Cyberattacks on U.S. Navy weapons systems by Chinese, Russians and other foes are unrelenting, occur every day -- and are increasing in frequency and sophistication.
Defeating these threats has goaded the Navy into boosting research in three areas to better protect its weapons systems from these sustained cyberattacks. Naval Air Systems Command said this move is the first step in cybersecurity quality control that should have already been done for mission systems.
Research into protecting the Navy's weapons systems follows reports the United States Armed Forces suffers from sustained cyberattacks. In December 2018, a report by the Inspector General found that some personnel in the Pentagon didn't take basic cybersecurity steps to protect ballistic missile systems.
A report from the Government Accountability Office (GAO) released in October 2018 found that "nearly all" American missiles, jets, ships, and lethal equipment in development are vulnerable to cyberattacks.
Three of the research areas the Navy wants to improve more on are dynamic reconfiguration; deception tactics and Artificial Intelligence (AI).
Dynamic reconfiguration is defined by the National Institute of Standards and Technology (NIST) as "changes to router rules, access control lists, intrusion detection/prevention system parameters, and filter rules for firewalls and gateways."
NIST noted that organizations perform dynamic reconfiguration of information systems, for example, to stop attacks, to misdirect attackers, and to isolate components of systems, thus limiting the extent of the damage from breaches or compromises.
A new approach to dynamic reconfiguration tactics can lead to the successful development of learning models that identify specific classes of malware such as ransomware.
Deception tactics are as old as military science but new when it comes to cyberwarfare. The Navy wants to boost understanding of denial and deception tactics to better secure its weapons systems.
It's looking at a 10-step process for planning and executing deception operations. Military researchers said leveraging classical denial and deception techniques to understand the specifics of adversary attacks enables an organization to build an active, threat-based cyber defense.
The use of deceptive software and hardware in cybersecurity, however, is still in its infancy. Many techniques lack rigorous experimental measures of effectiveness, while information is insufficient to determine how defensive deception changes attacker behavior.
The widespread use of Artificial Intelligence is the common denominator of the federal government's investment in cybersecurity. The Navy has embraced AI since its Task Force Cyber Awakening project was launched in 2015.
"We see that the more we automate our networks and the more we use machines to do the heavy lifting, the better. Our brains do not have the intellectual capacity to process all of that information," said Rear Adm. Danelle Barrett, Navy Cyber Security Division Director.
