To Keep Hackers Out of US Weapons, the Pentagon Needs to Get In
Constant surveillance of data flows is key to spotting dangerous intrusions.
The Pentagon’s efforts to protect its data networks mustn’t stop at its industrial & IT systems; its vehicles and weapons are vulnerable as well. But the military’s ability to defend these systems is hampered by its inability to monitor even their most basic inner workings.
We’ve been warned about the threats. Last year, the Cybersecurity and Infrastructure Security Agency detailed how Russia stole sensitive information about weapons from U.S. defense contractors. The Government Accountability Office has issued several reports of its own.
Many systems aboard U.S. weapons and military vehicles are built to conceal these inner workings, even from their customer. There are several reasons for this “black box” approach. Component seals can simplify the task of maintaining such things as flight-worthiness certifications. They can help suppliers win and keep lucrative support contracts. And, in theory at least, they deny attackers knowledge of key systems.
But if a half-century of enterprise IT has taught us anything, it’s that the “security through obscurity” approach fails, every time. Indeed, it hurts the Pentagon’s ability to understand their systems’ vulnerabilities and to know when they have been compromised. It also strips the military of valuable data that could be used to guide maintenance, predict component failure, and even improve training.
But there is a way that the Pentagon might access key data without breaching component manufacturers’ seals. Complex weapons and vehicles use open, standards-based serial buses to move data between components. These paths are open by design. Monitoring these paths can help defenders understand what cyber techniques adversaries are using, detect them, develop indications and protections, and potentially mitigate them.
For example, suppose an adversary discovers a way to exploit an aircraft via a radio-frequency channel. By sending crafted data to some always-on RF receiver, a malicious message could theoretically be injected into a bus-connected component, then onto the bus itself. This could produce results ranging from anomalous to catastrophic, left largely up to the attacker. A system that allows visibility into the bus can detect the intrusion; one that does not, cannot.
Such visibility runs counter to long-held tradition among defense manufacturers. In reality, the ability to understand the nature of the “whole” of the platform, which is indeed greater than the sum of its parts, benefits the manufacturer without undue risk to their intellectual property while allowing the platform owner assurance. These interconnecting data-buses are the “open” element of the platform through which interaction takes place between components provided by a diverse set of sub-vendors and it is at this layer that attackers find a low barrier to entry.
It is no trivial task to collect, label, and retain the data that passes over the buses of a military platform. A single vehicle produces a staggering volume of data and during conflict may go significant lengths of time between data pulls in RF-contested environments. The acquisition of bus data means accommodating hundreds of hours of lossless local cache as well as retention in the cloud, while meeting DoD storage policies and limitations of vehicle size, weight, and power restrictions.
But it is necessary. Every frame, from every bus, all the time, regardless of protocol, is valuable. Consider avionics on a fly-by-wire aircraft. A pilot uses a stick or pedal to effect physical change. Moving the stick forward produced a digital signal that must result in immediate change: move a flight surface. There can be no latency between input and action. Every component constantly reports its status so that any input is immediately detected and actioned. This “reporting” happens in real-time, is measured in nanoseconds, and occurs on every single device on every single bus.
To identify anomalies, all those transmissions must be recorded and analyzed. An “anomaly” may only show up in a single frame from this endless stream of messages. Furthermore, the ability to analyze this collected data from across the fleet in aggregate yields insight that is impossible to find in isolation.
The data also must be properly translated and labeled so it can be used to train machine-learning models and produce useful information for operators. The nearer translation, tagging and labeling happens to moment of capture, the higher the value of the data as it decreases time to action and increases residual value in post-analysis. Additional meta-data such as GPS, phase-of-flight information or RF-spectrum activity allows for better primary data enrichment. This can yield accurate predictions about, say, component failure and other events that affect operational readiness and sustainment cost.
Modern military systems are bespoke, technology-dependent weaponry. A network attack against one of these weapons is not an if but a when; some are likely already taking place. The fundamentals of visibility and control, well understood from the world of enterprise cyber-security, will be the deciding factor in the next era of warfare.