Published Date: 2020-11-18
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident mentioned in the article happened in November 2020. [107599] Therefore, the software failure incident occurred in November 2020. |
| System | 1. Serial buses on older aircraft and combat vehicles 2. Military standard (MilSTD) 1553 data buses or commercial equivalents 3. Controller Area Network bus protocols 4. Aeronautical Radio INC 429 5. 700 and 800 series high speed avionics data buses [107599] |
| Responsible Organization | 1. Enemy cyber intruders were responsible for causing the software failure incident described in the article [107599]. |
| Impacted Organization | 1. The armored combat vehicle facing potential compromise or destruction of its attack mission due to the hacking of its on-board serial bus by enemy cyber intruders [107599]. |
| Software Causes | 1. The failure incident was caused by the hacking of the vehicle's on-board serial bus by enemy cyber intruders, leading to false, wrong, or misleading information being provided to the navigational and targeting systems [107599]. |
| Non-software Causes | 1. Physical access to the vehicle's bus allowing for interception of messages and sending rogue messages [107599] 2. Vulnerability of older aircraft and combat vehicles with low-speed serial buses lacking native security measures [107599] 3. Risks associated with older or standard data buses like MilSTD 1553 and commercial Controller Area Network bus protocols [107599] |
| Impacts | 1. The software failure incident could lead to the navigational and targeting systems of an armored combat vehicle being given false, wrong, or misleading information, potentially derailing the mission [107599]. 2. The incident could result in the on-board data flow of the vehicle being instantly jammed, denied, or disabled, compromising or even destroying an otherwise successful attack mission [107599]. 3. The vulnerability in the serial buses of older aircraft and combat vehicles could make them particularly susceptible to cyber intrusions, driving ongoing Pentagon initiatives to better safeguard data transfer using new technologies [107599]. 4. The software failure incident highlighted the need for improved security measures to protect data transfer on serial buses, with efforts such as Raytheon's Cyber Anomaly Detection System (CADS) using machine learning and advanced algorithms to identify intrusions in real-time [107599]. |
| Preventions | 1. Implementing advanced intrusion detection systems like the Cyber Anomaly Detection System (CADS) using machine learning and heuristics to identify intrusions on data buses [107599]. 2. Enhancing security measures on serial buses by leveraging new industry-developed technologies to safeguard data transfer within and between platforms [107599]. 3. Transitioning from a cybersecurity approach to a more in-depth cyber resiliency strategy to ensure the mission can continue even if an attacker gains access to the system [107599]. |
| Fixes | 1. Implementing advanced technologies like the Cyber Anomaly Detection System (CADS) by Raytheon, which uses machine learning, heuristics, and advanced algorithms to identify intrusions on data buses [107599]. 2. Enhancing security measures on serial buses by leveraging industry-developed technologies to safeguard data transfer within and between platforms [107599]. 3. Providing Electronic Warfare (EW), cyber, and network operating management tools to detect and react to threats, as well as adding software and hardware for physical protection of systems [107599]. | References | 1. Jacob Noffke, senior principal cyber engineer at Raytheon Intelligence & Space [Article 107599] 2. Michael Gilmore, former Director, Operational Test and Evaluation at DOD [Article 107599] 3. Paul Mehney, director of communications for the Army’s PEO C3T (Program Executive Office Command Control Communications-Tactical) [Article 107599] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident having happened again at one_organization: - The article discusses how Raytheon is working on engineering new methods to protect data transfer on serial buses, specifically mentioning their product called Cyber Anomaly Detection System (CADS) [107599]. - Raytheon is taking its CADS technology to the military services to help assess how it might integrate and add security to existing systems within the organization [107599]. (b) The software failure incident having happened again at multiple_organization: - The article mentions ongoing Pentagon initiatives to better safeguard data transfer using new industry-developed technologies, indicating that the issue of vulnerable serial buses is not limited to one organization but is a broader concern across multiple organizations [107599]. - The memo from Michael Gilmore, Director of Operational Test and Evaluation at DOD, highlights the risks associated with older or more standard data buses used in aircraft and vehicles, indicating a potential vulnerability across different organizations utilizing similar technologies [107599]. |
| Phase (Design/Operation) | design, operation | (a) The articles discuss the potential software failure incident related to the design phase, specifically focusing on vulnerabilities in data buses that allow for the transmission of mission-critical information within and between platforms. The incident could occur if a vehicle's on-board serial bus were hacked by enemy cyber intruders, leading to false, wrong, or misleading information being provided to the navigational and targeting systems, ultimately compromising the mission [107599]. (b) The articles also touch upon the software failure incident related to the operation phase, highlighting the risks associated with older or more standard data buses used in aircraft and combat vehicles. These systems, such as MilSTD 1553 data buses or commercial equivalents, are potentially vulnerable to cyberattacks via code and data inserted across communication protocols, emphasizing the importance of fortifying cyber defenses to protect against attacks during system operation [107599]. |
