Securing systems against cyberattacks

Zero Trust helps cyber resiliency even in remote locations

cyber network switches waits to be installed by the 455th Expeditionary Communications Squadron

A wall of cyber network switches waits to be installed by the 455th Expeditionary Communications Squadron at a deployed location. Countervail and other zero-trust technologies increase resiliency against cyberattacks in remote locations by ensuring systems work as intended and that untrusted code is prevented from running on a system. (U.S. Air Force photo)

When it comes to cybersecurity, even the front lines of battle are at risk.

They're often in remote, contested areas of the world. Network capabilities are limited. And for bad actors, that's an enticing environment to exploit and compromise systems with malware, often going undetected for long stretches of time.

Raytheon Intelligence & Space has developed a technology called Countervail that increases resiliency against attacks in remote locations by ensuring that systems work as intended, and that systems never run untrusted code.

“When you’re out in the field, support equipment like laptops aren’t connected to a network for sometimes weeks and months at a time,” said Brad Bradshaw, a retired U.S. Army command sergeant major and RI&S product manager for the cyber resiliency team. “And if this technology is somehow compromised and then connected to a mission-critical system, it can introduce a whole host of vulnerabilities.”

The support equipment — usually commercial off-the-shelf items — pose unique challenges in the battlefield that can leave service members and mission-critical system vehicles and platforms isolated and exposed.

“Ancillary and secondary systems don’t get a lot of attention, yet they touch critical systems,” said Jacob Noffke, senior principal cyber engineer for RI&S, a Raytheon Technologies business. “We have to get away from the notion that they’re not important or they’re not an attack vector because those [COTS systems] can be used to pivot attacks against a mission-critical system such as a weapon system.”

That’s why it’s important to implement a data-centric and zero-trust framework, Noffke said. A zero-trust architecture assumes an organization's network is compromised, and it denies access by default.

“An adversary doesn’t have to do a lot of work to compromise a COTS system,” Noffke said. “It’s easy to introduce things like malware through a USB port and many of these remote systems aren’t in use for a while. It can be [the bad actor’s] foot in the door to attack critical systems and impact data on those platforms.”

Countervail’s goal is to protect the configuration and integrity of the operating system, data and applications.

For example, laptops are usually general-purpose machines. But in the context of a weapons system, they can be configured to run a specific mission such as processing data and pushing it to a launcher, Noffke explained.

“It’s a general-purpose machine, but our job is to make it mission specific. We strip it down and lay tools like Countervail over it, ensuring the machine only does the job that it’s intended to do,” Noffke said.

These systems have vital jobs to play, but like most technology, they’re susceptible to attack, Noffke explained.

“When they send equipment out into the field, operators often don’t know if there’s a compromise until there’s an audit or something happens,” Noffke said. “So Countervail actively prevents an attacker from deleting, moving or changing files.”

Even if an attacker has gained administrator privileges, they can’t simply just turn off Countervail.

“You have to have these protections in place in case systems in the battlespace fall into enemy hands — potentially exposing valuable assets,” explained Bradshaw.

And as cyber experts are actively protecting systems, hackers are relentlessly refining their tactics and deploying new mutations of malware strains and attacks.

Implementing a layered approach to a network’s security bolsters the resiliency of a system’s defenses.

For example, Countervail — a software solution — works with hardware solutions like RI&S’ Boot Shield, which protects against attacks at the boot level before the operating system turns on. If attackers inject malicious code into the hardware or firmware layer, common security tools like virus scanners may fail to detect it. Without Boot Shield, the malware could continue to lurk in the firmware layer and even survive complete system reinstalls.

“Nowadays, you can’t simply rely on one solution,” Noffke said. “You need multiple solutions to create a holistic defense.”

In this case, these solutions work together: Boot Shield protects the system from when it powers on until Countervail takes over. And then they continue to talk to each other as the system runs, Noffke explained.

“These are the things that combatant commanders need to think about in the field,” Bradshaw said, reflecting on his Army service. “It’s a matter of national security, and a multi-layered solution can boost the resiliency of an entire network operation.”

Published On: 07/28/2020