Developing Effective Hardware and Software COTS Security Technologies

Military Embedded Systems

This article was published in Military Embedded Systems

The armed forces of the United States and its allies around the world rely on critical military technology that is under constant threat. These threats range from the reverse-engineering of systems lost on the battlefield to the accidental introduction of counterfeit components on the factory floor. In response, commercial off-the-shelf (COTS) suppliers are more frequently being called upon to help users address rapidly expanding requirements for cybersecurity or information assurance (IA) capabilities. 

Effective mitigation of threats to critical systems requires the development and implementation of advanced, industry-leading technologies and techniques, which for obvious reasons, the specifics of these security strategies and techniques cannot be described in detail. In order to provide the reader with a useful introduction and high-level overview to contemporary AT and IA techniques, it is possible to discuss, at an appropriately high level, some of the ways in which COTS hardware might come under attack and provide an outline of some of the methods that are available for protecting against such intrusions.  

Defense in depth

The most effective approach for implementing AT and IA technologies to protect deployed COTS systems with a “defense in depth” strategy, implements multiple layers of security to protect CPI (critical program information) at the module and component level. It also ensures that manufacturing is performed in a trusted manner. Today, there are a variety of options for protecting hardware at the device and module level.

Some of these approaches involve techniques that make it possible for the user, at their discretion, to add their own protective measures into the system hardware. To help mitigate against the introduction of counterfeit parts into their system hardware, it’s imperative that users ensure their COTS module supplier’s supply chain is capable of taking an active role in preventing against the presence of counterfeit parts on their modules. The COTS vendor’s supply-chain management should be performed with an approved vendors list, and all suppliers should be subject to audits and able to comply with quality clauses. Also important: ensuring that the COTS vendor’s quality management system (QMS) is appropriately certified.

Read the rest of the article.