Threat actors may target the Ground Station hardware and/or software while the GS is at Assembly, Test, and Launch Operation (ATLO). ATLO is often the first time pieces of the Ground Station are fully integrated and exchanging data across interfaces. Malware could propagate from infected devices across the integrated GS. For example, test equipment (i.e., transient cyber asset) is often brought in for testing elements of the ground station. Additionally, varying levels of physical security is in place which may be a reduction in physical security typically seen during development. The ATLO environment should be considered a viable attack vector and the appropriate/equivalent security controls from the primary development environment should be implemented during ATLO as well.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.