US strategic advantage depends upon addressing cybersecurity vulnerabilities of weapon systems

US strategic advantage depends upon addressing cybersecurity vulnerabilities of weapon systems


Russia’s war with Ukraine is an act of ruthless ambition that exemplifies President Vladimir Putin’s commitment to “victory” at any cost. The movements of a hybrid war are in motion as we witness the fusion of conventional and unconventional conflict tools on the battlefield. Russian state-backed actors have employed cyber operations to disrupt, degrade, and deny Ukraine’s infrastructure, including its power grid, transportation networks, and satellite communications. Engrained in Russian cyber doctrine is a reliance on asymmetric tactics to create parity with or gain advantages over adversaries. As the conflict fans get wider and deeper, U.S. defenders and policymakers need to consider the additional unconventional capabilities that Russia can deploy to gain battlefield advantages. One such possibility is the use of cyber attacks against modern Western weapons systems.

Many weapons systems are based on technologies that carry inherent digital vulnerabilities, making them susceptible to cyberattacks. As the possibility of a miscalculation resulting in a NATO/Russia confrontation increases, so does the risk of exposure of these digital weaknesses.

The power to create weapons system cybersecurity improvements exists in the US Congress; however, with each passing fiscal year, policymakers lose the opportunity to reduce the tax burden of reparation. Known digital vulnerabilities in Joint Force weapons systems introduce unintended and unrealized risk from technologically advanced adversaries, and Congress has an opportunity to address them in the National Defense Authorization Act ( NDAA) for fiscal year 2023.

Battlefield within weapon systems

The seminal 2018 Government Accountability Office (GAO) report, “Weapon Systems Cybersecurity: DOD Is Just Beginning to Grasp the Scale of Vulnerabilities” represents a turning point. The report revealed mission-critical cyber vulnerabilities in nearly every Defense Department weapon system in development and prototypes. Declassified examples are not uncommon:

  • A 2021 briefing by the DOD inspector general revealed cybersecurity vulnerabilities in a B-2 Spirit bomber, guided missiles, missile warning system and tactical radio system.
  • The 2018 Annual Report of the Director of Operational Test and Evaluation found that legacy variants of the infantry carrier vehicle are susceptible to cyber attack in contested environments.
  • A 2021 GAO report demonstrated how easily an adversary could compromise and take control of weapons system platforms without detection.

There are a number of challenges that make weapon systems more difficult to secure. Supply chain disruptions and the compatibility and maintenance support of systems with life cycles of decades are a few. Modernizing legacy weapon system technology with information technology (IT) and operational technologies (OT) is another. OT components control the most sensitive functions of aircraft, ground combat vehicles and artillery, such as engine and transmission controllers and braking systems. Convergent OT and IT are poorly secured, creating opportunities for adversaries to penetrate critical environments, move laterally through defense networks, and wreak havoc on operations.

National Cyber ​​Director Chris Inglis recently said that increased scrutiny must be placed on OT as “critical functions rely on it to an even greater degree than they do on purpose-built IT general”.

Awareness in action

Beginning with the FY 2016 NDAA, Congress has directed several reports aimed at determining the extent of digital vulnerabilities in DOD weapons systems; however, it has failed to assign accountability measures or adequate proportional funding to correct them.

There are several instances of Congressional efforts to raise awareness. The House Armed Services Future of Defense Task Force issued a 2020 report that concluded that the volume of weapons system vulnerabilities, compared to the threat posed by adversaries, presents a risk to national security. The 2020 Cyberspace Solarium Commission legislative proposal recommended that DOD assess and address cyber vulnerabilities in weapons systems annually.

This year, the DOD’s Under Secretary of Defense for Research and Engineering and Chief Technology Officer released a memorandum outlining a National Defense Science and Technology Strategy to strengthen US military technology.

In particular, a 2022 letter from a bipartisan group of members of the House Armed Services Committee (HASC) commended the Department for efforts to ensure that new weapons systems are developed with OT vulnerabilities in mind , reiterating the need for more work to address system weaknesses.

Other steps to take

U.S. Representative Jim Langevin, outgoing chair of HASC’s Cyber, Innovative Technologies, and Information Systems (CITI) subcommittee, recently stated that it is time to move “from admiring the cybersecurity problem to offering solutions viable”.

There are promising homegrown initiatives at DOD, commercial suppliers developing innovative technologies, and ongoing military training to enable weapon system operators. For example, this year’s Emerald Warrior exercise simulated cyberattacks inside aircraft operations for the first time.

These initiatives are important, but more is needed from the 2023 NDAA.

Expand existing programs: Given the evolving threat landscape and OT commonalities across platforms, DOD should expand programs to cover a wider range of systems and establish plans to address cybersecurity vulnerabilities in systems older ones At the core of these plans should be robust monitoring and discovery programs.

Include the correction in advance: Congress should approve language for inclusion in the NDAA regarding the remediation of cyber incidents and the completion of commercial technology maturation and expansion in DOD programs and weapons systems.

Create a baseline: Congress should include language directing DOD to address serial data network vulnerabilities, certify a baseline to track technology improvements, and build on efforts to reduce cybersecurity risk .

Liability measures: Codify mechanisms to assess progress based on legislative and policy requirements. These efforts would place DOD in charge of ensuring the security and readiness of joint force weapon systems..

Russia’s willingness to engage in Ukraine, coupled with the possibility of battlefield miscalculations that attract NATO, heightens the urgency with which Congress and the DOD should protect weapons systems from cyberattacks.

Few would argue that maintaining control of weapons systems is a national security imperative that needs to be addressed immediately. Congress and DOD should work diligently and quickly to require, fund, and deploy cybersecurity solutions that protect US weapons systems as soon as possible.

Whether a B-52 or a Stryker, the complete overhaul of the Joint Force’s modern and legacy weapons systems requires investment today to ensure the US and NATO maintain a strategic advantage if called upon to conduct operations tomorrow.

Alexander Gates is the research director at OT cybersecurity firm Shift5. Previously, he had a 40-year career serving at some of the highest levels of US national security in the areas of cyber threat, signals intelligence, investigative and information assurance. He served in the US Air Force; led cyber initiatives at the NSA, including the defense of its Threat Operations Center; and as a former senior cyberspace advisor at the US Department of Energy, he led intelligence-driven initiatives to secure the nation’s power grid. Gates has also represented the NSA and DOE at the White House and the Pentagon, and before congressional committees.



Source link

Related post

Open House: What steps can be taken to check the rising cases of suicides among youths? : The Tribune India

Open House: What steps can be taken to check…

Education institution should set up helplines To begin with, it should be made clear that stress is a physical reaction to…
Here are the top 25 start-ups to work for in India

Here are the top 25 start-ups to work for…

It’s also great to see young professionals embracing India’s startup ecosystem, with 56% of all hires at the top 25 startups…
Micro:bit launches new Python Editor to help more children learn text-based coding languages

Micro:bit launches new Python Editor to help more children learn…

Micro:bit Educational Foundation, the educational nonprofit on a mission to improve children’s digital skills, today announced that it’s even easier for…

Leave a Reply

Your email address will not be published.