It is impossible to open a newspaper, turn on a television, or visit a news website these days without being barraged with cybersecurity related news. Every domain is being attacked, penetrated, and impacted by cyber-crime and the range, complexity, and frequency of attacks is expanding daily. Across the board we face a wide range of adversaries from disgruntled employees to nation states that are bent on taking our critical systems down temporarily or permanently. Avionics systems are not immune from this and over the past several years, cybersecurity policies and the Risk Management Framework (DoD 8510.01) approach to securing US cyber systems, have been maturing and rapidly growing in adoption. However, many in the avionics community remain uninformed regarding the impacts of these new policies and initiatives to their systems nor how best to ensure they are taking a practical and efficient approach to implementing them. Gone are the days of a magic box that all of the security requirements are allocated to. Modern Cybersecurity is a systems discipline and cuts across the entire avionics suite. This paper will introduce the Risk Management Framework (RMF) and Cybersecurity and discuss what they are, how we got here, how they are related, and how they are impacting and will impact legacy and future avionics systems on tactical military aircraft. The paper will present some observations and best practices associated with application of Cybersecurity and RMF to avionics. It will also include some benefits of safety critical designs toward cyber-hardening and where safety and security are mutually exclusive. It will touch briefly on some impacts to avionics systems related to hot Cybersecurity topics such as HBSS (Host Based Security System), STIGs (Security Technical Implementation Guides), Static code analysis, DoD PKI (Department of Defense Public Key Infrastructure), electronic delivery, and insider threats. The paper will include a perspective on the development environment, the deployed systems, and deployment sites and how RMF and Cybersecurity impact both the contractor and the DoD customer related to these perspectives….Read more

Posted by Rockwell Collins