Ultra Electronics 3eTi

Endpoint Cybersecurity: Mission-Critical Concerns and Solutions

June 13th, 2018 / By

Military field command and control has outgrown analog and the short-wave radio. Today, its home is the cloud with an increasing dependence on public and private internet platforms. America’s modern military base, like most civilian industrial facilities, is an intricately interconnected complex that often is a model of efficiency. Within its vast ecosystem blending internet-based networks and industrial control systems (ICS), new mobile and other technologies improve time and cost savings through functions that can now be automated and executed remotely.

This isn’t entirely good news. While efficient, and easy to access from nearly anywhere, these networks—whether civilian or government operated—are favored targets of cyber-enemies to our economy, and a growing underground of tech-savvy criminal syndicates. Security experts warn daily of the catastrophic consequences that await our critical infrastructure if long-overlooked gaps in industrial cybersecurity remain unaddressed.

As observed by researchers with IOActive, “The idea of putting your logging, monitoring, and even supervisory/control functions in the cloud does not sound as crazy as it did several years ago.” They also found that the combination of SCADA systems and mobile applications—those commonly found in military ICS networks—could ultimately prove unsafe, to say the least. As these researchers put it, “convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS from a brand-new Android [device].”[1]

One notoriously under-secured sector of the ICS is the network endpoint. For DoD and organizations in the private sector, endpoints crisscross our critical infrastructure and include mobile devices, servers, sensors and more in an array of computing environments ranging from small field posts to large ships, and even aircraft. Many of these endpoints are connected directly or indirectly to the internet. Yet they are often defenseless against malware that breaches standard firewalls and is built specifically to attack endpoints.

IP networks are becoming more widely used because of their convenience and availability. They are increasingly relied upon for a wide range of communications. But IP nets have opened communication and operations to serious cyber-threats. The typical defense against these threats is based on standard system architectures tying together office PCs.

Intrusion detection and malware defenses for these systems are mostly limited to blocking known intrusions, and only for the PCs attached to the systems. The endpoints—such as the sensors that monitor equipment temperature, facility lighting or alarms at a nuclear facility—are left vulnerable should a hacker get past a network firewall.

Challenges and Risks

Advanced cybersecurity guards the often-overlooked components of a critical network; it extends protection to the simple, limited-purpose devices that enable machine-to-machine (M2M) communications. Think of GPS devices or gadgets that count steps. They usually work via WiFi or Bluetooth that are entry points for cyber-criminals. In the military, these devices might be temperature sensors, vehicle trackers, cameras or power meters. They may also be smart phones.

There is now a near endless collection of sensors embedded into industrial control networks for purposes that include thermal imaging, radar tracking and climate control. These sensors’ limited-purpose design means that they can’t be upgraded to protect against malware. As a result, cyber-attacks specifically targeting this vulnerability can cause severe damage to the critical infrastructure that drives energy and power grids, transportation systems, airports and more.

US defense organizations recognize the risks. They have worked to implement more deeply-layered security that extends protection beyond the standard firewall to guard the endpoints past the PC.

Military-Grade Solutions

One cybersecurity approach used by DHS and DoD is to secure the endpoints of machine-to-machine networks through intelligent devices that plug directly into the network. They essentially wrap a firewall around each endpoint. If malware crosses the network, the cybersecurity devices will control how the endpoint communicates and responds.

The solution is to immediately and completely encrypt the rudimentary computing power of these simple pieces of equipment. Agencies focused on national security are expanding their use such deep-packet inspection (DPI) tools to safeguard the controls that handle, for example, the automatic loading and firing of weapons.

Operators of critical networks in the private sector have been slower to follow the defense sector’s best-practices. A next-generation approach should be widely embraced across the public and private sectors to secure the tens of millions of endpoints that keep Americans safe, healthy, mobile and employed.

Following the military’s approach, endpoint security tools should be built on open standards—for both Windows and other operating systems. They should be able to defend against persistent threats by accurately identifying malware upon its arrival and return an appropriate response before an attack can be launched.

The preferred tools of DoD are lightweight and basically plug-and-play. They have minimal impact on IT operations because they don’t interfere with a network’s existing architecture.

Such solutions exist and are in wide use at numerous military facilities. They also have proven effective. The private sector could have avoided many its most severe, and costly, breaches had it better addressed vulnerable endpoints.

About the Author

Deborah Lee James is the 23rd secretary of the US Air Force and a special advisor to Ultra Electronics, 3eTI. She leads a wide range of strategic initiatives for 3eTI with a focus on defense-oriented programs that improve operations while cyber securing automated system endpoints. A recognized authority on strategic defense systems and operations, James has offered her expertise as a source for numerous national broadcast and print news outlets.

[1]SCADA and Mobile Security in the IoT Era,” by Alexander Bolshev, IOActive, and Ivan Yushkevich, Embedi, January 11, 2018.