Bucking the trend of a cybersecurity blog beginning with bad news, we’re beginning this post with some positive news: the hunt for solutions to weapon systems vulnerabilities is finally underway. This thanks to The MITRE report (August), the GAO report (October), and Secretary Mattis’ recent launch of the Protecting Critical Technology Task Force, which fully articulate the vulnerabilities in legacy DoD weapon systems – a giant step towards problem solving, and a departure from the previous state of denial.
The GAO report concluded that the Department of Defense weapon systems are “more software dependent and networked than ever before,” and therefore are susceptible to cyberattack from software vulnerabilities as well as the increased attack surface caused by their connectivity. Even more sobering is their assessment that between 2012 and 2017, nearly all major acquisition programs that were operationally tested had mission-critical cyber vulnerabilities that adversaries could compromise. The memorandum launching the task force stated that these vulnerabilities are “eroding the lethality and survivability of our forces.”
CyberSecurity developed for INFORMATION TECHNOLOGY IS not always a fit
The complexity and critical nature of weapon systems make finding cyberhardening solutions difficult. Although a lot of cybersecurity tools exist for IT, many of them cannot be applied to weapon systems. As the GAO report also points out, even patch management is hard:
Officials from one program we met with said they are supposed to apply patches within 21 days of when they are released, but fully testing a patch can take months due to the complexity of the system.
THE COMPLEXITY OF THE MILITARY SUPPLY CHAIN INCREASES THE DIFFICULTY
The extensive DoD supply chain also contributes to the difficult task of cyberhardening. In February 2017, the report of the Defense Science Board Task Force on Cyber Supply Chain stated: “The nations’ weapons systems are at risk from the malicious insertion of defects or malware into microelectronics and embedded software, and from the latent vulnerabilities in these systems.” These exploits can be difficult to distinguish from electrical or mechanical failure, because the effects can appear as system degradation, failure, or subversion.
At any point in time, the Army holds contracts with more than 11,000 Tier 1 suppliers (primes), who furnish raw materials, equipment, and repair parts to support bases and personnel around the world. In order to maintain real-time asset visibility, the Army has to provide system access to those suppliers. This introduces vulnerabilities because each of the Tier 1 primes also has hundreds of Tier 2 and 3 suppliers supporting them.
As an example, a single Bill of Materials for the repair of an Army missile system contains parts produced by more than 2,000 vendors. Subcontractors are often an easy target for potential attackers because they may not have invested in cybersecurity. The possible result of such inaction includes changes to schedules, parts lists, and disruption of operations.
ALKEMIST ELIMINATES AN ENTIRE CLASS OF CYBERATTACKS
RunSafe Security’s Alkemist addresses the need for increased resilience, offering a proven solution for protecting software in aviation, weapons and support systems against memory corruption errors and buffer overflow exploits – the techniques attackers typically use to gain control of military systems.
Buffer overflows are one of the oldest and most common memory corruption vulnerabilities in software. Wagner et. al. estimated that over 50% of all device vulnerabilities to be due to buffer overflow. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage files, change data, disclose confidential information, shut the system down, or provide false readouts.
The application of Alkemist yields secure weapons systems, increasing mission assurance. This approach works for legacy and future systems and weapon support systems – both COTS and specialty – during manufacture, test, and maintenance. It is well-suited for the complex military supply chain. In summary, Alkemist resets the system security baseline, mitigating threats in aviation systems throughout the life cycle, from design through sustainment.
CYBERHARDEN SOFTWARE BINARIES
RunSafe Security’s Alkemist renders vulnerabilities inert via three binary transform approaches:
1) Block-level Binary Randomization (BBR) – Performs binary randomization as a post-compilation binary hardening process that randomizes memory, basic block functions, and access to third-party libraries. This logical reordering of logical layer means that malware is denied the deterministic logical structure it requires to propagate and take malicious control of code while maintaining the identical software functions as features of the initial software image.
2) Control Flow Integrity (CFI) – CFI protects against Return/Jump Oriented Programming (ROP/JOP) attacks, where existing code is called out of order to become a hacking script. This prevents malware from changing how commands are executed. CFI ensures software functions can only be executed in the order intended by restricting jumps and returns to valid points in software code.
3) Stack Frame Randomization (SFR) – SFR creates stack-level entropy by randomizing the buffer set aside for local variables when functions are instantiated on the stack. This entropy deprives an attacker of the information needed to craft a payload that weaponizes a stack overflow vulnerability. This Moving Target Defense goes beyond simple polymorphism to active, run-time defenses. SFR methods create run-time variations in the stack that can’t be replicated by built-time modifications. Conversely, one-time polymorphic defenses are still vulnerable to stack-based attacks, because code behavior converges on the stack, regardless of entropy.
RunSafe Security’s Alkemist is easy to deploy, complementing other systems. Because of its one-time software transform function, these methods can be applied when deploying a future system or when updating software on a legacy system. Alkemist is compatible with a SWaP constrained environment. It requires no software be added to a device; makes no source code modification; enables unique software credential using software hash algorithm at deployment; and works within current software footprint (memory, storage, power, and minimal overhead) so that no new hardware is required.
New approaches designed for the weapons environment, open collaboration between Government and primes, and agile development and procurement are needed to cyberharden these systems.