|Cyber Security of Military Systems|
|Information Systems Technology|
Cyber security, cyber security assessment, cyber security risk management methodologies, embedded systems, fuzzing, military platforms and systems, penetration testing, red teaming, reverse engineering, systems security engineering processes
Military platforms are more computerized, networked and processor-driven than ever. They heavily use data buses like MIL-STD-1553A/B, CAN/MilCAN, RS-422/RS-485, AFDX and even plain Ethernet, and old standards for tactical communications like MIL-STD-188C, to cite only a few. Moreover, captors, sensors and many embedded systems are additional unguarded potential inputs for aggression that extend the attack surface. The consequence is an increased exposure to cyber-attacks and thus, an amplified risk. However, the continuous and stable operation of these platforms is critical to the success of military missions and people safety.
In 2014-15, the Exploratory Team IST-ET-078 prepared the ground for this RTG by defining a scope, exchanging some cyber security assessment methodologies and best practices and selecting candidate systems to assess. The main goal was always to prepare a hands-on, practical NATO activity that has an appreciable impact. NATO nations own a considerable amount of military platforms and systems that may face cyber-attacks. Therefore,
NATO would benefit from leveraging current processes and methodologies to design more secure systems and assess current systems’ cyber security.
This activity will share and apply methodologies, processes, tools and technologies to assess military systems’ cyber security. Lessons learned and, potentially, assessment results and mitigations will also be reported
Systems security engineering processes; cyber security risk management methodologies; tools and technologies used in these processes and methodologies, including both paper-and-pencil, such as architecture review, and hands-on activities, such as reverse engineering, penetration testing and fuzzing; results, mitigations and lessons learned from using these processes and methodologies.