Abstract
The vulnerability footprint for complex systems includes many potential vectors for compromising the data integrity, system functionality, flight worthiness, and availability. The point of intrusion could occur years prior to fielding the system through the introduction of hardware with “hooks” for a future attack. For support equipment with common operating systems, the footprint available to those with hostile intent is greater. The quantity of users which have contact or near contact with the support equipment amplifies the vulnerability of the complex system. Not all support equipment has a digital or software component. While purely mechanical fixtures have a lower cybersecurity risk, they are not immune. Often they are manufactured or refurbished using automatic test equipment which could be affected resulting an imperceptible defect in the support equipment's performance. We describe a methodology to measure and assess the cybersecurity risk of complex system or a fleet of complex systems in response to the support equipment footprint, which interfaces with the system. This approach combines information from two key databases. The first database characterizes the information flow and interfaces between the subsystems to include the support equipment. The second database describes the critical, open-ended interface points for an attack against the support equipment. The critical parameters can include the type of operating system, the number of exposed ports and their types, and the presence of wireless interfaces. We define impact parameters for the case where a subsystem is compromised. Similarly, we define risk parameters for the support equipment based on criteria which is a function of the susceptibility of the technology employed within the support equipment. As in reliability analyses, we construct a network of the relationships between the subsystems and the support equipment. We can compute the two-dimensional risk-impact relationship for a given support equipment item to the subsystem or to the complete system. This approach can be extended to compute a fleet level risk and impact for all of the support equipment.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
