Zero Day Weapons

Resilient Kill Chains Through Cyber Mission Thread Analysis

During my time with the Air Force Lifecycle Management Center, I provided systems engineering support to the Air Force Cyber Engineering Directorate at the Cyber Resiliency Office for Weapon Systems. (AFLCMC EN-EZ CROWS). 

CROWS is an Air Force unit that was stood up in late 2016 in an effort to analyze the cyber vulnerabilities of fielded and future major weapons systems and report findings back to Congress. Established under the Assistant Secretary of the Air Force for Acquisition, Technology & Logistics to ensure Air Force weapon systems can perform their missions in a cyber-contested environment and under adverse conditions, CROWS is focused on advancing the cyber resiliency of weapon systems to maintain mission effectiveness. 

Analyzing Air Force Combat Missions for determined state or non-state actor cyber adversary exploits, they partner with acquisition, operational and test communities to evaluate the fielded fleet and with Program Executive Offices to prototype mitigation solutions. CROWS also delivers cyber-focused intelligence, a common security environment, education & training, and invaluable cyber focus teams dedicated to guiding acquisition directorates on cyber-related topics.  

In addition to being an excellent resource for providing the trade craft, tools & knowledge necessary to address modern cyber threats to AF weapons systems, CROWS developed the System Security Engineering Cyber Guidebook, the first major service to tackle cyber vulnerability of fielded weapon systems and address congressional committees. 

How are vulnerabilities of aircraft and weapon systems different from defending business networks and computer information systems? 

The Air Force defines cyber resilience in military systems as the ability of weapons systems to maintain mission effective capability under adversary offensive cyber operations and to manage the risk of adversary cyber intelligence exploitation. Weapon systems differ greatly from networks, computer information systems and business IT systems in ways that matter for implementing cyber resiliency. In most business situations, networks and information systems software and hardware design is usually commercial off the shelf (COTS), based on common architectures and standardized interfaces such as Windows and Linux. This is usually not the case in military systems where software and hardware design is often under government control, spans many diverse architectures, and involves customized interfaces. 

What are Air Force Business Services? 

With five core missions and 42 capabilities, the Air Force prosecutes its vision of global reach, global power and global vigilance by providing business services to Air Force customers. These business services are organized in an interdependent taxonomy of combat mission support and include mission areas such as in-air refueling, rapid global mobility, suppression of enemy air defenses  (SEAD), close air support (CAS), space situation awareness, and thirty seven (37) others.

What is Cyber Mission Thread Analysis (CMTA)? 

In PW Singers Cybersecurity and Cyber War, resiliency is defined as “understanding how the different pieces fit together and then how they can be kept together or brought back together when under attack” 

CMTA is an enterprise level approach to people, process and technology that uses a common, repeatable mission level cyber analytic risk assessment methodology to identify and evaluate ways missions can be impacted by a determined cyber adversary. The approach is to identify and prioritize candidate mission threads, apply a common repeatable framework for CMTA, and prioritize and implement recommendations where appropriate and feasible. 

Outputs produced include a prioritized list of cyber vulnerabilities across all mission areas that is briefed to new programs so they can build in resiliency, a prioritized list of cyber vulnerabilities across all mission areas that legacy programs need to fix and a prioritized list of critical capabilities the science and technology community must address. 
 
A functional level analysis is accomplished through functional decomposition and functional flow diagrams. The functional decomposition is continued to the level of supporting systems, using methods such as those in Fault Tree Analysis (FTA).  Then a ranking and triage process ensues leading to a system level analysis with functional decomposition, functional flow, and information flow diagrams. This helps determine which systems support the elements that remain after functional-level triage.  Another ranking and triage process occurs using markers including cyber separability, cyber distance, dependencies and timing. In cyber separability two systems are cyber separable from one another if no single cyber vector of attack could simultaneously degrade the functionality of both systems. This ultimately leads to insight into the highest level of cybersecurity risks across both platforms and missions, enhanced with the addition of current intelligence reporting.

What is the Air Force Cyber Campaign Plan?

LOA 1 Provide mission assurance through CMTA across core AF functions
LOA 2 Enable cyber resiliency engineering and bake into all AF programs 
LOA 3 Recruit, hire & train a cyber savvy workforce
LOA 4 Enhance weapon system adaptability and agility
LOA 5 Develop a common security environment  
LOA 6 Assess legacy systems and mitigate risks 
LOA 7 Improve intelligence for cybersecurity

The AF Cyber Campaign Plan’s (CCP) overall mission has two primary goals: “Bake in” cyber resiliency into new weapon systems and mitigate “critical” vulnerabilities in already fielded weapon systems. The group established the Cyber Resiliency Steering Group (CRSG) comprised of eight (8) voting members (SAF/AQR, LCMC, SMC, NWC, AFTC, Intel, SAF/CISO, & 24AF/CV) along with a governance body to guide the AF Cyber Campaign Plan (CCP). The AF also established a dedicated unit to manage execution under the Cyber Resiliency Office for Weapon Systems (CROWS) with a focus on executing seven (7) lines of action (see table above). The campaign will also manage and execute the NDAA 1647 Weapon System Assessments and Mitigations in coordination with acquisition, test and evaluation communities in both the Air Force and the Space Force.

Conclusion

Zero day exploits of weapon systems add to mission risk with the problem typically spanning both programming & acquisition, and operations and sustainment. A mission and platforms centric focus is necessary to ensure systems operate correctly and securely as part of a larger system of systems. Uncoordinated mitigation efforts may lead to costly inefficiencies, and risk accepted by one system is inherited across the enterprise. 

Mission oriented analysis can identify risks and potential mitigations not apparent at the platform or system level, as mitigations often need to cross Program Executive Offices (PEO’s) for integration to occur. Through the prosecution of the Air Force Cyber Campaign Plan, the CROWS will ensure cyber resiliency is baked into new weapon systems and delivers intelligence and tools to mitigate critical vulnerabilities in already fielded weapon systems.

Bibliography:

National Defense Authorization Act FY 2020 https://congress.gov/bill/116th-congress/senate-bill/1790 

United States Air Force, officially released photograph, 2019

United States Air Force, Air Force Institute of Technology, Cyber Resiliency for Aircraft and Other Weapon Systems, AFMC 2015-0084 , Distribution A; https://youtu.be/hRzx6SLmU28

Singer, P.W., Cybersecurity and Cyber War, 2013 Oxford University Press 

Tashji, David E., LOA1 Cyber Mission Thread Analysis, 2017 AFLCMC EN -EZ CROWS Distribution A

Posted in Concepts of Operations, Military Strategy | Tagged , | Leave a comment