What if an armored combat vehicle was rapidly moving to enemy contact through rigorous terrain while facing enemy fire, when its navigational and targeting systems were suddenly given false, wrong or misleading information … thus derailing the mission? What if its on-board data flow was instantly jammed, denied or disabled? Such a scenario, which would immediately compromise or even destroy an otherwise successful attack mission, could happen if a vehicle’s on-board serial bus were hacked by enemy cyber intruders.
This possibility is increasingly realistic given the alarming pace at which enemy cyber attackers are leveraging new technologies to innovate previously unknown or impossible methods of intrusion.
There is a critical need to increase security of a vehicle or aircraft’s data buses, which allows for the transmission of mission-critical information within and between platforms.
“As long as you have physical access to a bus, you can intercept messages on that bus and introspect down to the bit level. A device that gets compromised can send rogue messages and affect the system in unintended ways,” Jacob Noffke, senior principal cyber engineer, Raytheon Intelligence & Space, told Warrior in an interview.
Raytheon is among a handful of weapons and technology innovators working to engineer new methods of protecting data transfer on serial buses. One product, in particular, called Cyber Anomaly Detection System (CADS) uses machine learning, heuristics and other advanced algorithms to identify intrusions.
“CADS analyzes traffic on the bus and detects in real time if there is a threat. CADS acts as an intrusion detection system, detecting anomalous behavior in message content, sequence, timing and other factors,” Noffke said.
Serial buses on older aircraft and combat vehicles may be particularly vulnerable in some instances, a circumstance now driving ongoing Pentagon initiatives to better safeguard data transfer using new, industry developed technologies.
“These are traditionally low speed serial buses that don’t have any native security. It is difficult to add security without significantly re-architecting the system” Noffke said.
CADS uses machine learning and other techniques to define and identify anomalous behavior coming in over data buses and provide an immediate alert that something is wrong.
The effort has been ongoing for several years and is now gaining new traction due to emerging cyber resilience innovations, such as Raytheon’s CADS, aimed at detecting anomalous data traffic moving through a serial bus. For example, a 2016 memorandum from Michael Gilmore, then Director, Operational Test and Evaluation at DOD, addressed the particular risks associated with older or more standard data buses.
The memo states: “Aircraft using military standard (MilSTD) 1553 data buses or commercial equivalents (such as Aeronautical Radio INC 429 as well as 700 and 800 series high speed avionics data buses), and vehicles using both MilSTD 1553 and commercial Controller Area Network bus protocols are potentially vulnerable to cyberattacks via code and data inserted across these communications protocols.”
Many networks, weapons systems and sensors increasingly rely upon data bus technology, which both massively improves functionality and simultaneously increases the need to fortify cyber defenses as attacks run the risk of having a larger impact.
“Army program offices are providing EW [Electronic Warfare], cyber and network operating management tools to allow us to see, detect and ultimately react to threats and add software and hardware that physically protects the systems,” Paul Mehney, director of communications for the Army’s PEO C3T (Program Executive Office Command Control Communications-Tactical), told Warrior.
Although a product of internal research and development, Raytheon is taking its CADS technology to the military services to help assess how it might both integrate and add security to existing systems.
“We are taking these technologies and integrating them into a test lab and, in some cases, we are integrating into weapons systems and putting them into a test infrastructure. We work with customers to get their interface control documents and train CADS up on what known good behavior looks like. Once we have that deployed on a system, CADS can be used to detect anomalies,” Noffke added.
Raytheon’s CADS effort pertains to a broader Pentagon and industry effort to transition beyond merely using a cybersecurity approach to a more in-depth cyber resiliency strategy.
“Cybersecurity is more focused on prevention and deterrence to keep someone out of the system. Cyber resilience is more focused on the mission and assumes that an attacker will be on the system and will get past some of your cyber security controls to get access and privileges. Cyber Resiliency means you can still keep the mission going,” Noffke said.