Countering Cybersecurity and Counterfeit Material Threats in Test Systems

Abstract

Automatic test systems designed to validate the performance of military and aerospace products have always been held to a higher standard; moreover, emerging threats to data security and instrumentation integrity continue to raise this bar. Engineers are faced with growing pressure to not only ensure that the unit under test (UUT) meets all design criteria, but that it remains safe from malicious attacks aimed at gaining access to test parameters or results, controlling of test sequences and functionality, downloading malware, or impacting functionality by way of counterfeit parts installed in instrumentation. This paper will delve into the cybersecurity issue from the perspective of the test development environment, including the use of test executives, and the challenges associated with minimizing impact to data integrity and access to control. An undetected data breach on military / aerospace automated test equipment (ATE) holds significance beyond just the test system, since mission critical electronics associated with avionics, radar, electronic warfare and missile assemblies must also be protected. One topic discussed will be the impact of adopting methods and procedures detailed in the Department of Defense s (DoD) Application Security Technical Implementation Guide, which is based on NIST documents and details how to manage and maintain a secure software-based system such as an ATE system. Another aspect of cybersecurity that is often overlooked in the world of commercial-off-the-shelf (COTS) instrumentation and switching systems is the potential impact on the UUT from substandard counterfeit parts and those embedded with malware. Concerns with counterfeit material can encompass a range of threats including the re-purposing of used parts and new knockoff parts with substandard operating characteristics represented and sold as new hardware. One of the most concerning aspects, parts intentionally infected with malware, can pose a significant risk to personnel and national security. We will discuss various strategies aimed at countering these threats, including the adoption of policies and procedures outlined in AS9100D and AS5553, which can mitigate these risks.