Air Force outlines initial steps to protect embedded systems

Air Force outlines initial steps to protect embedded systems

The Air Force relies on embedded systems for a variety of tasks such as aircraft flight control, radar or electronic warfare system operation, munitions interfaces and spacecraft system control. According to a recent study conducted by the Air Force Scientific Advisory Board, however, the inherent cyber risks and vulnerabilities associated with embedded systems is not well understood by the Air Force, which also doesn’t have enough embedded system expertise to provide long-term mitigation.

An abstract of a recent study, titled “Cyber Vulnerabilities of Embedded Systems on Air and Space Systems,” was presented to senior Air Force officials in July. It examined the use of embedded systems across the service, identifying prior attacks, assessing potential vulnerabilities and categorizing risks. The study aims to identify ways to reduce vulnerabilities and develop a roadmap for technology development that will lessen these risks.

The Scientific Advisory Board offered 10 recommendations:

  1. Employ digital signatures and code signing and require future systems to cryptographically verify all software and firmware as it is loaded onto embedded devices.

  2. Use software assurance tools, processes and independent verification using appropriate standards.

  3. Employ hardware and software isolation and randomization to reduce embedded cyber risk and improve software agility.

  4. Improve and build cyber skills and capabilities for embedded systems.

  5. Adapt Air Force Life Cycle Management Center cyber-resiliency requirements process to embedded systems.

  6. Protect design/development information against exfiltration and exploitation.

  7. Develop situational awareness hardware and analysis tools to establish baseline embedded operational patterns.

  8. Develop and deploy continuously verifiable software techniques (such as dynamic attestation).

  9. Develop and deploy software assurance tools and processes specific to USAF embedded systems.

  10. Work with defense microelectronics agencies to deploy trusted methods compatible with off-shore manufacturing.

The full report will be published in December 2015.

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.

inside gcn

  • machine learning

    Mitigating the risks of military AI

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group