VIDEO: Pentagon & Raytheon Innovate New "Cyberresilience" Tools
By Kris Osborn - Warrior Maven
(Washington D.C.) The flight trajectory of ICBMs, targeting accuracy of an Abrams tank 120mm cannon, sharing of enemy location intelligence in real time or the decreasing of critical sensor-to-shooter times for small arms, missile attacks, bomber strikes and other weapons systems … increasingly rely ….. on computer systems.
Therefore, the scope of impacts potentially delivered through cyberattacks continues to multiply in an exponential fashion, thus helping to explain the Pentagon’s current massive push to innovate new cyber resiliency tactics, techniques and technologies.
Part of the equation pertains to a recognition that cyber defenses must continue, if not even accelerate and increase in intensity, after an attacker succeeds in gaining some kind of access or privilege on a system. This dynamic forms the key premise of cyber resilience which, unlike a pure cybersecurity approach, looks at cyberdefense beyond the perimeter or initial points of entry and boundaries of protection. The two are intertwined, yet cybersecurity and cyber resiliency are also somewhat distinct for this reason.
“A lot of technologies are focused on preventing attacks. We have put together technologies to recover files or recover critical memory. If an attack were to be detected, we want to fight through that attack and recover a system’s critical functions. Our R&D pushes the envelope in that direction,” Jacob Noffke, Principal Cyber Engineer, Raytheon Intelligence and Space, told Warrior in an interview.
Given these realities, cyber resiliency needs to be multipronged, meaning protections need to involve various aspects of the system, such as hardware, software, operating system functionality and methods, and networks in a coordinated manner.
Noffke explained that Raytheon is now working internally on some new innovations aimed at securing both access to data through a cryptographically oriented hardware device called Boot Shield and an operating system information verification system called Countervail. The plan is to further refine these systems and collaborate with or offer them to the US military services.
“Cyber resiliency involves many emerging requirements and is more than just hardening a system. Advanced adversaries will eventually find a way to gain access to a system, so it is critical for components of computing ecosystems to determine information they receive is authentic,” Noffke said.
While to a certain extent it seems self-evident or even obvious, yet securing data flow between systems, platforms and combat “nodes” continues to take on new levels of urgency, given that AI-empowered technologies, unmanned systems and advanced networking are exponentially improving sensor to shooter time. Data itself is, not surprisingly, increasingly itself becoming a cherished weapon of war. Intelligence information has of course always been of indescribable value, yet the current ability to change the “speed,” efficiency and precision of the combat-sensitive data transmission is fast evolving as a uniquely modern technical phenomena.
The Army’ recent Project Convergence at Yuma Proving Grounds, Ariz., showed that the service now has the capacity to decrease sensor to shooter time from minutes … down to seconds. The breakthrough developments in Arizona could easily be characterized as contributing to a large portion of the Army’s involvement in the Pentagon’s Joint All Domain Command and Control (JADC2) effort.
Army program managers say the intent is “to integrate data management capability to better enable data flow across our networks, which will be critical as sensor to shooter data increases as part of CJADC2. Technology being explored includes AI/ML capability, cloud data storage at the edge, advanced tactical servers and processors and cross domain solutions,” Paul Mehney, Director of Communications, PEO C3T, told Warrior.
Accomplishing these tasks not only relies upon the secure “transmission” of data but must also enable strong protection of the data systems and computer processing mechanisms themselves. Many weapons developers now recognizing the growing complexity with which cyber defense technologies have been forced to embrace, a circumstance which continues to drive new industry innovators to find new generations of protection technologies.
Therefore, U.S. weapons systems can no longer rely purely upon cybersecurity methods to stop hackers from taking over control systems, jamming information flow, derailing precision guidance systems or simply stealing sensitive data. The answer to the massive increase in sophistication and efficacy of enemy cyber attacks is multi-faceted, with a large portion of it involving efforts to move toward new methods of ensuring cyber resiliency, meaning ways to fight off or diffuse an attack once an intruder has gained access.
The cyber challenges are across the board inspiring industry to increasingly do their own internal research and development aimed at uncovering innovations of potential relevance to the war on cyberattacks.
One emerging technology is Raytheon’s Countervail, somewhat of an off-the-shelf technology focused on preserving data reliability and operating system functional integrity.
“Countervail can detect and recover critical files in real time and make sure that the things that are being loaded into memory are the things that you intended to be there. Countervail ensures systems in the field operate as designed. It protects system configuration and locks it in place,” Noffke said.
The application works by comparing any changes attempted by an intruder against a baseline to prevent any “baseline modifications.” Countervail’s threat model assumes the adversary has bypassed NIST 800-53 controls and has gained root level access to a system… and then protects against these attackers,” a Raytheon whitepaper on Countervail says.
Cyber attackers are innovating new attack tactics at an alarming rate, at times shifting attacks beyond the operating system to “lower points in the technology stack,” such as the boot code or basic hardware infrastructure of a computer itself.
In tandem with Countervail, Raytheon cyber engineers and scientists have developed a new small form-factor physical card called Boot Shield. The card has its own microprocessor and plugs in or attaches to a computer to both encrypt and authenticate part of the boot code, Noffke explained.
“We can leverage Boot Shield to store critical data and validate what countervail is seeing on the system. We layer these solutions together so an adversary does not have to just defeat something in the operating system but also a hardware security mechanism. We combine these two to fight through an attack,” he added.
The concept, according to a Raytheon paper on Boot Shield, is to prevent “embedded exploits” from enabling intruders an opportunity to “inject malicious code into hardware and firmware before security tools like virus scanners can even boot up.”
Boot Shield can be described in terms of what’s called a Root of Trust, a reliable source within a cryptographic system which often includes a hardened hardware module, such as Boot Shield.
“Cryptographic security is dependent upon keys to encrypt and decrypt data and perform functions such as generating digital signatures and verifying signatures,” according to an essay on Root of Trust in a publication called [N Cipher, now ENTRUST.](https://www.ncipher.com/faq/hardware-security-modules/what-root-trust#:~:text=Root%20of%20Trust%20(RoT%29%20is,include%20a%20hardened%20hardware%20module)
“Layered” cyber resiliency is the goal, according to Noffke, who explained that Raytheon’s operating system technologies such as Countervail are, by design, intended to fortify and interoperate with other methods such as Boot Shield.
Boot Shield and Countervail, when deployed together, provides “runtime memory monitoring of operating system internals and sensitive code elements,” a Raytheon paper explains.
Kris Osborn is the defense editor for the National Interest*. Osborn previously served at the Pentagon as a Highly Qualified Expert with the Office of the Assistant Secretary of the Army—Acquisition, Logistics & Technology. Osborn has also worked as an anchor and on-air military specialist at national TV networks. He has appeared as a guest military expert on Fox News, MSNBC, The Military Channel, and The History Channel. He also has a Masters Degree in Comparative Literature from Columbia University.*