| Boundary (Internal/External) | within_system, outside_system | (a) The software failure incident discussed in the articles is primarily within_system. The incident involves the potential hacking of a vehicle's on-board serial bus by enemy cyber intruders, leading to false or misleading information being provided to the navigational and targeting systems, which could compromise or destroy a successful attack mission [107599]. The focus is on enhancing security measures within the system, such as using technologies like the Cyber Anomaly Detection System (CADS) to detect intrusions and anomalous behavior in real-time on the data buses [107599]. Additionally, the articles mention ongoing efforts to safeguard data transfer within older aircraft and combat vehicles by integrating new industry-developed technologies to address vulnerabilities in the serial buses [107599]. This highlights the importance of strengthening internal defenses to protect against potential cyberattacks originating from within the system. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: The articles discuss the potential for a software failure incident in an armored combat vehicle where the navigational and targeting systems could be given false information, leading to a compromised or failed attack mission. This scenario could occur if the vehicle's on-board serial bus were hacked by enemy cyber intruders, introducing contributing factors without human participation [107599]. (b) The software failure incident occurring due to human actions: The articles mention ongoing Pentagon initiatives to better safeguard data transfer on serial buses using new technologies due to the vulnerability of older aircraft and combat vehicles. The memo from Michael Gilmore highlighted the risks associated with cyberattacks via code and data inserted across communication protocols, indicating that human actions could introduce contributing factors leading to cyber vulnerabilities [107599]. |
| Dimension (Hardware/Software) | hardware, software | (a) The articles discuss the vulnerability of data buses on older aircraft and combat vehicles, which may be particularly vulnerable to cyberattacks due to the lack of native security measures. The vulnerability arises from the hardware aspect, specifically the older serial buses lacking built-in security features [107599]. (b) On the software side, Raytheon has developed the Cyber Anomaly Detection System (CADS) using machine learning, heuristics, and advanced algorithms to identify intrusions and detect anomalous behavior in message content, sequence, timing, and other factors. CADS acts as an intrusion detection system to identify threats related to software anomalies in data traffic moving through a serial bus [107599]. |
| Objective (Malicious/Non-malicious) | malicious | (a) The software failure incident described in the articles is related to a malicious objective. The incident involves the possibility of enemy cyber intruders hacking into a vehicle's on-board serial bus to give false information, jam data flow, and compromise the mission [107599]. The article emphasizes the need to increase security of data buses to protect against cyber intrusions and mentions the use of technologies like the Cyber Anomaly Detection System (CADS) to detect and respond to anomalous behavior on the bus. Additionally, it discusses the risks associated with cyberattacks on older or standard data buses used in aircraft and vehicles, highlighting the vulnerability of such systems to malicious code and data insertion [107599]. The focus on enhancing cyber defenses, integrating security technologies into existing systems, and transitioning to a cyber resiliency strategy further underscores the malicious nature of the software failure incident described in the articles. |
| Intent (Poor/Accidental Decisions) | unknown | The articles do not provide information about a specific software failure incident related to poor decisions or accidental decisions. Therefore, the intent of the software failure incident in this context is unknown. |
| Capability (Incompetence/Accidental) | accidental | (a) The articles do not provide information about a software failure incident related to development incompetence. (b) The articles discuss the potential for a software failure incident related to accidental factors, specifically the vulnerability of data buses on older aircraft and combat vehicles to cyberattacks. The articles highlight the risks associated with older or standard data buses, such as MilSTD 1553 data buses, being potentially vulnerable to cyberattacks via code and data inserted across communication protocols [107599]. This vulnerability could lead to accidental software failures if malicious actors exploit the lack of native security in these systems. |
| Duration | temporary | The articles discuss the potential for software failure incidents related to cyber intrusions on data buses in armored combat vehicles and aircraft. These incidents could lead to temporary failures where the navigational and targeting systems are given false information, data flow is jammed, or messages are compromised by enemy cyber intruders [107599]. The articles also highlight ongoing efforts to improve cybersecurity and cyber resilience to detect and respond to anomalous behavior in real-time, indicating a proactive approach to addressing temporary software failures. |
| Behaviour | byzantine | (a) crash: The articles do not specifically mention a software failure incident related to a crash where the system loses state and does not perform any of its intended functions. (b) omission: The articles do not specifically mention a software failure incident related to omission where the system omits to perform its intended functions at an instance(s). (c) timing: The articles do not specifically mention a software failure incident related to timing where the system performs its intended functions correctly, but too late or too early. (d) value: The articles do not specifically mention a software failure incident related to value where the system performs its intended functions incorrectly. (e) byzantine: The software failure incident described in the articles is related to a potential byzantine behavior. The incident involves the possibility of enemy cyber intruders hacking into a vehicle's on-board serial bus, giving false information, jamming data flow, and compromising the mission [107599]. (f) other: The articles do not mention any other specific behavior of a software failure incident beyond the potential byzantine behavior described above. