Improving Cybersecurity for Weapons

March 14, 2017 by The GTech Marketing Team

Recently, Congress introduced the State Cyber Resiliency Act to better protect governments from cyber threats. In a past research brief, the RAND Corporation expressed that current policies are unsuitable for the complex and unpredictable reality of the cybersecurity environment. Peter Singer, strategist and senior fellow at the New America Foundation, believes that technology offers benefits and vulnerabilities.  "It is important for weapons to have built-in protection from the earliest phases of weapon development, even as early as the design work," he says. New policies may encourage weapons developers to prioritize cyber protections.

The Air Force Life Cycle Management Center asked RAND Project AIR FORCE (PAF) to assess how current laws and policies compared to best practices and sound principles of cybersecurity. Finally, they asked PAF for recommendations based on their results. PAF defined its mission with the following two criteria. The desired outcome of cybersecurity is to limit the amount of critical information the advisory can obtain in a successful infiltration. And a military system should maintain a certain level of operational functionality during an attack.

A review of cybersecurity literature yields that organizational design works better when it is flexible and decentralized. Outcome-based feedback is more effective than compliance-based feedback in complex and rapidly changing environments. PAF discovered that the current laws and policies fell short because they did not cover the full gamut of cybersecurity issues that result during the life cycle of a system. Accountability of cybersecurity spread over multiple organizations is precarious, and PAF noticed this too. Monitoring and feedback of cybersecurity was inefficient for effective decision-making.

PAF recommended identifying cybersecurity goals for military systems within the guidelines of the U.S. Department of Defense (DoD). Regular assessments help make cybersecurity more visible, so the organization emphasized accountability of program managers in their response to issues. PAF asked for a group of experts in cybersecurity to provide resources to small programs.