Abstract
Military weapon systems are considered as “system of systems” (SoS). They comprise various equipment based on computers and networks and have been developed using commercial computing technology for several decades. The state-of-the-art weapon systems are information technology (IT) systems, for example, the cyber-physical system. In particular, the naval combat system, which is a weapon system, is a representative system interconnecting a number of equipments by using commercial computing technology. It is a software-based complex system, which produces and shares information about naval tactical situations by interconnecting the various systems installed on ships or remote platforms. Moreover, it performs tactical combat functions automatically or manually for assigned missions. As the core function and performance of the combat system shift from being hardware-centric to software-centric, cybersecurity threats to software that can affect the combat systems may emerge as a novel issue. The failure of the combat system to perform normal combat functions in an actual naval combat situation owing to cybersecurity issues is a very serious risk to naval operations. However, software security testing is not conducted systematically during system development because the cybersecurity of the combat system is evaluated to be less important than its function and performance, resulting in the development of an insecure and vulnerable combat system against cybersecurity threats. To build a secure combat system against cyberattacks, it is important to derive systematic and practical security testing for the combat system software during system development. This paper analyzes the previous researches on a software security test, characteristics of the combat system software, and guidelines for the software security testing of the Korean military’s weapon system development. In addition, it proposes improved software security testing to strengthen the cybersecurity of the combat system based on its characteristics and missions.
Highlights
For several decades, military weapon systems have been developed using commercial computing technology
We propose a more effective and practically applicable software security test by improving the security test derived from a previous study, wherein the categories of software security testing and detailed subitems corresponding to the categories are defined [9]
The naval combat system is a software-centric complex weapon system integrated with the network and computer software
Summary
Military weapon systems have been developed using commercial computing technology. Software security testing is not conducted systematically during the development of weapon systems, including the combat system, because the cybersecurity of the combat system is evaluated to be less important than its function and performance. This results in the development of a combat system vulnerable to cyberattacks. In the Korean military, software security testing during system development is not mandatory for the entire weapon system installed on the platform (e.g., naval ship), including the combat system, and is only conducted for the application software of the battle management information system (e.g., C4I system and command and control system) by referencing ‘‘Guideline for software development security’’ [7], [8]. We present a direction by which the detailed security test details derived from this paper can be reflected in the design of the combat system software
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
