Weapon Systems Cybersecurity Training Bootcamp
DOD’s weapons are more computerized and networked than ever before.
Automation and connectivity are fundamental enablers of DOD’s modern military capabilities. However, they make weapon systems more vulnerable to cyberattacks.
In one eye opening demonstration, testers playing the role of adversaries were able to take control of systems relatively easily and operate largely undetected.
Not long ago, the Government Accounting Office (GAO) was asked to review the state of the DOD’s weapons systems’ cybersecurity. Their findings were not encouraging.
The GAO findings included statements such as:
- “DOD faces mounting challenges in protecting its weapon systems from increasingly sophisticated cyber threats”
- “In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development”
- “Program officials GAO met with believed their systems were secure and discounted some test results as unrealistic”
Given the scale of DOD’s acquisition programs ($1.66 trillion) and the importance of a weapon systems supporting critical missions like nuclear command and control and position – the cybersecurity problem is large and complex.
DOD has subsequently taken several steps to improve weapon systems cybersecurity, including issuing and revising policies and guidance to better incorporate cybersecurity considerations. DOD, as directed by Congress, has also begun initiatives to better understand and address cyber vulnerabilities.
On the technology front, a lot is riding on AI applications and software being deployed to reduce the military’s vulnerability to cyberattacks.
Another tech defense receiving a lot of attention is autonomic computing, which focuses on vulnerability detection in binary code to thwart vulnerabilities in firmware, libraries and third party code.
Autonomic computing is a computer’s ability to manage itself automatically through adaptive technologies that further computing capabilities and cut down on the time required by computer professionals to resolve system difficulties and other maintenance such as software updates.
Ongoing research is beginning to pay dividends as autonomic intelligent software runtime environment with self-awareness monitors for deviations from expected behavior, assessing mission health, and reacting to preserve the system’s functionality.
What this does for a weapons system is raise alerts, initiates recovery processes, or shuts down a system in order to protect critical data and keep it out of reach of cybercriminals.
Weapon Systems Cybersecurity Training Bootcamp by Tonex
Weapon Systems Cybersecurity Training Bootcamp is a 3-day interactive training course covers everything from core weapon systems to Network Enabled Weapon (NEW) system cybersecurity.
Participants will learn about mounting challenges in protecting weapon systems from increasingly sophisticated cyber threats. This state is due to the computerized nature of weapon systems; Learn how to develop more secure weapon systems, perform risk assessment and cybersecurity test and evaluation. Modern weapon systems are more software dependent and more networked than ever before.
In operational testing, you can routinely find mission-critical cyber vulnerabilities in systems under development. Using relatively simple tools and techniques, we will show you how you are able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management, policy enforcement, unencrypted communications etc.. In addition, known vulnerabilities more likely represent a fraction of total vulnerabilities due to testing limitations and poor evaluation.
Topics:
Capabilities of Modern Military Enterprises
- DoD’s weapon system modernization
- Scale of Vulnerabilities
- Embedded software
- Basics of weapon systems physical
- Fundamentals of cyber physical system design
Weapon Systems and Cyber Physical System
- Weapon systems and cyber physical system modeling
- Weapon systems and cyber physical system simulation
- Weapon systems and cyber physical design and analysis
- Computerized nature of weapon systems
- Weapon systems vulnerabilities
- Prioritizing weapon systems cybersecurity
- Tools and techniques to of develop more secure weapon systems.
- Weapon systems software dependent
- Weapon systems and embedded system dependent
- Weapon systems networking fundamentals
Vulnerabilities in Weapons and Weapon System of Systems (SoS)
- Adversaries advanced cyber-espionage and cyber-attack capabilities
- Cyber resilient weapon systems
- Weapon systems cybersecurity test reports, policies, and guidance
- Examples of Types of Cyber Attacks
- Roles and Responsibilities for Cybersecurity
- Key characteristics of adversary threat tiers, actors and surfaces
- Risks associated with software and networking
Network Enabled Weapons (NEW)
- Basics of TDLs
- JTIDS / MIDS architecture
- JTIDS / MIDS channels, frequencies and waveform
- TDLs and Link 16/JTIDS / MIDS networks
- Link 16 weapons management
- Weapons coordination and management
- Weapon system control
- Weapon system and network management
- J-Messages for NEW
- JREAP
- VMF
- Link 11 and 22
- JTRS, TTNT and MUOS
- MADL
Weapon Systems Cybersecurity Policies and Guidance for Defense Acquisition Programs and Systems
- Cybersecurity Activities
- DOT&E Cybersecurity Procedures
- Weapon Systems Cybersecurity Test and Evaluation Overview
- Weapon Systems Cybersecurity T&E Phases Overview
- Weapon Systems Cybersecurity Threat Assessments
- Integrated Testing
- Phase 1: Understand Cybersecurity Requirements (and Plan for T&E)
- Phase 2: Characterize the Cyber-Attack Surface 31
- Phase 3: Cooperative Vulnerability Identification
- Phase 4: Adversarial Cybersecurity DT&E
- Phase 5: Cooperative Vulnerability and Penetration Assessment
- Phase 6: Adversarial Assessment
- Guidance for the Weapon Systems Cybersecurity
- Considerations for Staffing Cybersecurity T&E Activities
- Considerations for Software Assurance Testing
- Considerations for Cybersecurity Requirements and Measures
Workshop and Exercises
- Examples of Types of Cyber Attacks
- Analysis of Vulnerabilities and Threats
- Selected Roles and Responsibilities for Cybersecurity
- Steps to improve weapon systems cybersecurity
- Issuing and revising policies and guidance to better incorporate cybersecurity considerations
- Tools to address cyber vulnerabilities
- Cybersecurity workforce challenges and difficulties
- Sharing information and lessons about vulnerabilities
- Key Activities in Cyber Attacks and Cyber Defense
- Cybersecurity Test and Evaluation (T&E)
Embedded Software and Information Technology Systems - Weapons interfaces
- MIL-STD-1760
- Development Test and Evaluation (DT&E)
- Operational Test and Evaluation (OT&E)
Weapon Systems Cybersecurity Training Bootcamp