Jim McColl, Senior Engineer, Shift5
While attending the March NDIA Cyber Security for Ground Combat Vehicles conference, I participated in a breakout session where we debated the extreme consequences of only using bolt-on products or only using designed-in products as defense lines for cybersecurity. What resulted was a wonderful conversation about just how faulty the Department of Defense (DOD) acquisitions process is and some ideas on how to fix it.
“Our nation’s premier fighting vehicle’s internal technology metaphorically exists somewhere between a clock radio and an iPhone, and this is a problem.”
What I mean is the technological evolution of a tank went from a completely mechanical system to an analog-mechanical system to the current digital-analog-mechanical systems. As processors, FPGAs, and memory became less expensive, it became cheaper, more efficient, and more lethal to incorporate digital components into these systems. Consequently, entire systems were consolidated and digitized, but this came at an unforeseen cost: digital systems are easier to manipulate and are more susceptible to intrusion. The result is that it is no longer science fiction for an adversary to shut down a vehicle with the covert propagation of malicious code, but a reality and a constant threat.
Designing a Solution
There are a couple of paths we could take for solving the security vulnerabilities posed by digital technologies, and they each have pros and cons.
- Return to analog and avoid digital problems. This solution throws away the technological, cost, and efficiency advantages and brings back completely analog systems that are more physically secure by nature.
- Combat digital problems by embracing digital solutions. This solution requires an incremental institution of modern design and security principles coupled with yearly modernization efforts.
The Costs of Returning to Analog
While option one would get rid of the cyber threat, it would put our nation at a distinct disadvantage at nearly every other measurable area in modern vehicular design. It may be a viable strategy if combined with an aggressive offensive cyber force, but it would come at a cost of a complete redesign, restructuring, and retraining of our military for which the monetary cost alone would be infeasible.
Before I discuss option two, let’s first consider what makes an iPhone great as a way to illustrate why returning to analog (the equivalent of a rotary phone) would put our military at a disadvantage. The iPhone was logically designed to allow for future proofing through modularity. Or to put it another way, when Apple’s engineers were designing the iPhone they had no idea what it would be used for in the future, so they invest a LOT of time and effort into designing a system that could handle change.
With that, how does Apple find and decide on which emerging technologies to incorporate into the iPhone? Through the application store. Apple requires all of its app developers to turn their source code over to Apple for review. If an app becomes popular enough, Apple may acquire that company and build its app into the iPhone (example: Siri). If you think this is a recent phenomenon, I suggest you checkout Wikipedia’s wiki on Apple’s acquisitions, particularly the history of their acquisition of NeXT. (https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Apple)
A reversion to older, analog technology would prevent our military from the benefits of emerging technology, rapidly leaving them behind their international counterparts.
The Benefits of Embracing Digital Cyber Security Solutions
Finding and incorporating the best and brightest digital solutions is a heavier lift than a reversion to older technology. It requires the identification of appropriate solutions, ongoing testing and iteration of products, and building and onboarding those solutions onto military vehicles. However, the payoffs of doing so are clear: the military can pick and choose the components that best meet emerging needs and threats, thereby resulting in a more effective, more comprehensive line of defense.
Using an iPhone Mentality to Evaluate Bolt-on Security Solutions for Ground Combat Vehicles
The iPhone method of identifying the best solutions by tapping outside talent, then down-selecting and incorporating new features conceptualized by that talent is one that would work well for strengthening ground combat vehicle security. Instead of focusing on grand vehicle redesigns and multi-trillion-dollar vehicle deliveries which deliver ten-year-old technology to the war fighters of today, the DOD could focus on updating key systems in their current stock and evaluating bolt-on solutions for eventual built-in use with the ground platform.
This would be a two-step process: first via the PEO PM relationships, create a Line Replaceable Units (LRUs) modernization effort to update LRUs to be more digitally modular and lifecycle LRUs similar to computers. Second, create a budget to pressure ground combat platform manufacturers as part of the modernization effort to evaluate and incorporate emerging technologies. Obviously, I’m biased because I work for a vehicular Intrusion Detection/Prevention Systems Company, but let me explain how this would work.
Using the emerging technology budget as a part of the LRU modernization effort, a ground vehicle manufacturer or sub-component manufacturer may decide to outfit ten armored troop personnel carriers with a bolt-on IDS to evaluate its impact and validity. Then as part of future LRU lifecycle, work with the IDS manufacturer to incorporate the solution digitally (or in some cases physically) into the new LRU revision. This accomplishes three goals:
- It encourages innovation and modernization of ground combat vehicles.
- It allows for the development and testing of Band-Aid solutions in the event of a wartime attack.
- It disperses modernization costs over a predictable schedule.
While one and three are self-explanatory, I would like to dive into number two. At any moment in time there is always a delta between your most up-to-date system(s) and legacy systems, which could potentially leave a large number of current stock vulnerable to attack. Encouraging bolt-on emerging technology trials with equipment manufacturers and emerging technology developers allows for the creation of contingency plans should a vulnerability ever be exploited in legacy systems. This would allow DOD planners to be able to more methodically forecast military strength through a variety of scenarios.
To learn more, contact us at firstname.lastname@example.org