Enterprise Cyberdefenses Needed to Defend Embedded Networks
August 09, 2021 | BY: John Wranovics
Published in Military Embedded Systems
In order to achieve and maintain warfighting overmatch, coordinate deployed forces, and enable new warfighting capabilities, the U.S. Army, Air Force, Navy, Marine Corps, and Space Force are actively looking to new programs such as Joint All Domain Command and Control (JADC2) to ensure warfighters have maximum situational awareness. This push to upgrade is driving the development of end-to-end networks linking the cloud, command posts, combat platforms, and dismounted warfighters. It also anticipates the addition of vast numbers of sensors and video feeds – backed by big data processing, artificial intelligence, and machine learning – to speed decision-making across all warfighting domains.
This vision of a networked battlespace includes standardized and interoperable data formats and application programming interfaces (APIs), which would break down barriers and stovepipes between information sources, applications, and platforms – enabling commanders and data analysis systems to develop common operating pictures. While the benefits of this vision are compelling and easy to understand, it raises a concern that should not be ignored: As the size and complexity of these networks grows, so does their cybersecurity attack surface. That is, the network will have more places where it can be attacked and will have more vulnerabilities that must be managed. This type of network proliferation also has a side effect of introducing cybersecurity threats into locations that traditionally were less vulnerable to outside attackers, such as embedded systems. This situation is only exacerbated by widely acknowledged, increased warfighting activities in the cyber domain by our near-peer adversaries.
This vulnerability is not a theoretical risk, and the U.S. Department of Defense (DoD) will be wise to learn from lessons in the industrial sector, which has experienced attacks on embedded systems typically used for so-called operational technologies (OT), those systems used for applications such as process control over manufacturing equipment. Historically, the industrial sector has used “air gap” techniques to isolate OT, using barriers to keep certain operations safe from highly connected networks. However, the benefits of interconnecting these devices and automating IT management of OT has opened up the threat landscape. A recent incident involving a ransomware attack on gas-pipeline operations (as reported by CISA [Cybersecurity and Infrastructure Security Agency] at https://us-cert.cisa.gov/ncas/alerts/aa20-049a) provides an excellent example.