By Brian Rosson, VP of Federal

Just before Labor Day I had the opportunity to spend the better part of a week in Montgomery, Alabama at the Department of Air Force Information Technology (DAFITC) Cyberpower Education and Training Event. More than 3,000 were in attendance to participate in vital public/private partnership discussions and training sessions centered around how to assess and combat the newest and most prevailing threats to our global networks and national defense.  

I attended the event with John Taglieri, an Air Force veteran and former Director of Communications for the Air Force Mobility Command. We’ve shared our top observations below.

Observation 1: There’s a clear and critical difference between IT security and Onboard OT visibility.

Walking the floor of DAFITC, it’s clear that the military and defense software scene is thriving. Scores of vendors offer everything from productivity tools to technical networking utilities and everything in between, including cybersecurity. 

“We must start treating weapon systems and military aircraft as the computer networks they are. ”

But when it comes to “next generation” cyber warfare, it’s essential to define the new cyber terrain. This not only includes the IT infrastructure that runs the workstations, servers, and networks of our military, but it also now includes the weapon systems and military aircraft that carry out our missions. These vehicles are made up of thousands of digital components that are connected to each other. Each component emits valuable data that can be collected and transformed into useful cybersecurity and operational intelligence.

We must start treating weapon systems and military aircraft as the computer networks they are. The future of armed combat is dependent on the cyber terrain that underpins our most lethal weapon systems, so it’s essential to include the onboard networks of combat vehicles in the cybersecurity landscape.

Onboard systems pose particular visibility and observability challenges arising from their use of serial communication protocols rather than TCP/IP, special considerations around size/weight/power (SWaP), their lack of consistent network connectivity, and their nature as fast-moving assets that operate in multiple locations with varying geopolitical concerns. 

This combination of attributes leaves such organizations exposed to unique cybersecurity, operational, and compliance risk. 

Observation 2: What you can’t see can’t help you.

Military aircraft and weapon systems generate volumes of onboard operational technology data with every single mission. This data is short-lived, and much of it traverses serial bus networks rather than IT networks. Serial bus data cannot be seen or analyzed with most traditional IT tools, but it is critical to the operation of the vehicle. Leaders and operators who can capture and make sense of this data unquestionably have a competitive edge. 

“The real-time awareness of potential cyber threats during a mission is important for the success of the mission and the safety of the vehicle and crew.”

 “Whether it is an F-22 or a C-17, the protection of attack aircraft and those providing logistical support is vital.The real-time awareness of potential cyber threats during a mission is important for the success of the mission and the safety of the vehicle and crew. If military vehicles (aircraft, ships, and trucks) are disabled we will not be able to continue the fight,” said Taglieri.

The first step is getting full visibility into the weapon system or aircraft. It’s impossible to analyze what you can’t see. And because so much of this data flows through serial networks, it’s essential to expand visibility beyond traditional TCP/IP components to get the depth and breadth of knowledge to manage risks not only on the vehicles of today, but also on those of the next generation. ”

Observation 3: Attacks against Onboard Operational Technology are a question of “when,” not “if.”

Nobody thinks that something bad will happen to them until it does. Leaders must ensure that technology is in place to provide detection, alerting, identification, and remediation for the onboard operational technology networks in their area of operations.

“They need to capture and define the threat to determine the right course of action. They need to ask if the tools to accomplish this are in place today, do they have the latest updates, are the technicians are trained to operate the equipment and understand the output/data to ensure the proper signatures and dashboards are created, and if checklists are in place to ensure the right actions will be taken to minimize any operational impacts,” Taglieri said.  “Being able to distinguish cyber attacks from non-cyber equipment failures or degradation will also reduce maintenance costs and increase mission readiness.”

This information should be raised to senior leadership to ensure the security and availability of onboard operational technology is included in the evaluation of the organization’s overall readiness.

“… rail operators could be caught unaware and unprepared for threats against onboard OT networks and devices such as Engine Control Units, braking systems, and other essential components.”


It’s well past time to expand our notion of cybersecurity to the extended cyber terrain, which includes the onboard operational technology that powers our weapon systems and military aircraft. Ultimately this empowers our uniformed cyber forces to maneuver effectively within today’s threat landscape.

For more information about Shift5’s technology, including operational intelligence and cyberattack solutions for weapon systems, visit Shift5 for Defense. Follow Shift5 on Twitter and LinkedIn, and sign up for our newsletter for the latest in Shift5 news.