CAMP PENDLETON, Calif.—As the Nation’s preeminent expeditionary force, U.S. Marines are bringing more to the battlefield than overwhelming firepower and a fighting spirit. They are bringing sophisticated command, control, communications, computers and intelligence, or C4I, systems too. /
U.S. Marines with Marine Corps Tactical Systems Support Activity completed the first-ever extensive adversarial cyber testing of the Light Armored Vehicle, or LAV, at MCTSSA headquarters aboard Marine Corps Base Camp Pendleton Feb. 9.
The primary goal of the event was to identify any cyber vulnerabilities in the LAV and assess the potential mission impact of a vulnerability, said Capt. Brian Greunke, MCTSSA network test engineer.
“We looked at how we can disrupt the mission,” said Chim Yee, MCTSSA cyber engineer.
Adversarial cyber testing provides critical information for risk management and vulnerability mitigation, said Yee.
“As vehicle platforms change vehicle control from a purely mechanical form to a digital form, the surface area for attacks increases significantly,” said Greunke.
Greunke cited examples in the commercial sector where hackers gained access to various SUV platforms via wireless or Bluetooth capability. The Hackers planted exploit code into the vehicles’ internal computer network, taking control of physical components like the engine and wheels.
“Vulnerabilities in vehicle systems can have a very immediate, very kinetic impact,” said Greunke. “This differs from historical computer system vulnerabilities, which may have delayed or abstract impacts.”
It does not require much imagination to see the very real threat of enemy forces gaining cyber control of friendly warfighting assets, which is why the work of the MCTSSA cyber team is so relevant.
“Adversarial testing within the developmental phase can more thoroughly assess technical vulnerabilities at a stage where the program office can prioritize and address any discoveries,” said Greunke.
Future events will likely combine aspects of vehicle network analysis with more traditional computer network-based analysis, said Greunke.
“As vehicle platforms add computing power, think a Windows 10 laptop controlling comms or engine diagnostics, the attack surface will include: Windows attacks, vehicle network attacks, and proprietary hardware attacks,” said Greunke.
Test teams will need an understanding of each of these domains and an understanding of how to attack between domains, Greunke said.
The technical assessment was a requirement from the program manager for the Light Armored Vehicle, or PM LAV, at Marine Corps Systems Command.
Using the knowledge base of MCTSSA experts helps ensure LAV systems are not vulnerable to exterior influence, said Maj. Christopher Dell, PM LAV operations officer.
MCTSSA, the only elite full-scale laboratory facility operated by the Marine Corps, is a subordinate command of MCSC. MCTSSA provides test and evaluation, engineering, and deployed technical support for Marine Corps and joint service command, control, computer, communications and intelligence systems throughout all acquisition life-cycle phases.