/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Today, aerospace and defense companies are continually challenged to deliver safe, secure, and reliable systems to satisfy complex mission-critical requirements. In a conversation with Sunil Ross, Account manager, Aerospace & Defense, Wind River India, there came up key business issues, as well as trends and developments in embedded cybersecurity. Excerpts:
CIOL: What are the trends and development in airborne software and aviation systems today?
Sunil Ross: Global aerospace and defense companies are continually challenged to deliver safe, secure, and reliable systems to satisfy complex mission-critical requirements.
In addition, the demand for increased situational awareness drives a greater array of intelligent systems, from widely dispersed remote sensors to unmanned surveillance vehicles within C4ISR systems. The resulting connectivity requires increased cybersecurity and cyber warfare capabilities.
Traditional business issues around competitive advantage, cost control, and time-to-market become more difficult to manage as the deployed systems become more complex. Risk can be reduced in these critical systems by utilizing commercial off-the-shelf (COTS) technology and open standards for greater interoperability.
Some of the key business issues are :
Consolidation: Platform consolidation has become an increasingly viable option with advancements in silicon processing power within reduced footprints and with multi-core support. Various standards like ARINC 653 and MILS have emerged to facilitate software isolation and thus better support safety and security controls on consolidated platforms.
Wind River delivers a variety of robust and flexible platform consolidation solutions with our native operating environments' expansive multi-core platform support as well as our certified high performance industry solution implementations for ARINC 653 integrated modular avionics (IMA) and Multiple Independent Sevels of Security (MILS) platforms.
Regulation: Commercial avionics software already must comply with RTCA DO-178C /EUROCAE ED-12C, but as military systems and unmanned systems start to share commercial airspace, the demand for certification of these platforms is also increasing. Intelligent platforms require a robust combination of system architecture and adaptability to survive.
Regulations around safety and security continue to evolve as the global landscape changes to encompass new threats. Regulatory bodies across avionics and defense industries are leveraging existing successful standards and processes and enhancing them to cover the growing number of threat vectors for safe and secure system operation.
Wind River delivers complete and cost-effective safety and security certification evidence for our safe and secure solutions to customers striving to contain costs and accelerate certified platform deployment.
Standardization: In order to make future platforms more affordable, there is a common desire to move toward open architecture-based systems, which would deliver improved application interoperability and portability.
Since 1981, Wind River has supported global industry standards, enabling customers to achieve the highest efficiency in product development and superior quality user experience. Use of these standards has allowed aerospace and defense suppliers to rapidly improve their system performance and reduce costs across a wide range of deployments through increased interoperability, reuse, and portability for new and existing software.
CIOL: What are the trends and developments in embedded cybersecurity?
SR: Headline-grabbing security breaches underscore the need for stronger protective measures in critical embedded systems, particularly those that control vital infrastructure, industrial operations, intelligence and defense networks, and even medical devices.
While security breaches have been occurring for many years, in today's increasingly interconnected world they are becoming more prevalent with escalating complexity challenges.
Security is constantly evolving as threats change over time. As a device becomes popular (Stuxnet targeted the market-leading PLC) or exists in the market longer, it becomes more susceptible to attack. Many devices in the past were not designed to be field programmable or accept updates without significant modifications. Those days are gone.
Devices today must be field upgradeable to not only change and improve functionality, but to deal with bugs and security issues. Including security planning in the life cycle management of your device is critical.
Security threats to embedded systems are on the rise, but awareness of the problem is also increasing. Designing secure embedded systems is a necessity, but it impacts the bottom line due to increased design and development effort.
Moreover, it's important that organizations deal with security vulnerabilities as they arise with high priority and rapid response times. Equally important is that organizations can rely on COTS vendors to do the same; these components are an integral part of the lifecycle support plan.
Therefore, the question arises is how can embedded device developers balance the need for tighter security with competing business and market demands, especially given the realities of strict budget constraints and aggressive deadlines?
Steps to consider include (but are not limited to) the following:
Plan for lifecycle support early: Security is an ongoing concern and it is important to plan for a product lifetime of security analysis, support, and patches.
Architect for change: Security updates to field products require the ability to be patched and modified over time. Designing in patching and update support is critical.
Design and test for security: Security vulnerabilities are a class of software defects -in design or implementation - and the earlier in the development lifecycle we catch them, the less costly it is to fix them and harden our system against attack. However, security testing differs from traditional requirements-driven functional testing, which is positive testing, designed to see how well the product meets the specified requirements.
