Bus Defender products are proven solutions for cyber protection and survivability of civil and weapons platforms using the MIL-STD-1553 data bus.
The Bus Defender product line
Peraton Labs’ 1553 Bus Defender product line delivers full lifecycle cyber resilience for military and civil platforms that utilize the 1553 data bus.
The risks
The MIL-STD-1553 data bus is widely used on fielded platforms – from commercial and military aircraft and ground vehicles, such as the M1 Abrams tank, to advanced, autonomous, weapons systems, the International Space Station, and the James Webb space telescope. Developed in the mid-1970s, MIL-STD-1553 far predates the modern era of cyberthreats and contains no security or cyber defense capability.
Systems utilizing MIL-STD-1553 data buses are demonstrably vulnerable to destructive cyberattacks from multiple entry points on aircraft, vehicles, ships, and space platforms. Successful 1553-based cyberattacks can propagate over the data bus with catastrophic results – not only mission failure and loss of life and material, but also harnessing a warfighting system to execute adversarial action. Because MIL-STD-1553 has no security, any supply chain compromise can allow unrestricted adversarial operation across the platform.
The ABCs of lifecycle cyber resilience
Protecting vulnerable platforms from 1553-based attacks requires a multi-pronged approach. The Bus Defender product line by Peraton Labs addresses the ABCs for lifecycle cyber resilience.
A is Active defense, the role of our flagship Bus Defender product for on-platform defense. Bus Defender leverages patented, sophisticated security processing algorithms to actively detect, block, and mitigate attacks in real-time. Bus Defender protects against diverse zero-day attacks, including sniffing, denial of service, exfiltration, and spoofing and impersonation, and prevents an attacker from exploiting known, but not yet patched, vulnerabilities. Bus Defender delivers a last-line of defense to ensure platform survivability by blocking a compromised line-replaceable unit (LRU) or weapons replaceable assembly (WRA) from attacking other LRUs/WRAs or conducting malicious activities via other LRUs or WRAs.
Features of Bus Defender include:
B is Before and Between mission defense, the role of our Maintenance Defender product for off-platform defense. Maintenance Defender protects data upload and maintenance, test, and diagnostic access to platforms via a 1553 bus-based maintenance port. Maintenance-related activities are particularly attractive targets for cyber criminals. Hundreds of computers and programs may directly interact with systems during depot maintenance and test, with thousands of computers and media interacting indirectly. Compromise in any one of these can be exploited. Maintenance Defender protects platforms during maintenance activities and prevents attacks such as a maintenance laptop inserting malware into an operational flight program (OFP) for loading onto an LRU/WRA.
Features of Maintenance Defender include:
C is Cyber testing and Cyber hardening, the role of our Bus Offender product. Bus Offender improves cyber resiliency, efficiently creates novel 1553-based cyberattacks, enables comprehensive cyber testing, and identifies hard-to-find vulnerabilities. Leveraging our powerful 1553 traffic generation capability, Bus Offender quickly and easily develops new attacks – including sophisticated and platform-tailored attacks – without expensive vulnerability research or requiring FPGA or C-level development.
Features of Bus Offender include:
To learn more about Bus Defender and platform cyber survivability contact [email protected] or see Bus Defender - Peraton Labs.
The Bus Defender product line
Peraton Labs’ 1553 Bus Defender product line delivers full lifecycle cyber resilience for military and civil platforms that utilize the 1553 data bus.
- Bus Defender provides active, on-platform cyber defense to defeat attacks launched or spread over the MIL-STD-1553 data bus in real-time.
- Maintenance Defender provides off-platform defense during maintenance, testing, diagnostics, and software loading and to secure the supply chain.
- Bus Offender enables rapid creation of operational 1553 attacks for comprehensive cyber testing to identify vulnerabilities at the physical and data link layers.
The risks
The MIL-STD-1553 data bus is widely used on fielded platforms – from commercial and military aircraft and ground vehicles, such as the M1 Abrams tank, to advanced, autonomous, weapons systems, the International Space Station, and the James Webb space telescope. Developed in the mid-1970s, MIL-STD-1553 far predates the modern era of cyberthreats and contains no security or cyber defense capability.
