GUEST BLOG: Securing military embedded systems -- three challenges

Blog

February 13, 2025

As modernization continues, there are three unique challenges to securing embedded systems that will need to be addressed to enable military systems to not only perform their intended functions, but also resist cyberattacks that could compromise their integrity or availability.

1) The trillion-dollar code problem

A pressing challenge for the security of military embedded devices is the amount of existing memory-unsafe code that needs protection. Because many embedded military applications are written in C/C++, they are susceptible to memory-based vulnerabilities, which represent up to 70% of exploitable vulnerabilities in embedded software.

Over the last several years, CISA [the U.S. Cybersecurity and Infrastructure Security Agency] has emphasized the need to rewrite code into memory-safe languages to defend critical infrastructure from attack, particularly by nation-state actors. However, for the vast majority of weapons systems, rewriting code is not something that can be easily accomplished. The cost to rewrite the code base for military weapons systems would run into the billions, if not trillions, of dollars. Beyond the astronomical cost, such rewrites would require extensive testing and developer and engineering resources, potentially disrupting critical defense capabilities and preventing innovation in the capabilities brought to the field.

There are two main options to tackle this obstacle: First, work on selective rewriting by identifying and rewriting critical components in memory-safe languages like Rust. Second, apply runtime protections to protect software in the field from the exploit of memory-based vulnerabilities.

2) Safety-certified systems and security

Safety certification serves as a rigorous validation process for aviation systems. Certifications like DO-178 and DO-330 are designed to ensure the reliability of aircraft components during flight operations. However, it is crucial to note that while safety-certified code is essential, it does not inherently guarantee secure code.

With the risk of exploitation of embedded devices growing, safety and security need to be addressed concurrently. In safety-certified environments, this is easier said than done, as each line of code must be meticulously accounted for and its impact on the system thoroughly documented. Adding a new security feature to secure an aircraft engine controller, for example, would require an extensive, time-consuming certification process first.

The solution lies in developing cybersecurity solutions that can achieve safety certification. Such an advancement would be transformative for securing weapons systems, enabling the protection of critical military assets without compromising safety requirements. Until such solutions are available, development teams must deal with the complex responsibility of balancing safety and security considerations – a situation that becomes increasingly difficult as cyber risks evolve and codebases grow.

3) Securing legacy systems

A third hurdle involves securing legacy systems that remain actively deployed. Legacy systems rely on outdated software that may not be designed to withstand modern cyberthreats, leaving them vulnerable to attack due to lack of updates and compatibility issues with newer security technologies. Additionally, many of these systems are in the sustainment phase of their life cycle, during which major architectural changes are impractical or impossible. Take, for example, the A-10 – the nearly-50-year-old aircraft commonly known as the Warthog – which must implement modern security measures within severe budget constraints.

Essential steps for protecting critical assets and addressing these questions include enforcing cybersecurity requirements for systems in development, conducting thorough vulnerability assessments throughout the operational life cycle, and deploying runtime protections at the device level.

Improving the cybersecurity of embedded systems in military assets will require a shift in perspective. No system is completely immune to attack, and many deployed systems have known security issues that need attention. Organizations can get ahead of these issues now by looking for proactive security measures to protect devices and systems at runtime and by following CISA’s Secure by Design and DevSecOps best practices. Doing so will provide a path forward to significantly enhance the resilience of military embedded systems while preserving their essential operational capabilities.

Shane Fry is CTO of RunSafe Security.

RunSafe Security · https://runsafesecurity.com/