Security testing is a type of negative testing focused on finding where the actual exhibits behavior not found in the specifications. Security testing must be done with a different mindset -you need to think and act like a hacker. Techniques such as fuzz testing or pinpoint penetration testing, which simulates the attack vectors used by malicious hackers, are effective tools. Given the need to balance security needs with market demands, management and automation of security testing, as well as simulation tools greatly increase embedded development productivity.
Assign high priority to security vulnerabilities and defects: Security needs to be considered a high priority in design, but also during support and maintenance. Vulnerabilities, when discovered by the security community, become public knowledge within a relatively small amount of time. Companies are given this grace period to respond and potentially patch their products.
Create a security response team: This is needed to address vulnerabilities, draft a response, communicate internally and externally, and plan for potential product updates and the delivery of changes. A security response team is usually cross functional, for example, including software and hardware development, customer support, product management, and technical publications.
CIOL: How can Wind River assist in aiding electronic systems and military communications that have become prime targets for highly sophisticated cyber-attacks?
SR: Wind River is a market leader in the aerospace and defense industry when it comes to address the embedded safety and security challenges the A&D industry faces.
Wind River provides services to help A&D systems integrators plan, develop, and manage safe, secure, reliable, and compliant mission-critical platforms. From unmanned aerial vehicles (UAVs) and ground stations to software defined radios, we help you deliver innovative solutions while staying on schedule and on budget.
Wind River offers products, solutions and customized services which encompass Wind River pre-integrated proprietary platforms, open source intellectual property, industry consortia standards, and government regulations. Our offerings cover the entire embedded development life cycle.
We offer solutions in the aerospace and defense industry and we have an established Aerospace & Defense Practice. Embedded security and Safety are the key topics we address.
Our real-time embedded A&D experts provide thought leadership in architecture assessment and program planning to help our customers. Our A&D cybersecurity services offer a unique blend of deep real-time embedded OS expertise and strong relationships with silicon providers and third-party independent software vendors (ISVs), all working together to provide guidance on solving end-to-end device-to-cloud system security challenges
Wind River Professional Services Aerospace & Defense Practice provides safety services designed to help you achieve safety compliance. We offer expert guidance on methods to develop the most technically advanced multi-core and virtualized safety certifiable systems.
CIOL: What can the Wind River VxWorks 653 platform provide?
SR: To be competitive in the aerospace and defense avionics market, device manufacturers must deliver increasingly complex products at or below budget, within constantly shrinking time frames, and often with stricter constraints on device space, weight, and power requirements. In avionics applications, human lives are often at stake-so devices must be reliable, durable, and certifiably safe.
To meet this need, the avionics industry has a specification for Integrated Modular Avionics (IMA) systems: ARINC Specification 653. Use of this internationally accepted specification enables avionics vendors and hosted-function suppliers to safely deploy multiple applications on a single hardware platform, while maintaining complete system compliance with rigorous avionics safety standards such as DO-178B, DO-254, and DO-297. Wind River offers the most complete ARINC 653 product that safely and reliably delivers an ARINC 653-compliant platform to the IMA marketplace.
Wind River VxWorks 653 Platform is fully compliant with ARINC Specification 653 Part 1, Supplement 1 and Supplement 2 and provides robust partitioning in time and space to ensure fault containment in accordance with strict IMA and ARINC 653 requirements. VxWorks 653 Platform enables reduction of size, weight, and power (SWaP) requirements, as well as the reduction of the bill of materials (BOM), on the industry's most advanced aircraft.
VxWorks 653 Platform is backed by the avionics industry's most comprehensive set of certification evidence, available as an optional product that supports all RTCA DO-178B/EUROCAE ED-12B Level A requirements.
Wind River VxWorks 653 Platform includes Wind River Workbench, a fully integrated Eclipse-based development suite optimized to support design, development, test, and certification of applications to meet RTCA DO-178B/EUROCAE ED-12B Level A.
The development suite also offers DO-178B Level A-qualified development and verification tools that assist in the application test for credit and also enable the insertion of new applications into a tested environment without forcing a retest of the entire platform. This facilitates faster deployment of ARINC 653 systems, conserving certification testing resources and significantly reducing the cost of change.
Whether your avionics application is legacy or new, Wind River VxWorks 653 Platform enables you to optimize your development process. Having a certifiable ARINC 653 commercial off-the-shelf (COTS) solution eliminates the risk of creating and certifying an operating system (OS) and
related tools for each new project.
