You are here

Cyber Vulnerabilities & Mitigations in the Radio Frequency Domain

Description:

TECHNOLOGY AREA(S): Space Platforms 

OBJECTIVE: Identify weaknesses and potential vulnerabilities of embedded system radios to cyber threats. 

DESCRIPTION: The United States Department of Defense (DoD) continually designs, acquires, and deploys best in class, highly complex and capable embedded systems. Due to their often high cost, low-density, long development time lines, and the mission criticality of the services they may provide, DoD embedded systems have a high value to defense of DoD systems. As we have embraced enhanced embedded system computing capabilities, in most aspects we have become increasingly vulnerable to multiple types of cyber threats. While vast resources have been invested with the goal of preventing or identifying intrusions and anomalous behavior within our networked enterprise architectures, comparatively little has been done to enhance the mission assurance properties of United States real-time, embedded computing systems, if they were to operate in increasingly cyber-contested environments. These systems are subject to customized attack types which target the custom hardware, software and firmware that is frequently found in these systems. State of the art approaches to cybersecurity typically focus only on securing components and end-nodes on the network rather than mission assurance and architectural resilience. When coupled with fundamentally flawed protection schemes common in cyber systems today, this approach creates an ecosystem ripe for potential exploitation. Mission assurance requires levels of prioritization where capabilities become the focus rather than the enabling systems. Furthermore, under stress or duress a resilient architecture will maintain some set of functionality, albeit restricted, to stay in mission and meet some level of mission requirements. For many real-time, embedded systems used by the DoD, the primary method of communicating information is the radio frequency link and, as such, constitutes a lucrative and exposed cyber and electronic attack surface across the systems operational life. Major subsystems of the platform, including radios and computers, may exhibit architectural, specification, and implementation vulnerabilities to a variety of RF-enabled cyber methods. The focus of this topic is to develop a library of weaknesses and potential vulnerabilities that might be exploited by adversaries against a variety of radios within the context of real-time, embedded systems. 

PHASE I: Perform research and development for the examination of RF-enabled cyber susceptibilities of real-time, embedded system radios, using a Government-furnished commercially-available off-the-shelf (COTS) radio as a case study. Identify a library of weaknesses and potential vulnerabilities. Formulate novel approaches for mitigation, and document in a final report. 

PHASE II: On the basis of the Phase I research, conduct in-depth RF-enabled cyber vulnerability assessments on two Government-furnished real-time, embedded system radios. Validate selected and prioritized weaknesses on the provided hardware. As a capstone effort, implement innovative techniques for mitigation. 

PHASE III: Use the library developed in Phases I and II to conduct a cyber vulnerability evaluation against an assigned embedded system. Provide tool set engineering support to a cyber assessment against an assigned embedded system. Investigate the usefulness of the developed tool for the assessment of existing or in-development commercial systems. 

REFERENCES: 

1. MacDonald, Douglas G. et al. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION. United States: INMM, Deerfield, IL, United States (US)., 2011. Print.

2. The Science of Mission Assurance. Jabbour, Kamal and Muccio, Sarah. 5, 2011, Journal of Strategic Security, Vol. 4, pp. 61-74.

 

KEYWORDS: Cyber Vulnerability Assessment, RF-enabled Cyber, Embedded System Cyber Security, Real-time System Cyber Security, Cyber Resiliency 

US Flag An Official Website of the United States Government