Systems utilizing MIL-STD-1553 data buses are demonstrably vulnerable to destructive cyberattacks from multiple entry points on aircraft, vehicles, ships, and space platforms. Successful 1553-based cyberattacks can propagate over the data bus with catastrophic results – not only mission failure and loss of life and material, but also harnessing a warfighting system to execute adversarial action. Because MIL-STD-1553 has no security, any supply chain compromise can allow unrestricted adversarial operation across the platform.
The ABCs of lifecycle cyber resilience
Protecting vulnerable platforms from 1553-based attacks requires a multi-pronged approach. The Bus Defender product line by Peraton Labs addresses the ABCs for lifecycle cyber resilience.
A is Active defense, the role of our flagship Bus Defender product for on-platform defense. Bus Defender leverages patented, sophisticated security processing algorithms to actively detect, block, and mitigate attacks in real-time. Bus Defender protects against diverse zero-day attacks, including sniffing, denial of service, exfiltration, and spoofing and impersonation, and prevents an attacker from exploiting known, but not yet patched, vulnerabilities. Bus Defender delivers a last-line of defense to ensure platform survivability by blocking a compromised line-replaceable unit (LRU) or weapons replaceable assembly (WRA) from attacking other LRUs/WRAs or conducting malicious activities via other LRUs or WRAs.
Features of Bus Defender include:
- Hardware-in-line module requires no modification to LRUs, WRAs, system software, or configurations; in-LRU/WRA configurations are also available
- Cannot be turned off like a software solution, making it extremely difficult for an attacker to disable
- Supports multilevel security objectives to protect against untrusted LRUs/WRAs
- Proven to defend against cyberattacks in multiple test events in System Integration Laboratories (SILs) for various aircraft, including fighter jets and helicopters, and on ground combat vehicle platforms, including by five independent DoD red teams
- Available in diverse models and can be deployed in a variety of network topologies to support platform-specific requirements
- Available internationally pursuant to Commodity Jurisdiction (CJ) determination that it is controlled for export by the Department of Commerce (i.e., not ITAR-controlled)
B is Before and Between mission defense, the role of our Maintenance Defender product for off-platform defense. Maintenance Defender protects data upload and maintenance, test, and diagnostic access to platforms via a 1553 bus-based maintenance port. Maintenance-related activities are particularly attractive targets for cyber criminals. Hundreds of computers and programs may directly interact with systems during depot maintenance and test, with thousands of computers and media interacting indirectly. Compromise in any one of these can be exploited. Maintenance Defender protects platforms during maintenance activities and prevents attacks such as a maintenance laptop inserting malware into an operational flight program (OFP) for loading onto an LRU/WRA.
Features of Maintenance Defender include:
- Secures the supply chain by preventing loading of compromised OFPs or data and blocking the intrusion of malware via automated test equipment (ATE)
- Operates transparently, requiring no modification to test equipment, platform, LRUs, or WRAs
- Manufacturable in diverse configurations—connector, hardened unit, or integrated into ATE
- Enables efficient pre-mission checks to ensure systems are running only certified code
C is Cyber testing and Cyber hardening, the role of our Bus Offender product. Bus Offender improves cyber resiliency, efficiently creates novel 1553-based cyberattacks, enables comprehensive cyber testing, and identifies hard-to-find vulnerabilities. Leveraging our powerful 1553 traffic generation capability, Bus Offender quickly and easily develops new attacks – including sophisticated and platform-tailored attacks – without expensive vulnerability research or requiring FPGA or C-level development.
Features of Bus Offender include:
- Proven ability to create dozens of platform-tailored attacks with serious impacts within a few days
- Mechanisms to create tailored attacks via actions that interact directly and conveniently with interface control document (ICD)-defined messages for specific LRUs/WRAs in the target platform
- Easily develop scenario-specific test cases (e.g., wait for landing gear to deploy)
- Physical and datalink layer fuzz testing finds bugs that application-level fuzz testers cannot find
- Allows testers to synthesize illegal 1553 waveforms and craft test cases that work with real LRUs involving data that cannot be easily generated in a lab setting
- High-level, python-based API with constructs for diverse attack techniques, 1553 traffic pattern recognition, and microcode instructions
To learn more about Bus Defender and platform cyber survivability contact [email protected] or see Bus Defender - Peraton Labs.