Can The Air Force Stand Against A Cyber Attack?
This post is also available in: 
עברית (Hebrew)
The air force is always looking to take the lead with advanced technologies, in computers and electronics. Each day the air force’s technical divisions are working tirelessly to integrate sophisticated systems with the existing hardware or develop new hardware for the force. We must not forget, however, that the enemy is also working every day to find breaches and new challenges these technologies must face.
At this age, embedded computer systems are becoming increasingly common. At the same time, sophisticated cyber attacks are also increasing, risking these essential systems, which makes their security all the more important. The air force relies on embedded systems in a range of missions such as aircraft flight control, control surface actuation, radar or electronic warfare system operation, munitions interfaces and spacecraft system control, among others.
A report written by the air force’s Scientific Advisory Board was recently published and notes the vulnerability of these aerospace embedded systems. For this report, the board conducted several tests each year. The study sought to survey the use of embedded systems across the Air Force, identify prior attacks against embedded systems, assess potential cyber vulnerabilities, categorize risks, identify potential mitigation efforts and develop a roadmap for technology development to lessen vulnerabilities in the near, mid and far term.
The report showed that U.S. air force’s ability to provide long-term security to such systems is lacking, and that vulnerabilities to such systems can be introduced anywhere from the start of the supply chain through maintenance, as well as by direct attacks or through radio frequency signals, noting that these vulnerabilities exist despite the fact that embedded systems lack Internet connections.
In the one-page abstract, the board said several elements factored into its recommendations. First, the abstract stated that embedded systems face challenges separate from similar networked IT and commercial systems such as auto, aircraft and industrial control, but lessons learned from those sectors still can be useful. Second, traditional protective strategies won’t work for cyber mitigation. Third, the Air Force doesn’t have enough embedded system expertise to provide long-term mitigation. But fourth, a broad-based set of immediate actions can afford embedded systems protections beyond just basic cyber hygiene.
However, the board did add a list of immediate actions to provide better protection for these systems such as to implement digital signature and have future embedded systems confirm via code all the softwares installed in them. Creative solutions are right around the corner, then, with just a little creativity.
