RSS feed Add to your Facebook page Watch us on Youtube

Activity title

Cyber Security of Military Systems

Activity Reference

IST-151 (IWA)

Panel

Information Systems Technology

Security Classification

NATO UNCLASSIFIED

Status

Active

Activity type

RTG

Start date

2016

End date

2019

Keywords

Cyber security, cyber security assessment, cyber security risk management methodologies, embedded systems, fuzzing, military platforms and systems, penetration testing, red teaming, reverse engineering, systems security engineering processes

Background

Military platforms are more computerized, networked and processor-driven than ever. They heavily use data buses like MIL-STD-1553A/B, CAN/MilCAN, RS-422/RS-485, AFDX and even plain Ethernet, and old standards for tactical communications like MIL-STD-188C, to cite only a few. Moreover, captors, sensors and many embedded systems are additional unguarded potential inputs for aggression that extend the attack surface. The consequence is an increased exposure to cyber-attacks and thus, an amplified risk. However, the continuous and stable operation of these platforms is critical to the success of military missions and people safety. In 2014-15, the Exploratory Team IST-ET-078 prepared the ground for this RTG by defining a scope, exchanging some cyber security assessment methodologies and best practices and selecting candidate systems to assess. The main goal was always to prepare a hands-on, practical NATO activity that has an appreciable impact. NATO nations own a considerable amount of military platforms and systems that may face cyber-attacks. Therefore, NATO would benefit from leveraging current processes and methodologies to design more secure systems and assess current systems’ cyber security.

Objectives

This activity will share and apply methodologies, processes, tools and technologies to assess military systems’ cyber security. Lessons learned and, potentially, assessment results and mitigations will also be reported

Topics

Systems security engineering processes; cyber security risk management methodologies; tools and technologies used in these processes and methodologies, including both paper-and-pencil, such as architecture review, and hands-on activities, such as reverse engineering, penetration testing and fuzzing; results, mitigations and lessons learned from using these processes and methodologies.

Contact Panel Office