Are you giving away your IP? The dire need for security features in U.S. Defense electronics
Are you giving away your IP? The dire need for security features in U.S. Defense electronics
This is a subject of critical need but not one that can be discussed openly in any detail. So this article will highlight some of the reasons behind the need for integrated security features in defense electronic systems. To a large extent, these needs are captured in the Department of Defense Directive on Critical Program Identification and Protection. Why the need?
- The more an adversary knows about U.S. weapon systems, the greater opportunity exists for development of countermeasures, unintended technology transfer, and system alteration.
- U.S .technological supremacy has long been a cornerstone of our Defense capabilities.
- Cyber-attacks pose an asymmetric threat in a highly networked world and can be significantly aided with information about the underlying hardware, networking, and software.
Based on these concerns, there are a number of areas where security in defense electronics is critical:
- Anti-tamper
- Information assurance
- Trust
Anti-tamper encompasses the systems engineering activities needed to prevent and/or delay the exploitation of critical technologies in U.S. weapon systems. You can find out more about the Department of Defense’s stance and information here. In addition, the Office of Naval Research has an informative fact sheet on AT.
Information assurance are those “measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation” as defined by the Office of the Secretary of Defense.
Trust is a bit more complex. An entity is only trustworthy if there is sufficient and credible evidence leading one to believe that the system will meet a set of given requirements. Beyond this, the issue gets sensitive and not appropriate for public discussion.
No more Waivers
For the most part, all of these areas have been “requirements” from the Department of Defense for about a decade but have been challenging to implement due to issues related to legacy system architectures, procurement processes, and the lack of a mature security supply chain. As a result, some programs have received waivers from the government in order to be fielded sometimes even including sensitive Foreign Military Sales (FMS).
Going forward, the Defense Industrial Base is looking to significantly grow FMS sales. This business imperative will need to be balanced with the understanding that our FMS systems may be subject to reverse engineering that could result in the loss of militarily critical program information and technology. With this increased focus on security, waivers for programs, especially FMS, are being eliminated.
Dealing with Security Needs
As the need for secure systems has grown, some firms have opted to develop technology that is “bolted-on” in order to solve the problem. This approach sub-optimizes both the security and system performance. The best solution is to “build-in” the system architecture secure features and capabilities so primes and the DoD can enable and customize them to meet mission needs. These features encompass hardware, firmware and software capabilities.
Mercury Systems has been working closely with DoD experts and evaluation teams over the last five years in this area. Our IRAD has resulted in:
- Pre-integration of layered security building blocks
- Security and modern computing architecture
- An extensible security platform that can be personalized by programs
- The ability to leverage DoD and prime investments in security
To learn more on this and related topics, you can download a new whitepaper entitled “Secure Processing Solutions for the Defense and Intelligence Industry.”