TPM/ECC-P384, SHA-3), ML-based anomaly pattern detection (RNN-IDS), ECC-based GNSS authentication.
• System Intrusion/Adversarial ML: SBOM, SSDF (NIST SP 800-218 v1.1), adversarial training (randomized smoothing), periodic remote attestation (EMBRAVE, NISTIR 8270).
• Supply-Chain Attacks: Standards-compliant controls (ISO/IEC 27001/27002, DO-326A/ED-202A, ENISA supply chain intelligence, NIST SP 800-161).

5. Regulatory and Standards Mapping

Defense strategies are governed by strict adherence to sectoral and international standards:

• ITU-R F.1500, P.676 address spectrum/proliferation/FHSS planning;
• 3GPP TR 38.874 governs NTN identity and key management;
• ICAO SARPs, FAA/EASA define command/control security requirements;
• NIST SP 800-53 Rev 5, ISO/IEC 27001 highlight organizational controls;
• ETSI EN 303 645, TS 103 457 outline IoT/CTI security baselines;
• RTCA DO-160G, DO-326A/ED-202A focus on environmental/airworthiness security.

6. Cross-Reference Table: Subsystem-Threat-Mitigation-Standard Matrix

A synthesized tabular mapping supports subsystem-specific security engineering:

Subsystem	Threat Category	R	Recommended Mitigation	Standard(s)
Payload	Jamming	20	FHSS (hop ≥ 10 kHz), beam steering, adaptive filtering	ITU-R P.676, DO-160G
TT&C	DDoS	20	Rate limiting, IDS (RNN), ACLs	NIST SP 800-53, 3GPP
Flight	GPS Spoofing	12	GNSS authentication, onboard anomaly detection	DO-326A/ED-202A, ICAO
C&DH	System Intrusion	15	Secure boot, SBOM, remote attestation	NIST SP 800-218, ISO 27001
Power	Supply-Chain Hardware	10	HW provenance, side-channel Trojan detection	NIST SP 800-161, ENISA
All	Data Manipulation	12	End-to-end encryption, ML-based integrity checks	ETSI EN 303 645, ISO 27002

This matrix facilitates cross-subsystem alignment of defenses, prioritization by risk, and standards compliance (Hjaiji et al., 16 Nov 2025).

7. Future Directions and Engineering Trade-Offs

Stratosphere-aware taxonomies, underpinned by simulated DDoS impact studies and standards mapping, enable actionable cybersecurity risk management for HAPS. Future work should pursue real-world validation, expand ML-based anomaly detection, and integrate supply-chain provenance checks at each subsystem. A plausible implication is the growing importance of adaptive mitigation techniques—such as frequency agility and beam steering—given dynamic stratospheric conditions. This taxonomy informs practical engineering choices, aligning defense investments with quantifiable risk and regulatory mandates to ensure robust, future-proof HAPS deployments.