LDRA
66d0b786e3b6e3db148ba042 Fig1promo

Strengthening EW Systems with Cybersecurity Measures

Sept. 9, 2024
The article discusses security challenges in electronic-warfare systems and how to address them with static analysis, coding standards, dynamic testing, and more.

What you’ll learn:

  • The state of security in electronic-warfare systems.
  • Obstacles ensuring security in EW systems, including the overlapping dependence between EW and cybersecurity.
  • How designers can address these obstacles applying advanced cybersecurity practices. 

Electronic warfare (EW) has been around since the late 1800s when the British Army used a searchlight to "bounce" Morse code signals off the clouds. By the time of World War II, both the Allies and Axis Powers extensively used EW, or what Winston Churchill termed the "Battle of the Beams."

Today, devices whose functions depend on the electromagnetic spectrum (EMS) are used by both civilian and military organizations and individuals for intelligence; communications; positioning, navigation, and timing; sensing; command and control; attack; ranging; data transmission; and information storage and processing.  The military requirement for unimpeded access to, and use of, the EMS means EW is essential for both protecting friendly operations and denying adversary operations.

The Electronic-Warfare Ecosystem

EW is the general term given to the use of electromagnetic energy to attack or defend a target. It's further categorized into electronic attack (EA), electronic protect (EP), and electronic-warfare support (ES).

EA involves the offensive use of electromagnetic-energy weapons, directed-energy weapons, or anti-radiation weapons to attack personnel, facilities, or equipment with the intent of degrading, neutralizing, or destroying enemy combat capability. The end goal of EA is to create an environment where conventional attacks on an adversary can be more effective.

EP are the defensive techniques to protect against friendly or enemy use of electromagnetic energy.1 Some EP examples include the use of spread spectrum, flare rejection logic, and frequency-hopping communications to resist jamming (Fig. 1).

ES is the tactical use of the electromagnetic spectrum to perform Intelligence, Surveillance, and Reconnaissance (ISR) on the battlefield. ES can be used to locate and identify enemy assets to prioritize their neutralization. This can be done by intercepting messages directly, or by using the EM properties of transmissions with other known enemy tactics, techniques, and procedures (TTPs) to the friendly commander’s advantage.

Cybersecurity plays a critical role in EW. The three categories of EW depend heavily on interconnected systems for Command, Control, Communication, Computers, Cyber, and ISR (C5ISR). In everyday cyberwarfare, a common attack method is to put a computer in an unstable state where the processor can be accessed and exploited to execute malicious code remotely. On the battlefield, a targeted energy attack is likely to be used to compromise computers, and if used in conjunction with a cyberattack, could compromise entire networks of systems.

>>Check out this TechXchange for similar articles and videos.

Defense Electronics Promo Horizontal
Topics

TechXchange: Defense Electronics

RF/microwave technology is at the heart of the modern defense electronics sector.

Electronic Warfare and Cybersecurity

The overlapping dependence between EW and cybersecurity poses a unique challenge to designers implementing these systems because they're simultaneously independently functioning, and yet co-dependent on each other’s stability.

Software must be constructed in a way that's immune to an EW attack. An EW attack could be used to jam a friendly network while a cyberattack is taking place simultaneously. The attack may consist of a virus or program that's uploaded to the same network and used to infiltrate the software, potentially corrupting data or exposing critical information to the attacker.

One important method to reduce vulnerabilities in software is to use static application security testing (SAST) techniques and a coding standard or a list of programming rules designed to identify and remove known attack vectors within the software (Fig. 2). Some commonly accepted coding standards are MISRA, Cert Secure Coding Standards, and CWE.

Because EW is so dependent on digital systems, it faces the same challenges it looks to exploit. Defects can be catastrophic and persistent, and the update process for the EW inventory is generally a lengthy one.

Static-analysis tools can be used on software throughout its development, allowing that analysis to be done early and often, checking code against the chosen coding standard to highlight potential security threats. This reduces the number bugs and the cost of development.

Looking further into the development lifecycle, dynamic application security testing (DAST) along with data and control coupling analysis can be helpful in identifying dependencies and vulnerabilities within software.

Dynamic analysis quickly identifies which parts of software haven't been executed, and as a result, not tested. It can also help pinpoint weaknesses and vulnerabilities such as memory leaks, buffer overflows, and race conditions. Through unit testing, the effectiveness of security controls and mechanisms can be exercised, validating inputs and verifying access control mechanisms are both implemented correctly and enforced during runtime (Fig. 3)

Complementing dynamic testing is data and control coupling analysis. Ensuring appropriate levels of separation exist between modules, and proper protocol is implemented to protect data, is paramount to a secure system.

Some common best practices to guard against cybersecurity vulnerabilities with data and control coupling include minimizing data sharing, validating and sanitizing inputs, designing for portability, and regularly monitoring data and control flows within the system.

Dynamic analysis and data and control coupling analysis tools are available that can analyze and manage all of this information and make it quick and easy for software developers to verify their software is safe and secure. This idea is also introduced via taint analysis—a method used to identify user inputs and tracked throughout the system, ensuring all possible avenues for security risks are known and understood. 

Cybersecure C5ISR Systems

Creating a robust system that resists EW attacks is a challenge. C5ISR systems are independent in their functionality, but a successful attack on one can create a waterfall effect, resulting in widespread damage.

Applying cybersecurity practices such as static analysis and using a coding standard, running dynamic analysis, unit testing software, analyzing the data and control coupling, and reviewing the taint analysis are essential for creating a more resilient system. 

Reference

1. Joint Air Power Competence Centre. (n.d.). Electronic Protective Measures. Retrieved July 15, 2024.

>>Check out this TechXchange for similar articles and videos.

Defense Electronics Promo Horizontal
Topics

TechXchange: Defense Electronics

RF/microwave technology is at the heart of the modern defense electronics sector.
About the Author

Celeste Breyer | Senior Field Application Engineer, LDRA

Celeste Breyer joined LDRA Software Solutions in 2016. She applies her expertise in the security- and safety-critical embedded industries to her role as Lead Field Application Engineer, inspiring and advocating adherence to best-practice development techniques in the automotive and other sectors. Celeste graduated from Texas A&M University in December 2013 with a degree in Aerospace Engineering.

Sponsored Recommendations

Phase-Matched Cable Assemblies

Oct. 8, 2024
Phase-matched cable assemblies are ubiquitous, and growing in popularity. Electrical length matching requirements continue to tighten and the mechanical precision of cable construction...

3 New Wideband MMIC LNAs Cover 5.5 to 20 GHz

Oct. 8, 2024
Mini-Circuits’ expanded PMA3-series of wideband, ultra-low NF MMIC amplifiers operates in ranges between 5.5 and 20 GHz.

Wideband Amplifiers Variable and Temperature-Compensated Gain

Oct. 8, 2024
Many types of RF systems and applications that span from the upper end of microwave frequencies to the lower end of mmWave have arisen in recent years. Meeting system requirements...

Wideband Peak & Average Power Sensor with 80 Msps Sample Rate

Aug. 16, 2024
Mini-Circuits’ PWR-18PWHS-RC power sensor operates from 0.05 to 18 GHz at a sample rate of 80 Msps and with an industry-leading minimum measurement range of -40 dBm in peak mode...