The US Air Force Cyber Resiliency of Weapons Systems recently awarded a contract to Shift5, a cybersecurity company that protects planes, trains, and tanks from cyberattacks.
The award is a Phase III contract that will allow Shift5 to take the next step from Phase II, which integrated commercial cybersecurity solutions onto Air Force platforms.
In Phase III, the cybersecurity firm will further advance its technology by commercializing the innovation developed through earlier phases and deploy them onto the US aerial warfare force systems.
The project intends to transform the company’s technologies into miniaturized form to allow more systems to use it, including those that are size, weight, and power sensitive.
Mitch Pionski, Shift5 head of operations, said the company is “extremely honored to start this Phase III project and our partnership with the Air Force.” He elaborated that Shift5 will secure “critical military platforms against cyberattack along with commercializing the micro-form factor technology.”
CROWS and Cybersecurity
The Air Force Cyber Resiliency of Weapons Systems (CROWS) was set up in 2016 to analyze the vulnerabilities of America’s major weapons systems. Congress fully funded the program in 2018 to begin its mission.
In a 2018 report, the US Government Accountability Office concluded that “today’s weapon systems are heavily computerized, which opens more attack opportunities for adversaries,” and flagged persistent barriers in the Department of Defense’s (DoD) efforts to incorporate cybersecurity into systems that are under development.
CROWS ensures that cybersecurity is integrated into the development of all new programs from the start and that systems maintain their cyber resiliency throughout their lifecycle.
Breach of US Military Computers
In 2008, the DoD was cyber-attacked when an infected flash drive in the Middle East penetrated secret US military computers, prompting the Pentagon to devise a new counterattack strategy dubbed Operation Buckshot Yankee, which led to the creation of the United States Cyber Command.
The then-Deputy Defense Secretary, William J. Lynn III, wrote in a 2010 article in Foreign Affairs magazine that during the 2008 attack “code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control.”
However, Lynn didn’t clarify whether the cyber spy effort, dubbed by him as the “most significant breach of US military computers ever,” succeeded in obtaining US secrets.