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | sensor, network_communication, embedded_software | (a) sensor: The software failure incident discussed in the articles is related to the sensor layer of the cyber physical system. The incident involves the possibility of enemy cyber intruders hacking into a vehicle's on-board serial bus, which could lead to false navigational and targeting information being provided to the vehicle, ultimately compromising the mission [107599]. (b) actuator: There is no specific mention in the articles about the software failure incident being related to the actuator layer of the cyber physical system. (c) processing_unit: The failure is not directly attributed to the processing unit in the articles. (d) network_communication: The incident involves vulnerabilities in the data buses of older aircraft and combat vehicles, which are used for network communication. The vulnerabilities in these serial buses could be exploited by cyber intruders to compromise the mission by injecting rogue messages and affecting the system [107599]. (e) embedded_software: The failure incident is related to the embedded software error, as the cyber intruders could compromise the system by sending rogue messages and affecting the system in unintended ways through the on-board serial bus [107599]. |
| Communication | link_level | The software failure incident discussed in the articles is related to the communication layer of the cyber physical system that failed at the link_level. The incident involved the compromise of a vehicle's on-board serial bus by enemy cyber intruders, leading to false navigational and targeting information, data flow jamming, and potential mission derailment [107599]. The vulnerability of older aircraft and combat vehicles' serial buses to cyberattacks has prompted initiatives to enhance data transfer security using advanced technologies like the Cyber Anomaly Detection System (CADS) by Raytheon, which analyzes traffic on the bus in real-time to detect threats and anomalous behavior [107599]. The incident highlights the critical need to fortify cyber defenses at the communication layer to prevent such cyber intrusions and ensure the integrity of mission-critical information flow within cyber physical systems. |
| Application | FALSE | The software failure incident described in the articles was not related to the application layer of the cyber physical system. The incident discussed in the articles focused on the vulnerability of data transfer on serial buses in armored combat vehicles and aircraft, and the efforts to protect these systems from cyber intrusions. The failure was more related to cybersecurity threats and the need to enhance data bus security rather than issues at the application layer of the system [107599]. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | theoretical_consequence | (a) death: People lost their lives due to the software failure - There is no mention of people losing their lives due to the software failure incident in the provided article [107599]. (b) harm: People were physically harmed due to the software failure - The article does not mention any physical harm to individuals due to the software failure incident [107599]. (c) basic: People's access to food or shelter was impacted because of the software failure - The article does not mention any impact on people's access to food or shelter due to the software failure incident [107599]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident discussed in the article primarily focuses on the potential compromise of military vehicles and aircraft due to cyber intrusions on their data buses. There is no direct mention of people's material goods, money, or data being impacted by the software failure incident [107599]. (e) delay: People had to postpone an activity due to the software failure - The article does not mention any activities being postponed due to the software failure incident [107599]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident discussed in the article primarily pertains to the potential compromise of military vehicles and aircraft due to cyber intrusions on their data buses. The focus is on the impact on the functionality and security of these systems rather than non-human entities [107599]. (g) no_consequence: There were no real observed consequences of the software failure - The article discusses the potential consequences of a software failure incident involving the compromise of data buses on military vehicles and aircraft due to cyber intrusions. However, it does not mention any real observed consequences resulting from such incidents [107599]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The article discusses the theoretical consequences of a software failure incident, such as compromising the success of attack missions by providing false information to navigational and targeting systems of military vehicles and aircraft. It also highlights the potential vulnerabilities of older data buses on these platforms to cyber intrusions. However, there is no mention of these potential consequences actually occurring in the reported incident [107599]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - There are no other consequences of the software failure incident described in the article [107599]. |
| Domain | government | (a) The failed system was intended to support the defense industry, specifically in the context of armored combat vehicles and military operations. The incident described in the article highlights the vulnerability of data buses in combat vehicles to cyber intrusions, which could compromise mission-critical information and disrupt attack missions [107599]. (l) The failed system also has implications for the government sector, particularly in defense and national security. The article discusses how the Pentagon is initiating efforts to safeguard data transfer in military systems using new technologies to enhance cyber defenses and resilience against cyberattacks [107599]. |
Article ID: 107599