Mark Pomerleau from DefenseSystems on NAVAIR bolstering cyber defenses for weapons systems:
In a recent Broad Agency Announcement, NAVAIR’s Cyber Warfare Detachment (CWD) it is interested in research and development efforts “to fill the gaps in cyber warfare capabilities for NAVAIR weapon systems to achieve the CWD strategy,” described as “secur[ing] weapon systems able to survive and exploit cyber warfare.”
CWD—which develops and assesses cyber warfare capabilities—is mainly interested in the connectivity vulnerabilities from system to system. “[T]his BAA solicits R&D, not to simply apply IT solutions, concepts and underlying business environment assumptions, but to address cyber issues for weapon systems in a system of systems warfare environment with often intermittent or indirect ‘connectivity’ to other systems,” the request states.
Weapons systems are an often overlooked area for cyber security control sets. While technologies such as application white-listing are employed as part of HBSS, there is only limited use because the general thought is if the weapons system is not connected to the network then it is not vulnerable.
That thought could not be farther from the truth. It is vulnerable, but the risk is low compared to a device connected to a network.