U.S. weapons systems can no longer rely purely upon cybersecurity methods to stop hackers from taking over control systems, jamming information flow, derailing precision guidance systems or simply stealing sensitive data. The answer to the massive increase in sophistication and efficacy of enemy cyberattacks is multi-faceted, with a large portion of it involving efforts to move toward new methods of ensuring cyber resiliency, meaning ways to fight off or diffuse an attack once an intruder has gained access.
The cyber challenges are across the board, inspiring industry to increasingly do their own internal research and development aimed at uncovering innovations of potential relevance to the war on cyberattacks.
For example, one emerging technology is Raytheon’s Countervail, somewhat of an off-the-shelf technology focused on preserving data reliability and operating system functional integrity.
“Countervail can detect and recover critical files in real time and make sure that the things that are being loaded into memory are the things that you intended to be there. Countervail ensures systems in the field operate as designed. It protects system configuration and locks it in place,” Jacob Noffke, principal cyber engineer, Raytheon Intelligence and Space, told Warrior in an interview.
“The application works by comparing any changes attempted by an intruder against a baseline to prevent any ‘baseline modifications.’ Countervail’s threat model assumes the adversary has bypassed NIST 800-53 controls and has gained root level access to a system… and then protects against these attackers,” a Raytheon whitepaper on Countervail says.
Cyber attackers are innovating new attack tactics at an alarming rate, at times shifting attacks beyond the operating system to “lower points in the technology stack,” such as the boot code or basic hardware infrastructure of a computer itself.
In tandem with Countervail, Raytheon cyber engineers and scientists have developed a new small form-factor physical card called Boot Shield. The card has its own microprocessor and plugs in or attaches to a computer to both encrypt and authenticate part of the boot code, Noffke explained.
“We can leverage Boot Shield to store critical data and validate what countervail is seeing on the system. We layer these solutions together so an adversary does not have to just defeat something in the operating system but also a hardware security mechanism. We combine these two to fight through an attack,” he added.
The concept, according to a Raytheon paper on Boot Shield, is to prevent “embedded exploits” from enabling intruders an opportunity to “inject malicious code into hardware and firmware before security tools like virus scanners can even boot up.”
Boot Shield can be described in terms of what’s called a Root of Trust, a reliable source within a cryptographic system which often includes a hardened hardware module, such as Boot Shield.
“Cryptographic security is dependent upon keys to encrypt and decrypt data and perform functions such as generating digital signatures and verifying signatures,” according to an essay on Root of Trust in a publication called N Cipher, now ENTRUST.
“Layered” cyber resiliency is the goal, according to Noffke, who explained that Raytheon’s operating system technologies such as Countervail are, by design, intended to fortify and interoperate with other methods such as Boot Shield.
Boot Shield and Countervail, when deployed together, provides “runtime memory monitoring of operating system internals and sensitive code elements,” a Raytheon paper explains.