In December, Shift5 attended The Reagan National Defense Forum (RNDF), an annual event that brought together leaders across the defense community to assess America’s national defense policies in the context of the global threat environment.
Amid members of Congress, current and former Administration officials, senior military leadership, and thought leaders in defense, Shift5 attended with a message: defending weapon systems from cyber attacks is a national security imperative.
Shift5’s attendance at RNDF harkens back to the company’s origin story. Co-founders Josh Lospinoso and Mike Weigand are veterans of the U.S. military, and noteworthy among their contributions during service was the 2018 Government Accountability Office (GAO) Report, “Weapon Systems Cybersecurity: DoD Just Beginning to Grapple with Scale of Vulnerabilities.”
The report benchmarked Department of Defense (DoD) weapon systems cybersecurity readiness and vulnerabilities, based on a rigorous audit consisting of cybersecurity testing, and analysis of acquisition and use policies. It spotlit the lack of cybersecurity on weapon systems amid their growing interconnectedness. Since the publication of that report, Congress has sought to better understand the risk and pushed the DoD to defend DoD weapons systems. While the Department remains committed to addressing the issue, the until recently, industry lacked cybersecurity solutions that could gain visibility into DoD platforms’ complex technology stacks, and enable operators to defend them effectively. With so many other nodes of critical infrastructure facing challenges similar to the DoD, Congress has begun to push the commercial sector other Departments and Agencies to leverage the sizeable investments in technology originally developed for the DoD.
Weapon systems are computerized, software-dependent, and increasingly networked. Emerging technologies brought innovation to the information technology (IT) layer of these systems over time, improving usability and capabilities; however, cybersecurity solutions capable of defending the entire system have not kept pace. The layer of operational technology (OT) in weapon systems – once believed to be isolated from other internet-facing networks – has become connected, discoverable, and therefore, vulnerable to cyberattack. OT powers the most critical and sensitive functions of aircraft, maritime vessels, ground combat vehicles, and artillery, including digital components like engine and transmission controllers; braking systems, power/electrical controls; command and control displays; and weapon system controls, among others. Yet, OT remains digitally vulnerable.
“We’ve got now, you know, wings with computers strapped on them. We float computers on the ocean. We launch computers with rocket engines on them. We don’t think of our weapons systems and weapons platforms in that way—but in reality, they don’t function without those computer networks. How do we harden them, defend them and even instrument them, which is often a gap in that world.” – Rob Joyce, National Cybersecurity Directorate Director, NSA
Most OT was created long before modern cybersecurity standards and best practices, and is digitally underprotected today. Why is this a problem? Weapon systems on average have a long lifecycle and the length of their change cycles means that any insecurities in the OT layer create a long window of exposure and vulnerability. Further, operators are locked out of the data flowing through the OT layer of their weapon systems. Without visibility into OT, a malicious actor could penetrate a network, manipulate data, prevent components or systems from operating as desired, all without knowledge of the operator. This risk is antithetical to weapon system readiness and mission effectiveness.
Shift5 changes this paradigm by unlocking data from the OT layer that controls planes, tanks, and other weapon systems. Shift5 allows operators to apply cybersecurity best practices to their weapon systems, allowing operators to gain visibility, detect threats, and maintain resilience of their weapon systems. DoD weapon systems run smarter, safer, and more efficiently with less risk from cyber attack with Shift5.
“Weapon systems must be networked and cyber-proof, to survive in a China fight.” – HASC Chairman, Rep. Adam Smith (D-WA)
Shift5’s message to the defense community about weapon system cybersecurity was received well by national security policymakers at RNDF. Shift5 met with key members of the DoD, House Senate Armed Services Committee, acquisitions officials, and others to discuss the imperative of weapon system cybersecurity at the OT level. In addition to these meetings, General Paul Nakasone, Commander of United States Cyber Command, Admiral Michael M. Gilday, Chief of Naval Operations, and senior leaders from the Air Force, Space Force, and U.S. Cyber Command publicly discussed the imperative of weapon systems cybersecurity defense during their panels and keynotes.
For more information about Shift5’s technology and operational intelligence for weapon systems, visit Shift5 for Defense. Follow Shift5 on Twitter and LinkedIn, and sign up for our newsletter for the latest in Shift5 news.