Retired admiral William E. (Bill) Leigher, Raytheon's Government Cyber Solutions Director, characterizes a principal challenge of aircraft cybersecurity like this: "buses were build to trust everything that comes over them." In this respect at least, the challenge bears some interesting similarities to those encountered in securing the industrial Internet-of-things.
About two-and-a-half years ago the US Department of Defense began considering cyber at the platform level. Before that, the Department tended, Leigher said, to take the familiar network-level approach. Experiments testing vulnerabilities at the platform level, however, led to formation of the Navy's Task Force Cyber Wakening and the Air Force's counterpart, Task Force Cyber Secure. The testing was conducted in laboratories, ships, and elsewhere to wee whether a red team could breach systems' defenses, and, if they could, what they'd be able to do once they were inside. These Task Forces have begun to contribute to operating technology requirements.
Like a radar detection system
In response to the needs these evaluations exposed, Raytheon has been working on a cyberattack detection system for aircraft that goes beyond the sort of checklist approach network security has tended to evolve in response to, for example, the widely used NIST Framework. (The value of the NIST Framework isn't in doubt, but it's by no means a panacea, either, as NIST would be the first to point out.) Platforms like aircraft have a distinctive signal flow, with predictable priorities being assigned to different kinds of traffic. Traffic related to safety typically has the highest priority. As Leigher put in, taking a simple automotive example, a car's systems will make sure the brakes work before they deal with the horn.
Raytheon is equipping the standard 1553 data bus used aboard military aircraft with an intrusion detection system. It's currently like an early radar detection system, and as its development continues it will evolve beyond that, at least as far as providing downloads for maintenance systems. It's not yet a cyber countermeasure system (a challenging task, particularly in a single-seat aircraft) but it does make a contribution to situational awareness.
Looking to the future of aircraft cybersecurity systems
Leigher said that engineers need to expand their vision of cybersecurity within the context of the underlying mission. The security systems that are developed will have to be inserted into legacy platforms, and that's necessarily a painstaking process.
He sees extensive automation as inevitable if aircrews are to acquire effective awareness of their cyber environment and the ability to survive and accomplish their mission in the face of opposition. Raytheon participated in and learned a great deal from the DARPA Grand Challenge. Machine learning is clearly the next big thing. Leigher drew an analogy between cybersecurity and weather forecasting: both require aggregating and making sense of vast amounts of data from disparate sources.
He would put Raytheon's system (a demonstration of which they were running on a flight simulator at their exhibit) at, roughly, TRL 5. They've partnered with Bayshore Networks on this and on other projects, and of course Raytheon has its own in-house cybersecurity capability in its Forcepoint unit.