Imagine a brigade combat team deploying into a heavily contested cyber environment where soldiers and commanders must conduct operations, fight, and win while continuing to protect the information and networks they use. This scenario happens in today’s war, but how can soldiers move, shoot, and communicate with yesterday’s approach to cyber hardening platforms?
Today’s systems (satellites, aircraft, surface ships, ground vehicles, and subsurface vehicles) have large numbers of electronic components including microprocessors, microcontrollers, sensors, actuators, and internal (onboard) and external (off-board) communication networks. Hardening and securing these systems is currently performed using checklist approaches like the Risk Management Framework (RMF) that derive from decades of information technology best practices. Over the last decade, these techniques have served these industries well and have protected platform operators from harm. However, more sophisticated cyberattacks are challenging the military and industry every day, proving that defense-in-depth solutions are not enough to evade and recover from tomorrow’s adversarial attack.
Shifting Cyber Perspective
NIST defines cyber resilience as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” Cyber defense emphasizes keeping our adversaries out of the system by placing multiple layers of security controls throughout the system, providing defensive redundancy to displace cyber-attacks.
The company I work for, BAE, organizes our cyber resilience engineering practices around five pillars. They include well understood foundational defense-in-depth solution design and traditional risk management framework accreditation approaches. They also introduce new dimensions of design and provide a foundation for what we call Resilience-in-Depth. The pillars are:
1. Prepare. Identify the relevant cyber threats and attack vectors, understand the consequences of a cyber-attack, and analyze the attack pathways
2. Prevent. Harden the system environment using cybersecurity best practices
3. Detect. Monitor the system and its operating environment for signs of intrusion
4. Respond. Dynamically react to cyber-attacks to reduce or eliminate harmful impacts
5. Recover. Autonomously repair damage from a cyber-attack to assure continuity of operations
The five pillars of cyber resilience delineate between the static defense and dynamic resilience aspects of cybersecurity solutions. The delineation expands cyber resilience to focus on responding when defenses fail and the adversary is already inside.
Next-generation cyber resilience engineering
Applying offensive thinking to solve defensive problems goes beyond integrated defense-in-depth engineering processes and is the difference between cyber defended platforms, and cyber resilient platforms. Creating capabilities with the adversary in mind uses threat intelligence, attack-vector analysis, offensive developed architectures, and attack models that describe adversarial threats in a platform’s operational environment.
Resiliency-in-depth solutions are developed through engineering processes that use dynamic architecture models to reason over the functional architecture about cyberattacks and responsive/recovery options. These models also include attack surface, resilience controls, dynamic response planning, describe platform specific attacks and provide context for developing cyber resilient platform systems.
Cyber resilience engineering processes are being developed to strengthen the design of military platforms. We are studying new model-based engineering techniques to organize project data, manage complexity, and analyze dynamic relationships among security and resiliency controls. Such techniques are applied to predictively and proactively access cyber responses through adversarial knowledge to enable engineers to design platforms that adapt and respond to use-cases outside the scope of the traditional requirement space.
Next-generation cyber resilience technologies
For seamless integration of detection, response and recovery technologies, our approach includes a scale of five levels ranging from the individual microchip to the fully integrated platform vehicle. At each level, preventative defensive security controls are placed in strategic locations specifically to break attack vectors and provide a layered defense. Then, resiliency controls are added to the defensive controls to address the dynamic aspects of attack detection, response, and recovery. These actions provide a core level of layered defense and resilience at each of the five levels of scale (chip, board, assembly, bus, and platform).
Life-like dynamic responses to adversarial attacks allows intrusions to be autonomously isolated and contained so that operational platform effectiveness is less impacted. Failure to design the proper system dynamics results in unintended and undesirable emergent system behavior that may also be potentially exploitable. For example, inaccurate bus-level Intrusion Detection System (IDS) detections may trigger a dynamic response that shuts-down functions, thereby threatening operator safety and reducing mission effectiveness.
As foreign adversaries increase their platform cyberattack capabilities, we need to shift from ‘Defense-in-Depth’ strategies to incorporate ‘Resilience-in-Depth’ strategies. A necessary first step to addressing this need is to demystify platform cyber resilience and enable engineering teams to work with offensive data to solve defensive problems. The resulting processes provide a repeatable and measurable approach to designing and developing highly defendable and highly resilient platform systems with a fast-track to operational accreditation and with increase battlespace survivability.
Mark Vriesenga is the director for model based enterprise engineering at BAE Systems. Previously, he served as director of FAST Labs, BAE Systems’ research and development organization and established the cyber resilience capability group focused on developing and deploying cyber systems engineering across the electronic systems sector.