In the era of collaborative combat, how can we cyber-secure onboard defence systems that are expected to be operationally ready without fail 24/7 and have the highest standards?
Explore this series of 3 articles and learn more about how to deal with cyber threats without compromising the performance of critical systems.
Defence: cybersecurity and embedded system
A major challenge
Cybersecurity is not a new concept for Defence but, in recent years, the issue has taken on a whole new dimension. With the digitalisation of communications sytems, the challenges related to the security of transmitted data are intensifying. Yesterday’s highly compartmentalised defence systems are undergoing a massive change and are increasingly relying on data flow to improve information sharing and command decision-making. By expanding potential attack points, these interconnections, coupled with the rise of new technologies (Internet of Things, Big Data and artificial intelligence…), are redefining the scope of cybersecurity. Almost always connected, critical embedded systems are now unquestionably part of this perimeter, but their characteristics and standards require specific approaches.
With the simultaneous rise in cyber threats and the need for intra and inter-system collaboration, the challenge is to find the optimum compromise between security, performance and operational readiness. Just as too much armor can be disabling and counterproductive, too much security can make the system inoperable and unavailable. Under these conditions, how can we guarantee the security of data exchanged in the age of combat and collaborative systems? How can we meet the requirements of confidentiality, integrity, availability and traceability, the four pillars of information systems security (ISS), while responding to the constraints specific to the critical environments of defence platforms?
The news never ceases to remind us that cyber-risks are evolving at a prodigious speed. As a result, it seems impossible to express all security requirements at the specification stage. How can we anticipate the threats that could affect systems designed sometimes a decade before they are implemented and intended to operate for several years? In the same way that it is common practice to provide contracts for maintenance in operational conditions, maintenance in security conditions clauses are now becoming widespread. These require the development of systems with the capacity to evolve in order to adapt them to technological and security changes. This raises the question of when to integrate security requirements into embedded systems. Is it possible to only consider them once hardware and software development is complete? Episode 1
At the same time, we must also take into account the rapid evolution of technologies and the performance that embedded systems must deliver. For example, in order to meet current cybersecurity standards, it is imperative to maintain computing activity throughout the system. This requires higher computing power to be onboard, which has a direct impact on the system and its dimensions, and therefore on its already demanding environment (because of weight, volume, heat, humidity, etc.). At the same time, the INFOSEC requires the implementation of a third-party anti-virus, i.e. one that has not been developed by the manufacturer in charge of the embedded system. However, by constantly scanning the onboard system, this anti-virus uses computing capacity, which can call into question a basic operational requirement, namely the processing of data in real time. So how can we reconcile computing power with the cybersecurity of embedded systems? Episode 2
Finally, if performance and computing power requirements are so high today, it is because in the age of digitalisation and information exchange, combat and collaborative systems are key ways to achieve operational superiority. In the heart of complex environments, embedded systems must coexist and communicate, although they present different levels of criticality, confidentiality and protection. Under the burden of these constraints, doesn’t the security of embedded systems become a hindrance to their interoperability and operational readiness? Episode 3
In three episodes, Atos experts will review these three key issues and outline their vision for the development of embedded defence systems to sustainably address cyber threats without compromising operational capabilities.
Specialised in the design of embedded systems for defence platforms, the Air Land Sea electronics (ALSe) activity of the Atos Group develops methods and technological know-how to meet their specific cybersecurity challenges:
- comply with information systems security requirements;
- respect the specifications related to the constraints of critical environments;
- maintain the appropriate level of performance;
- guarantee the operational readiness of the systems to ensure that mission execution is not compromised.
About the authors
Norbert Di Costanzo
Chief Operating Officer and senior member of Atos scientific community
Norbert is Chief Operating Officer of Air Land Sea electronics solutions at Atos, a position he has held since 2012. Norbert is part of the Atos communities of experts specialised in advanced computing and hard/firmware.