Unmanned Systems Vulnerable to the Enemy, Which Makes Trusted Computing a Critical Cyber Design Challenge

October 31, 2019

Unmanned Systems Vulnerable to the Enemy, Which Makes Trusted Computing a Critical Cyber Design Challenge

Published in Military & Aerospace Electronics

Trusted computing is a difficult concept to implement, even in some of the best scenarios. Implementing adequate cyber security and other protections becomes even more challenging when the system being protected will be deployed into the harsh world without a trusted service member nearby to operate the system.

The first challenge when designing a deployable solution for an unmanned platform is the lack of constant supervision from a trained and trusted human operator. While supervision is typically available on manned systems, unmanned systems may only have periodic contact with an operator.

What’s more, an unsupervised system may need to make autonomous decisions based on minimal and potentially untrustworthy sensors. Another important issue is that, compared to manned systems, unmanned systems are more prone to falling into the hands of potential adversaries. One example is the seizing of a U.S. unmanned underwater drone by China at the end of 2016.

The availability of reliable, secure communications becomes much more critical when dealing with unmanned systems. While a manned system that loses communication still can operate, as long as the onboard operators can work to restore communications or complete the mission, a communications failure is much more critical for an unmanned system. If communications are lost, the unmanned system may need to throttle back, proceeding with much more limited functionality. Loss of communication also means that the unsupervised system won’t be able to quickly respond to changing circumstances.

For all of these reasons, systems designers must ensure that their unmanned systems are well protected. These protections must take into account the possibility of an attacker gaining physical access to the system, and must include adequate cryptographic protection of stored data and appropriate cyber security protections to maintain communication integrity and confidentiality.

To help system designers meet the challenge, there are specific documents that provide guidance on how to maintain trusted operations on unmanned systems.

One such document is the Committee on National Security Systems Policy 28 (CNSSP-28), “Cybersecurity of Unmanned National Security Systems." Much of the guidance in this document references other guidance documents from which to pull information (e.g. CNSSP-7). Much of the guidance that CNSSP-28 provides indicates particular technologies that must be employed (e.g. encryption for all command and control data links). In addition, CNSSP-28 indicates guidance on which processes must be adhered to. This includes, for example, describing required aspects of the risk-mitigation framework that must be applied to unmanned systems.

When applying risk-mitigation framework to unmanned systems, designers must take care to ensure that their system has been appropriately analyzed so that all controls have been selected to provide protection across all potentially compromised environments, not just nominal operating environment.

Read the full article in Military & Aerospace Electronics.


Trusted Computing for Defense & Aerospace Article eBook

This collection of articles, originally published by Military & Aerospace Electronics, covers a variety of Trusted Computing topics with a specific focus on the defense and aerospace industries.

Read the eBook

Trusted Computing for Defense & Aerospace

Curtiss-Wright goes well beyond standard approaches to Trusted Computing to provide truly secure solutions for air, ground, and sea platforms. We keep cybersecurity and physical protection in mind, from design and testing to supply chain and manufacturing.

Protecting Critical Data-At-Rest (DAR) from Unauthorized Access

Today’s defense and aerospace platforms are required to protect critical data-at-rest (DAR) from unauthorized access. Curtiss-Wright offers cost-effective, proven, and certified commercial off-the-shelf (COTS) storage solutions that match various data security requirements, including National Security Agency (NSA) Type 1, NSA Commercial Solutions for Classified (CSfC), Common Criteria (CC), and FIPS 140-2.