Artificial intelligence (AI) and data defense at the application level, rather than the network level, may feature prominently in the future of aerospace cyber security.
For example, the North Atlantic Treaty Organization’s (NATO) IST-152 Research and Technology Group on Autonomous Intelligent Agents for Cyber Resilience has been looking into an Autonomous Intelligent Cyberdefense Agent (AICA) approach.
Underpinning AICA is the philosophy that centralized, human-directed cyber defense for aerospace platforms is not feasible in future conflicts.
Paul Theron, a cyber resilience scientist with Thales and a member of IST-152, believes that “the future of cyber-attacks is likely to rely on autonomous intelligent cyber-weapons” and thus that “an autonomous cyber defense is required, acting at the speed and scale of systems and attacks.” In effect, Theron says, “goodware will fight malware.”
AI-generated cyber attacks represent a significant potential challenge and may be able to breach secure information systems rapidly.
In the United States, a so-called Zero Trust Architecture (ZTA) for cybersecurity has been gaining traction, and the House Appropriations Committee is encouraging the pentagon to move toward it.
“The committee encourages the Secretary of Defense to implement a Zero Trust Architecture to increase its cybersecurity posture and enhance the department’s ability to protect its systems and data,” according to report language on the committee’s version of the fiscal year 2021 defense spending bill.
“The Air Force is aggressively pursuing a Zero Trust strategy and our senior leaders have recognized the necessity to change how the DoD operates in and through cyberspace to counter an increasingly effective cyber adversary,” Air Force Brig. Gen. Chad Raduege, ACC’s director for cyberspace and information dominance, wrote in an email to the Future of Aerospace. “Zero Trust concepts enhance the Air Force’s ability to protect our data, while also enabling mission agility and mobility. Each of the DoD Service Cyber Components, including Air Force Cyber (AFCYBER), are developing and executing Zero Trust pilots to refine strategies intent to rapidly implement Zero Trust architectures and strategies across the Air Force.”
ZTA assumes networks are compromised and instead focuses on the defense of applications’ data. Zero Trust holds promise in deterring and defeating cyber threats from nations and hackers, ACC said.
Last January, MITRE Corp. held an “ACC Zero-Trust Summit” at MITRE offices in Hampton, Va., to discuss the architecture with ACC and companies, such as Google, Microsoft, Unisys, Cisco, and Palo Alto Networks, Inc.
ACC Commander Gen. James “Mike” Holmes has backed ZTA and is planning a course ahead for the architecture.
“From a defensive perspective, we want to rapidly transition from network edge defense to data defense,” Air Force Lt. Gen. Timothy Haugh, commander of 16th Air Force, Air Forces Cyber, and Joint Force Headquarters-Cyber, told a Mitchell Institute for Aerospace Studies’ virtual discussion on July 15.
The Air Force’s move from network defense to data defense “is central to many of the things that Gen. Holmes has pushed us in terms of expecting us to go with Zero Trust,” Haugh said. “That changes a number of things: our architecture, how we approach it, how we train airmen, and also which things we can automate and which things we need to still defend with the human to be able to translate that.”
ZTA uses open-source container-orchestration systems, such as the Cloud Native Computing Foundation’s (CNCF) Kubernetes, for improving cybersecurity through the automation of computer application deployment, scaling, and management.
Nicolas Chaillan, who has been the Air Force’s first Chief Software Officer since 2018 under Air Force Acquisition Chief Will Roper, told a CNCF audience last November that before he helped establish the DoD DevSecOps (development, security, and operations) reference design, the Pentagon had been using “Waterfall” software methodologies that led to the slow fielding of software–once every three to 10 years.
Last fall, the SoniKube team at Hill AFB, Utah installed Kubernetes on legacy hardware aboard a Lockheed Martin F-16 fighter within 45 days and demonstrated the functioning of Kubernetes on the F-16 for Roper. Chaillan said that the testing marked a step toward allowing the jets to adopt improved warfighting capabilities quickly to respond to needs in the field.
ACC’s Directorate of Cyberspace and Information Dominance (A6) is taking the lead on ZTA, which will likely use Identity Credential Access Management (ICAM) and Common Access Card (CAC) credentials to help identify those trying to access Air Force information systems, which systems, and the source point of the access.