Much of the same evolution that we’re seeing in our own vehicles – including the emergence of autonomous vehicles and smarter, more connected vehicles – is occurring, in parallel, in military vehicles and weapons platforms. There is barely a single function of a modern weapons system or military platform that isn’t highly intelligent, connected, and driven by a computer or other IT system. Location, navigation, timing, targeting, and a number of other functions and operations are all depending on network-connected systems or sensors.
Today’s weapon systems and military platforms are incredibly intelligent, network-connected and software-enabled, making it easy to keep warfighters connected and informed. This is also delivering a new level of performance and capability to the warfighter, while making them more effective and efficient at accomplishing their missions.
But it’s also making them more vulnerable to a different kind of attack.
According to a new report from one of the world’s preeminent government consultancies, Booz Allen Hamilton, the increasingly connected and IT-enabled nature of today’s weapon systems and military platforms are making them more susceptible to cyberattacks.
The report, entitled, “Managing Cyber Risk and Building Cyber Resilience in Weapon Systems,” takes a detailed look at how these systems have evolved, how that evolution is exposing them to attack, and steps that the military needs to take to protect its weapon systems and the warfighters that operate them. And the findings are somewhat frightening.
Advanced adversaries have a new avenue for attack
Network-enabling weapon systems may be generating benefits for the military and the warfighter, but it’s simultaneously opening our military platforms to an entirely new type of attack. Kinetic attacks are no longer the only way to disable a weapons system that relies on IT networks and software to operate – they can be equally disabled through cyberattacks.
More unsettling is the fact that simply disabling a weapons system could be one of the more benign impacts that a cyberattack could have on a military system or platform. There’s also the chance that an adversary could turn a weapon against its operator.
This reality has many within the military scrambling to identify the potential areas in which these weapon systems are vulnerable to cyberattacks. Unfortunately, that’s a more difficult task than it may seem.
Mission impossible: identifying vulnerable attack surface
Trying to identify the vulnerabilities in traditional IT networks is becoming increasingly difficult thanks to the proliferation of mobile endpoints and the emergence of connected sensors and the Internet of Things (IoT).
If those networks are difficult to diagnose for vulnerabilities, military platforms and weapon systems are almost impossible. That’s because military platforms are built as “systems of systems.”
The average fighter jet or military vehicle is a cobbled-together system of disparate systems designed and developed by disparate contractors and vendors – all with their own security vulnerabilities. Securing all of these systems is essential, because the most basic of functions – including the piloting of an aircraft or the steering of a ship – are often conducted through these systems interpreting data, interacting, and working together.
If the complexity of the internal systems making up a weapons system or military platform wasn’t enough, there are even more areas of cyber risk that exist outside of the weapon systems themselves.
Ultimately, the movement towards smarter, more connected, and more software-enabled weapons platforms has been a beneficial one for the military. Today’s military vehicles and platforms are more capable of effectively and efficiently accomplishing their missions than ever before. But they’re not without risk. These weapon systems may be less vulnerable to a kinetic attack, but they’re increasingly vulnerable to cyberattack. And protecting them from cyber threats will require a new approach to cybersecurity from the military.
In our next post on the Government Technology Insider, we’ll take a look at the ways in which today’s military can better defend weapon systems from cyberattack, and the changes in approach that are needed to ensure missions assurance in the face of a sophisticated cyberattack.