Michael Kushin is senior vice president at CACI International Inc.

The federal government has taken significant steps to overhaul the testing and evaluation of information technology networks and traditional computer systems to improve the cybersecurity posture of Information Systems (IS).

The National Institute of Standards and Technology has developed new frameworks and methodologies to manage information system risk, rather than just using compliance to enforce security requirements. Additionally, requirements are being pushed to industry to "build in, not bolt on" cybersecurity defense into their products and systems. However, the need to introduce similar changes for platform security, (i.e. aircraft, armament, command and control systems, etc.) has never been greater. This applies to new platforms being developed as well as legacy platforms and programs expected to be part of our defense for the foreseeable future.

Many of the current platforms and systems in operation were not tested to address today's cyber threats. Cyber bad actors utilize techniques and tradecraft against all aspects of a platform, whether it be against communications channels, onboard system buses, or interconnection points with traditional IT networks. What had been previously viewed as not possible and therefore not tested is now a vulnerability point, and a platform is only as strong as its weakest point.

The government must embark on an urgent effort to assess, characterize, and develop mitigation techniques against identified threats, using a playbook designed to current cyber methods. This should be done independent of, but in conjunction with, the platform provider and the testing and evaluation community to get a comprehensive picture of our posture and risk. A great first step is the CyberUL type agency the administration is establishing to provide product testing, but it must extend to platforms as well as products.

We continue to be surprised when a new hack goes public, and the risks continue to grow larger and more threatening. Eventually (or hopefully) technology will be created that eliminates or minimizes the cyber threats to our defense and everyday lives. In the meantime, let's know where we stand so we can build resilience into our platforms and systems.

Share:
In Other News
Load More