Get off the 'bus'
Two systems to deal with possible cyber tampering
At the 2019 Def Con hacker convention in early August, the U.S. Air Force invited ethical hackers to find vulnerabilities in an F-15 Eagle fighter jet. And they did.
The hackers infiltrated the Trusted Aircraft Information Download Station, which collects data from video cameras and sensors.
"There are millions of lines of code that are in all of our aircraft and if there's one of them that's flawed, then a country that can't build a fighter to shoot down that aircraft might take it out with just a few keystrokes," Will Roper, the Air Force's top acquisition official, told The Washington Post, Aug. 14.
Raytheon has developed a technology called the Cyber Anomaly Detection System, or CADS, that uncovers cyber intrusions, tampering and hacks, then notifies aircraft and vehicle crews.
“When these jets and platforms were built, cybersecurity wasn’t even a consideration,” said Greg Fry, Raytheon CADS product manager. “Now, everything is interconnected, and cyberattacks can be introduced into aircraft, vehicles, spacecraft and weapons system in numerous ways.”
The system software looks for anomalies on the 'buses' of aircraft, satellites, missile systems and vehicles, among other platforms and systems. Buses are communication systems that control, monitor and transfer data between different electronic components on the platform and remote terminals. An attack on a bus could threaten flight or vehicle safety in the form of denial of service, access to avionics components, equipment failure or sending deliberately incorrect information.
“On an aircraft, there’s up to 30 remote terminals hooked up to the bus, which controls things like fuel valves, flaps, autopilot, lights and landing gear, among other things,” Fry said. “On a military vehicle like the Abrams tank, the bus connects to the turret and communications equipment, among other electronic components.”
CADS allows pilots, drivers and technicians to identify, isolate and address cyber threats before they impact critical systems.
“CADS lets the pilot or the driver know if anything falls out of the rule set, so they can determine how critical the situation is,” Fry said. “For example, if a fuel switch gets turned off, they might be able to simply switch it back on or override it. If it’s a minor problem like that, then they can decide to continue with the mission but if it’s something major, then they may have to scrub the mission.”
CADS monitors for the slightest deviations on the MIL-STD-1553 communication bus. New interface modules can easily be added to support additional communication protocols, such as MIL-STD-1760, ARINC 429, or Controller Area Network, or CAN, bus.
“CADS is system-agnostic, so we can adapt to any communication bus; we just create a new module for our core code base,” Fry said.
CADS also acts as a “flight recorder of sorts” for gathering and storing bus traffic—akin to a black box. This data can then be used offline for forensic investigation and fleet-wide analysis.
“This is a big and real threat now, and it will continue to be one in the future,” Fry said. “This isn’t like ransomware or malware that steals your credit card information. Cyberattacks against military platforms and commercial airliners can result in dire consequences.”
Another layer of protection
Another Raytheon technology called Electronic Armor complements CADS. It comes in two components: Electronic Armor – Operating System and Electronic Armor – Trusted Boot. It provides a foundational layer of protection.
“Most of these systems were built before the cyber threat was understood, and from an engineering perspective, these systems have cyber vulnerabilities,” said Joe Richard, Raytheon Cyber Resiliency products manager. “We’re trying to build trust back into these systems by mitigating any risks associated with cyber vulnerabilities.”
Electronic Armor securely measures and monitors the boot and runtime environment, preventing unauthorized access, copying, modification, reverse engineering or deletion of critical software, intellectual property, or sensitive data.
EA-TB cryptographically measures every element of code loaded and executed during the boot sequence and validates it against known good values.
“Even if the system has been compromised, Electronic Armor – Trusted Boot can run unaffected and stop the OS from booting up,” Richard said.
Once EA-TB allows the operating system to boot up, it hands off to Electronic Armor – Operating System. EA-OS secures software and data from being modified or even copied off a system for offline analysis by an attacker.
“Once in memory, EA-OS is preventing other processes from reading, writing, and gaining access to that application,” said Jacob Noffke, Raytheon Electronic Armor technical lead. “It prevents removing, modifying or otherwise tampering with what’s on the system.”
Electronic Armor has been deployed on more than 25 U.S. Department of Defense programs.
“In the past, customers were just focused on securing the most mission-critical systems and devices,” Richard said. “This technology could be deployed to every system and device, down to a soldier’s laptop.”