“There are multiple threat entry points. What we talk
about when we look at capabilities that we want to put
out there are threat characteristics and threat groupings.
You look at it from an outsider threat, an insider threat
and then you want to look at your supply chain.”
By supply chain security, the concept is to make
sure that when the components of systems are pur-
chased, the heritage of the parts is known and they are
certified to be free of malware.
Ensuring the integrity of the supply chain is one
aspect of cyber hygiene, reducing insider cyber threats
by practicing fundamental, routine secure practices
such as protecting passwords, ensuring software is up
to date and knowing who has access to which systems.
“If we do those things, we will protect approximately 75 to 80 percent of the vulnerabilities out there
today,” Williford said.
Cyber hygiene also is stressed by Stu Young, director of systems engineering for NAVAIR and director
of its Cyber Warfare Detachment. By training aircraft
maintainers about hygiene, he said, systems “can be
protected by the human in the loop and by having
dedicated maintenance and logistics personnel. … We
consider the people the first line of defense.
“The least expensive thing we can do is to make
somebody aware: never connect this laptop to the
aircraft under these circumstances, make sure you’ve
flipped all these switches off, make sure you’ve
powered down these systems,
make sure that the software
has been signed by a designated
authority and that it has been
reviewed and cleansed,” Young
said. “We can make tremendous
progress just through good aware-
ness and training and procedure
standardization, as opposed to
elaborate technology fixes which
are very expensive.
“The way we characterize the
threats to our weapon systems and
control systems is by attack sur-
face and attack vectors,” he said.
“Attack surface is all the different
ways somebody can get into our
information technology and sys-
tems and then do something to
affect its performance. The attack
vectors are the very specific meth-
ods they might use to do that,
whether it is through the supply
chain, maintenance equipment,
human intelligence or devious means. We try to protect
in various degrees against all of those.”
One attack surface is “malicious software which is
more typical in the enterprise IT environment,” Young
said. “Those are cases where whether it is to support
equipment or maintenance or a software load of some
kind, somebody injects a virus into the weapon system
that was probably intended for something else but it
can cause our systems to malfunction, slow down, not
operate properly. So, in a weapon system context, it con-
tributes to I’d say is the fog of war for the operators.”
The second attack surface would be a more pointed
attack, “typically malformed data with a trigger,” he
said. “That is data that finds its way in there and now
it is sitting there latent on the system. We may not
have a clear indication that it is there if we haven’t
really looked for it. And if we don’t know it’s there,
at the worst possible time, it can come back and bite
us by blocking communications or navigation or even
causing a weapon to malfunction.
“In the very worst case, it could bite us by having
a kinetic effect where it causes a critical safety system
not to perform, like an engine ignite, and, literally,
take down an aircraft,” Young said.
NAVSEA embraces a concept called defense in-depth
functional implementation architecture, segregating
the enclaves of a ship — weapons, navigation, HM&E,
aviation, etc. — with virtual or physical boundaries such
Chief Warrant Officer Vergel Amado stands watch in the combat information center aboard
the Arleigh Burke-class guided-missile destroyer USS Curtis Wilbur Sept. 9 in the Philippine Sea.
Navy efforts to protect the combat systems of ships and aircraft from cyber attack must be rec-
onciled with its initiatives to seamlessly network its forces.