CIOL: What can the VxWorks MILS do?
SR: It provides a secure operating system to A&D clients. Basically, creating a secure computing environment to generate high level of public trust and confidence in the electronic communication is a very key important aspect with respect to security in the cyber space. In A&D in particular, will begin by highlighting the importance of military communications per se.
The modern armed forces cannot conduct high-tempo, effective operations without reliable information and communication networks and assured access to cyberspace and space. Today defence electronic systems and their supporting infrastructure face a range of threats that may degrade, disrupt, or destroy assets.
Electronic systems in defence/military communications now can also become prime targets for highly sophisticated cyber-attacks, due to a proliferation of their connectedness, increased awareness of their inherent vulnerabilities along with the critical nature of their use. Recent attacks such as Stuxnet have led to the belief that organized crime and state-sponsored attacks are a reality - unleashing massive monetary and intellectual resources capable of creating highly sophisticated attacks.
To combat the security threats faced by companies operating in the A&D space, Wind River offers a solution called Defense Indepth. It is practical strategy to achieve information security and information assurance in today's highly networked environment.
Within the umbrella of Defense Indepth, we offer several solutions and key among it is the technology called ‘Multiple Independent Levels of Security' (MILS). Our flagship product is called as VxWorks and we offer a platform called as VxWorks MILS which means VxWorks for multiple level of independent security.
The MILS architecture enables security architects to configure the system following the principle of least privilege, which requires that each system component be granted access only to the resources needed to complete its functions. This enables the development of devices and systems that are more resilient against attacks, and better at mitigating potential damage from defective or malicious software.
Also, the MILS architecture uses a separation kernel to provide time and space partitioning, information flow control, and fault containment. By providing these capabilities, security-critical components (such as a data guard or process controller) can be separated and protected from less secure components (such as an Internet gateway or network interface) when these components run on the same hardware platform to reduce size, weight, and power (SWaP) requirements. And by reducing SWaP, MILS allows devices and systems to be more cost effective to develop, deploy, operate, and maintain.
Underscoring Wind River's commitment to delivering trusted systems with built-in security capabilities, we have just launched VxWorks MILS Platform 3.0, which implements the MILS architecture with a secure, hypervisor-based separation kernel compliant to the US Government Protection Profile for Separation Kernels in Environments Requiring High Robustness (SKPP), version 1.03.
Although NIAP has sunset the SKPP as the basis of a component-level certification process, NSA continues to recommend the use of separation kernels for security-critical systems, making VxWorks MILS Platform an appropriate choice for use in critical infrastructure sub-systems. And to support a wide range of potential evaluation activities, VxWorks MILS Platform provides a complete set of artifacts to support a system-level evaluation process, based on the internationally recognized Common Criteria.
VxWorks MILS Platform 3.0 is an ideal foundation for building secure, cost-effective, and evaluatable DCS, ICS, SCADA, and other security-critical systems. And it's available today to help secure national critical infrastructure.
CIOL: Several others are delivering next-gen secure intelligent systems. What's so different about Wind River?
SR: Wind River leads the aerospace industry by supplying highly reliable operating environments with the most complete commercial off-the-shelf (COTS) RTCA DO-178C and EUROCAE ED-12C certification evidence for our safety critical platforms. Certification evidence is delivered as a complete package on DVD in a hyperlinked format for easy navigation and traceability, easing the time and expense required by certification authorities.
The introduction of new modern processors that include multi-core technology will provide challenges for our avionics customers over the next few years as safety cases for multi-core devices are created. Wind River is leading the way in this consolidation wave with our innovative virtualization technology and support for ARINC 653 and RTCA DO-178C/EUROCAE ED-12C.
Cybersecurity is also becoming a threat to avionics systems, and all Wind River safety critical technology is designed with security in mind. With support for standards such as Common Criteria, MILS, and FIPS 140-2, our products provide a safe and secure foundation for next-generation avionics platforms
To ensure that we continue delivering superior safety critical solutions, Wind River actively participates in important standards activities like ARINC and RTCA DO-178, as well as newer ground-breaking consortiums such as Future Airborne Capability Environment (FACE), which is developing open architecture standards for safe and secure systems within the US defense industry.
Wind River has the largest ecosystem of avionics partners in the industry, enabling us to rapidly deliver high performance, integrated COTS solutions and safety critical certification support to the global avionics market. We also offer comprehensive professional services and training to expedite the delivery of certified safety critical systems.