Developing Effective Hardware and Software COTS Security Technologies

article
article
Article
August 17, 2016

Developing Effective Hardware and Software COTS Security Technologies

This article was published in Military Embedded Systems

The armed forces of the United States and its allies around the world rely on critical military technology that is under constant threat. These threats range from the reverse-engineering of systems lost on the battlefield to the accidental introduction of counterfeit components on the factory floor. In response, commercial off-the-shelf (COTS) suppliers are more frequently being called upon to help users address rapidly expanding requirements for cybersecurity or information assurance (IA) capabilities. 

Effective mitigation of threats to critical systems requires the development and implementation of advanced, industry-leading technologies and techniques, which for obvious reasons, the specifics of these security strategies and techniques cannot be described in detail. In order to provide the reader with a useful introduction and high-level overview to contemporary AT and IA techniques, it is possible to discuss, at an appropriately high level, some of the ways in which COTS hardware might come under attack and provide an outline of some of the methods that are available for protecting against such intrusions.  

Defense in depth

The most effective approach for implementing AT and IA technologies to protect deployed COTS systems with a “defense in depth” strategy, implements multiple layers of security to protect CPI (critical program information) at the module and component level. It also ensures that manufacturing is performed in a trusted manner. Today, there are a variety of options for protecting hardware at the device and module level.

Some of these approaches involve techniques that make it possible for the user, at their discretion, to add their own protective measures into the system hardware. To help mitigate against the introduction of counterfeit parts into their system hardware, it’s imperative that users ensure their COTS module supplier’s supply chain is capable of taking an active role in preventing against the presence of counterfeit parts on their modules. The COTS vendor’s supply-chain management should be performed with an approved vendors list, and all suppliers should be subject to audits and able to comply with quality clauses. Also important: ensuring that the COTS vendor’s quality management system (QMS) is appropriately certified.

Read the rest of the article.

Steve Edwards

Steve Edwards

Director and Technical Fellow

Steve has over 25 years of experience in the embedded system industry. He leads Curtiss-Wright Defense Solutions’ efforts in addressing physical and cyber security on their COTS products and represents the company in defense related security conferences. Steve has worked collaboratively in several standard bodies, including a time chairing the VITA 65 OpenVPX, and as lead for the Sensor Open Systems Architecture (SOSA) Security Subcommittee. Steve lead the design of Curtiss-Wright’s first rugged multiprocessor and FPGA products and was involved in the architecture, management, and evangelization of the industry’s first VPX products. He has a Bachelor of Science in Electrical Engineering from Rutgers University.

Trusted Computing for Defense & Aerospace

Curtiss-Wright goes well beyond standard approaches to Trusted Computing to provide truly secure solutions for air, ground, and sea platforms. We keep cybersecurity and physical protection in mind, from design and testing to supply chain and manufacturing. This comprehensive, end-to-end approach creates an effective mesh of protection layers that integrate to ensure reliability of Curtiss-Wright products in the face of attempted compromise.