Sectrio

Defense

Threats to air force assets too real to ignore

Threats to air force assets too real to ignore

Imagine a scenario where hackers take control of ground-based command and control systems and connected networks to either shut down a critical system or manipulate feeds leading to wrong decisions being taken on the battlefield. Communication systems, guidance systems, and situational awareness management systems could be targeted with intrusion or extended scans to exfiltrate data. An international geopolitical event may even be triggered by a cyber attack with many countries getting involved thanks to regional defense agreements. Mission level cyber-threats    During peacetime, air force teams participate in multi-geography and multi-hardware training missions. Such missions often involve exercises to test response readiness, target acquisition and engagement, tactical advantage preservation, and testing of hardware and battlefield coordination. Such exercises use dedicated communication networks where sometimes new and untested systems (from a security perspective) and hardware are added. Such hardware could have a trojan code added inadvertently through stealthy supply chains. Modification of systems during training (for compatibility with systems belonging to air force teams from other countries) could also open up new vulnerabilities. Such vulnerabilities could also open systems up for long-term scans for a potential malware insertion at a suitable time in the future. The use of old systems that may carry unpatched vulnerabilities could also contribute to an overall degradation of the overall security posture. Also read: Why IoT Security is Important for Today’s Networks? The type of mission and the number of nations involved can all contribute to the threats and risks that emerge. For instance, if the hardware diversity increases during a training exercise involving many countries, chances are that systems will be modified to ensure interoperability. This opens the system to cyber threats it may not be ready to deal with. This is why training exercises are keenly watched by adversarial nations as they could expose not just the strategic and tactical shortcomings, but such missions also bring together hardware and systems or varied origins and vintage. Training missions can therefore introduce new threats and risks to systems. These threats could play out in the long or short term and reduce the ability of an air force entity to respond to or engage an adversary in the air or on the ground.  Electronic warfare in the air – Cyberwarfare in the air Most unmanned and manned platforms have an electronic warfare suite embedded or added to them. These suites help in improving situational awareness, reducing the effectiveness of enemy radar, denying unrestricted access to the electromagnetic spectrum, misleading SAMs, electronic reconnaissance, improving stealth, or simply acquiring targets by intercepting communication. These electronic pods that house the electronic warfare suite could technically be jammed or remotely acquired by an adversarial nation’s cyberwarfare group and rendered inoperable. Nuclear capable and non-nuclear capable ballistic missiles pose another major concern for air defense planners. The guidance systems of ballistic missiles could be targeted using a software-programmable radio frequency or modified electronic warfare signals that could jam or alter an ICBM’s flight trajectory toward a target.    Electronic warfare in space – Cyberwarefare in Space Ground to space communications could be hacked into by APT actors who can then send a satellite off balance by manipulating its orbit control systems. The satellite could be made to lose its earth lock and turn into a threat to all space assets. Tracking such attacks will be a tough challenge especially if the satellite is lost or destroyed later. Considering the significance of space as a medium for communications through satellites any successful hacking will invariably lead to the shutdown of many systems on the ground including those related to GPS. Complex multi-function satellites providing various services could be sitting ducks to such cyberattacks.  Are redundancy systems part of the solution or the problem? There is a common myth about the use of redundant systems as a security layer. Nothing could be further from the truth at least in this context. Redundancy systems cannot be equated with security. In the case of a fighter jet, redundancy systems could prevent a crash in case the fly-by-wire systems are hacked into or disabled. But they do not provide any level of security to a system or render it more robust. In fact, redundancy systems could even introduce new vulnerabilities into the network as they are often picked for their ability to serve as ready backups for key systems rather than for their security robustness.      In summary, hacking of assets and networks connected with an air force could lead to: Want to learn how to secure your air force and its entire digital footprint across connected and air-gapped networks? Talk to us now. See our solution in action, book a demo now: Request Demo Try our curated threat intelligence feeds for defense entities.

Threats to air force assets too real to ignore Read More »

Cyber mistake banner 1

Securing IoT and OT: are you committing this cardinal mistake?

According to a report in the Tech Republic, companies have been relaxing their cybersecurity controls during the pandemic. While this is an obviously and patently a wrong move, research by Subex has revealed an embedded reason behind the emergence of such practices. When companies began asking employees to work from home. Cybersecurity team suddenly had to deal with an explosion of threat surfaces. Some small and medium businesses also started using untested communication and collaboration applications that compounded the security problem. With teams being distracted, hackers found it easier to slip deceptive emails through and thus began a long chain of breaches. Some of them continue to this day. Businesses often fear that security solutions could end up slowing them down. The perceived lack of digital empathy in systems and processes designed to improve cybersecurity gives businesses the impression that productivity and efficiency need to be sacrificed to secure their businesses. Even small hurdles such as a small lag in getting data are turning to be significant barriers for increasing the level of cybersecurity or enforcing it more stringently. Digital empathy, therefore, needs to underpin the development of security tools so that such perceptions are addressed. Is this true for your business as well? Defense-in-depth with digital empathy Subex Secure is a mature solution that is built with digital empathy at its core. While we offer the highest levels of IoT and OT cybersecurity, we also ensure that your employees never have to turn a function off or degrade the overall cybersecurity posture to gain efficiency. Here is a testament to this statement. Subex Secure, works for you and with you Connect with sai.kunchapu@subex.com to learn how you can address the most potent threats and vulnerabilities and become more cyber resilient. Read our latest threat landscape report to learn about cyber threats you need to know about.  

Securing IoT and OT: are you committing this cardinal mistake? Read More »

Cyber Deception banner 1

Cyber resilience through deception

Organizations are leaving no stone unturned in their effort to improve their cybersecurity posture. Be it SIEM, EDR, deep network analysis, behavioral analytics and more. Yet, there is no respite from bad actors operating with impunity. Cyber peace of mind is still elusive. Security through deception Hackers move very fast. They run scans to easily scan, determine what is exploitable, and step back before you figure out their game. It is unlikely that you will be able to match pace with their speed. So, you need cybersecurity solutions that cannot be detected and can deceive these hackers. Department of Homeland Security and NIST frameworks now mandate deception technology. MITRE has introduced the Shield knowledge base, to encourage active defense and adversary engagement approaches. Deception, tech makes it harder for attackers to find their targets and wastes their efforts while slowing down attacks. A simple example of deception is planting fake and deceptive resources embedded with stealthy capabilities abilities such as setting up a beacon in a file. When a hacker opens or copies that file an alert is triggered. When you organize a distributed deception strategy, attackers will be forced to encounter and engage deceptions realistic enough even on systems with low-risk. Their actions then trigger positive alerts that are 100 percent genuine giving cybersecurity teams enough time to stop them. Thus, deception is a proactive defense strategy that avoids the traditional wait and watch game. Deceive to defeat Such an approach to cybersecurity is a must if you want to tie-down bad actors and present a strong sense of cyber deterrence to them as part of a holistic cybersecurity strategy. By using distributed deception, you can keep your cyber adversaries chasing worthless cyber mirages while your security team takes them down. Your digital crown jewels are neatly stashed away safe from harm.   Defense-in-depth with layered digital deception Subex Secure Cyber Deception is a mature solution that is built with layered digital randomness to confuse your adversaries. It works to deceive at multiple levels including networks, assets, data and people. Thus, it keeps hackers chasing a series of endless loops of perceived valuable assets while you identify and eliminate them. Contact sai.kunchapu@subex.com to learn more about this offering Read our latest threat landscape report to learn about cyber threats you need to know about.

Cyber resilience through deception Read More »

Scroll to Top