Raytheon System Would Warn Military Aviation Units of Cyber-Hijacking Attempts

FacebookXPinterestEmailEmailEmailShare
Col. Stephen Gwinn, 103rd Airlift Wing commander, Master Sgt. Justin Taylor, 118th Airlift Squadron flight engineer, and Lt. Col. Neal Byrne, 103rd Maintenance Squadron commander, complete preflight checklists in the cockpit of a C-130H Hercules assigned to the 103rd Airlift Wing, Bradley Air National Guard Base, East Granby, Conn. Aug. 8, 2019. (U.S. Air National Guard photo/Steven Tucker)
Col. Stephen Gwinn, 103rd Airlift Wing commander, Master Sgt. Justin Taylor, 118th Airlift Squadron flight engineer, and Lt. Col. Neal Byrne, 103rd Maintenance Squadron commander, complete preflight checklists in the cockpit of a C-130H Hercules assigned to the 103rd Airlift Wing, Bradley Air National Guard Base, East Granby, Conn. Aug. 8, 2019. (U.S. Air National Guard photo/Steven Tucker)

As adversaries like Russia and China continue to hack U.S. networks and up their game in sophisticated techniques that can disrupt battlefield weapons or aircraft, one defense company says it has a solution to detect hacks in real time and warn troops in the fight.

Raytheon Co. on Thursday showed off its Cyber Anomaly Detection System, or CADS, which when applied to an aircraft or ground vehicles, can check for abnormal behavior and cyberattacks.

The Defense Department asked the contractor to examine the latest "vulnerabilities in aviation platforms," said Amanda Buchanan, CADS engineering lead.

"They wanted us to assess if this could be a [widespread] problem," Buchanan said Thursday at the company's media demonstration in Arlington, Virginia.

Related: Bell Unveils New '360 Invictus' Attack Helicopter for Army's Future Wars

Greg Fry, cyber-resiliency product manager at Raytheon, explained that a '1553 bus,' a common power and communication supply that connects functions such as autopilot, GPS, fuel valve switches and other avionics equipment, is particularly vulnerable to hackers.

"There's more of an attack surface for cyber threats to go into the platforms," Fry said, adding the bus system -- which in some cases dates back to the 1970s -- hasn't had adequate protections put in place.

Attacks could come wirelessly into the cockpit, or through a direct connection -- something as simple as plugging in a cell phone with suspicious software on it that can disrupt operations, he said.

CADS essentially spots the malware. During a simulation exercise, Fry demonstrated how CADS identified the anomaly as it entered the system on a helicopter.

The attacker's goal was to shut down the engines, Buchanan said. The software immediately detected the malware and alerted Fry, who was acting as the helicopter pilot, and informed him where it came from, what was affected and how to best maneuver the aircraft in response.

"Basically were trying to give the pilot the information about what's happening internally on his aircraft in real time ... allowing him to make decisions to correct the problems," Buchanan said.

The CADS isn't just for aircraft.

"Any internal communication bus we can adapt our system to run on," Fry said. Strykers and Bradley Fighting Vehicles are two examples of ground systems that could integrate with CADS.

Raytheon said the system -- in development for over three years -- thus far is passive, meaning humans would have to respond to the information it provides. CADS development has been done in coordination with the Air Force Research Lab.

An autonomous CADS is in the works, Buchanan said, but still needs Federal Aviation Administration certification an additional military approvals before it can fly on aircraft.

There's also an artificial intelligence component in detecting anomalies.

"We use several different methods in combination" such as signature detection, Buchanan said.

CADS may have been able to screen for an attack that infiltrated an F-15 Eagle's Trusted Aircraft Information Download Station, known as the TADS, in August, according to company officials.

During the annual DEFCON hacker convention in Las Vegas that month, an ethical hacker group sanctioned by the Defense Department was able to penetrate the TADS, which collects imagery and other information from the jet's sensors.

"As the attackers were probing for weaknesses within the F-15 architecture, it's likely they affected some of the components' behavior on the communications bus," said Kaylin Trychon, cybersecurity spokeswoman for Raytheon.

"It is important to note that many of the components within a platform communicate on the bus at one point or another, whether it be GPS, fuel indicators, [satellite communications], etc., therefore it is highly likely that the communications bus was affected as part of the TADS exercise.

"CADS would have detected those behavioral changes and provided the information necessary to identify the attack," Trychon told Military.com.

The officials could not disclose if CADS is currently deployed on any particular U.S. equipment, but said it is customizable. Fry and Buchanan said Raytheon is looking to apply CADS to unmanned systems such as drones, satellites, and possibly even cars in the future.

"They can tailor it per platform or even per mission if they want to," Fry said.

"We have a baseline" for this technology, Buchanan said. While versatile, "we're not designing this from scratch every time," she said.

-- Oriana Pawlyk can be reached at oriana.pawlyk@military.com. Follow her on Twitter at @oriana0214.

Story Continues