Cyber is an increasingly risky space. With more and more companies and institutions relying heavily on online operations, the need for enhanced cybersecurity has never been greater. The more people who connect their organization’s phones and laptops to home networks, the bigger the risk it is for the organization’s networked systems. Such vulnerabilities allow opportunity for cyber threat actors to operate undetected inside a network for long periods of time. The recent SolarWinds cyber-attack is a prime example that most organizations are not prepared for such a large-scale cyber intrusion.
Traditional cybersecurity is focused on countering cyber threats to enterprise IT networks, like hacking into email servers. Over the past few years, efforts to secure critical Operational Technology (OT) systems have become more prominent. Built on the baseline idea of cybersecurity — the ability to preserve a network’s confidentiality, integrity and availability in the face of cyber risks — two additional lines of cyber defense have emerged: Cyber Resilience and Cyber Survivability.
This is especially important when it comes to military defense.
As challenging as cyber threats are to most people, imagine an advanced cyber-attack against a fighter pilot during a mission. Once a system is breached, the jet’s cyber defenses need to withstand the attack long enough for the warfighter to complete their assignment and return home safely. As antagonists are constantly evolving their cyber-attack methods, it’s imperative for defense networks to have the ability to prevent, mitigate and recover from serious cyber events all while performing the assigned tactical mission. An aircraft’s platforms must be cyber survivable to be able to successfully operate in the face of adversaries.
“Cyber Resilience evolved beyond the Risk Management Framework (RMF) — largely procedural and compliance activities — into an idea that we want to design key system attributes into a weapon or mission system that enable that system to continue to function in the face of unplanned disruption,” said Northrop Grumman Cyber and Information Solutions Director of Business Development, Dean “Data” Clothier. “As a specialty within System Security Engineering (SSE), Cyber Resilience is all about engineering design and the kind of system attributes that you want.”
Clothier went on to provide example questions that one may ask regarding the system attributes needed to fight through a cyber-attack: Does a mission system continue to operate when facing a range of potential sources of disruption, ranging from extreme weather events, to critical component failure, to operator error, to sophisticated malicious cyber activity? Once this cyber systems security engineering design is complete, then it naturally flows into the technology element of the NIST Risk Management Framework cybersecurity control selection. Clothier further explained that cyber resiliency ensures that a system, or the infrastructure on which it depends, is designed to “anticipate, withstand, recover and adapt” to disruptions and continue to function effectively, especially those caused by cyber-attack.
In today’s cyber battlespace, it’s not only vital for weapon systems to be resilient, but to be survivable as well.
“Cyber Survivability came from a different community — the joint warfighter who has systems survivability requirements that a weapon system, to be an effective defense warfighting platform, has to be designed to be survivable in its planned operational environment,” Clothier said. “If you’re the United States European Command, you want to be able to have weapon systems that can operate in the face of Russian weapon systems. If you’re United States Pacific Command, you’re worried about North Korean or Chinese-specific threats.”
Understanding what nation state cyber threat actors are capable of doing is key to the “threat-driven design” approach needed to counter the highest tier of actor the systems have to operate against, explained Clothier. The U.S. government states the performance requirement and it’s up to the system designers to figure how best to do that. Today, the cyber requirements on a U.S Department of Defense (DoD) weapon/mission system are likely to include elements from all three areas: Cybersecurity RMF, Cyber Resilience/SSE and Cyber Survivability. It is important to interpret these requirements from their individual frameworks, and then identify the complementary inter-relationships between all three.
Preserving Critical Functionality to Complete the Mission
A program is only cyber survivable if it understands the highest adversary threat tier that the DoD states it needs to be designed against for which to operate. This requires a threat profile that details the capabilities and threat chain of the most capable actor of the required threat tier. Once this is determined, the threat driven design of a system begins with an analysis of the overall threat chain that examines how the actor would seek to breach and disrupt that system. This threat chain is then aligned against the three pillars of Cyber Survivability: Prevent, Mitigate and Recover from cyber-attacks.
“First, the ‘Prevent’ pillar focuses on a range of technology approaches that can keep nation state actors from breaching the system and establishing root level access inside our system,” Clothier said. “Second, we have to assume that sooner or later they will breach it — that’s explicitly a requirement from the DOD — so that leads to the ‘Mitigate’ pillar. This pillar aims to keep the system operating at its required level of performance to complete the mission.”
Warfighters can’t disconnect from the mission and go home—the cyber survivability performance mandates that they can complete the mission even if breached. “Once the mission is over, we must have systems that rapidly restore to full functionality within a specified time — that’s the ‘Recover’ pillar,” he continued. “If you can then take the cyber threat profile, design and test against it, then you know it’s a cyber survivable system.”
Cyber survivable systems need to be built to maintain effectiveness against a certain threat level across its entire lifecycle.
“That necessitates that you not only think of the architecture and cyber solutions when you build a system, but design it in a way that it’s rapidly reprogrammable and has a strong modular design to facilitate regular upgrades for the entirety of a weapon system’s lifespan, which often reaches 30 years,” Clothier said. Outdated weapon systems can be used for decades, but the cyber threat changes incredibly fast. The system’s ability to be reprogrammable and make quick upgrades is essential to cyber survivability.
Flexibility is Key
Any digitally-connected device needs to be modular and quickly reprogrammable in order to make cyber updates for a secured network. For instance, smart TVs are equipped with video and audio recording capabilities that can pose a risk to people’s privacy when hacked, yet they lack security software that detect virus signatures, much less so than more advanced cybersecurity technologies.
The ability to upgrade a system’s security software is fundamental.
“Cyber exploits are driven by vulnerabilities, and these vulnerabilities are driven by new technology releases that are driven by new product release cycles,” Clothier explained. The more niche the hardware, the less likely it will have reprogrammable systems. As adversaries continue to advance and evolve their cyber warfare capabilities, it’s especially important for our military weapons systems to be cyber survivable against these nation state threats.
Northrop Grumman cyber experts are tackling some of the biggest challenges in the world. See how you can become a cyber defender.