The Army is scouting for an intrusion defense system for military ground vehicles that will protect against cyberattacks.
Because some military vehicles use the same software and electronic architectures as commercial vehicles, they are potentially vulnerable to hacking. To help it defend its fleet, the Army Tank Automotive Research, Development and Engineering Center is scouting for an intrusion defense system that can “protect against and mitigate cyber-attacks on military vehicles,” according to a recent request for information.
The RFI provides few details other than some information on vehicle power and cooling requirements for the vehicles, but Richard Bowers, the manager for unmanned surface vessels at Leidos, said this was likely intentional so the Army can "cast a wide net to see what tools exist.”
So what kind of technologies will the Army see in responses? They will likely fall into two camps, prevention and detection, according to Andre Weimerskirch, the vice president of cybersecurity and functional safety at Lear Corp.
Prevention will include segregating the network, so if hackers make it onto one part of the system they won’t be able to travel to other parts of the vehicle. It will also include secure booting, which will prevent the system from booting up if manipulated software has been detected. Network communication also has to be protected, said Weimerskirch, who has also worked with University of Michigan’s MCity research facility for connected and autonomous vehicles.
Secured vehicles also need software to detect any malware that has gotten in. Typically, detection software reports to a cloud-based security operations center that runs analytics on collected data to identify cybersecurity issues.
The onboard software, in combination with the cloud environment, makes up an intrusion detection system. Intrusion detection systems are out of the research phase and will likely be included in consumer automobiles as early as 2020, Weimerskirch estimated.
But there are some important differences between the consumer environment and the military battlefield, most notably the motivation behind the attack. Hackers targeting consumers are likely to have financial motives -- a ransomware attack that disables a car until the hacker is paid, for example. In the military, the possibility of electronic vulnerabilities being exploited by nation states means "you need to have far higher standards when you build your security around military devices,” Weimerskirch said.
“It is an area of concern for our customers,” Bowers said, especially as the use of autonomous systems increases.
“When you’re looking at an unmanned or an autonomous system, everything is software driven, so you have unique attack vectors,” he said. Those systems must be trusted and predictable, so cybersecurity will have to keep pace.
“What’s new is coming up with a system that can respond to threats even while it's on the battlefield,” Bowers said. “What we’re looking at is technologies that will allow the cybersecurity itself to become autonomous and be dynamic and on the network even while it's deployed.”
Autonomous cybersecurity will be able to recognize new threats based on characteristics of existing threats and to analyze system behavior to recognize if something is wrong, he said.
Part of this analysis will be handled by intrusion detection systems, but integrated system health monitoring will also scan for problems that are less obvious than a hack or intrusions, he said.
Besides prevention and detection, autonomous vehicles must have the ability to be patched in fighting environments that have very little bandwidth. “You can’t have them all come back to base to update a new service patch every Tuesday like you do with your office computer,” Bowers said.
Responses to the Army’s RFI are due by noon on April 24.