DoD Tackles Vehicle Cybersecurity at ‘Mad Hacks’

ALGORITHMIC WARFARE CYBERSECURITY

DoD Tackles Vehicle Cybersecurity at ‘Mad Hacks’

4/20/2021
By Yasmin Tadjdeh

Illustration: Getty

The U.S. military relies on its fleet of vehicles to transport troops and gear across battlefields, but their importance could make them prime targets for cyberattacks in a future conflict.

To better cyber-harden vulnerable platforms, the National Security Innovation Network — which works to attract new talent to solve defense challenges and is nestled under the Defense Innovation Unit — recently held a virtual “hackathon” and pitch day called “Mad Hacks: Fury Code,” a play on the name of the famous Mad Max: Fury Road movie.

NSIN worked alongside Army partners at the 1st Cavalry Division, Combat Capabilities Development Command’s Ground Vehicle Systems Center and the Next-Generation Combat Vehicles cross-functional team at Futures Command. Additionally, schools — such as the University of California at Berkeley, University of Washington, San Diego State University and Georgia Tech — and industry members like Dell took part, according to organizers.

Maj. Mitch Sanik, force integration officer with the Army’s 1st Cavalry Division, illustrated the challenge posed to participants:

“Imagine this: It’s the year 2030 and a major natural disaster has stricken a friendly country,” he said in a promo video for the event. “The affected nation — a long-time ally — has requested U.S. military assistance to aid in their recovery. U.S. Army forces — including elements of 1st Cavalry Division — are called up.”

The host nation is undergoing political unrest and prior to the natural disaster, separatist groups had begun disrupting the government and attacking key public infrastructure and military facilities, Sanik said of the fictional scenario.

“The primary objective of response teams is to deliver medical supplies, food and water to the afflicted population,” he said. “Given the political instabilities, a convoy consisting of 1st Cavalry soldiers is assembled to accomplish the mission. ... The convoy consists of supply trucks, personnel carriers, and a handful of their recently fielded optionally manned fighting vehicles.”

These platforms feature both autonomous and semi-autonomous operating modes and are designed to be protected from many forms of cyberattacks. However, it is possible that there are built-in vulnerabilities, he noted.

The components supporting these vehicles rely on commercial protocols and communication standards, such as controller area network and vehicle-to-vehicle, which offer little to no communication security, Sanik said. The use of both wired and wireless communication also poses an additional risk when in close proximity to adversarial forces.

Sanik asked participants to consider a number of questions as they developed solutions, including how operators will know a vehicle is compromised, what are the next steps if it is, and how can the military ensure the mission can continue.

“Is there a way to return the vehicle to its ‘factory state’ while still operating?” he asked. “Are there redundancies that could be built in to help personnel keep the mission on track? How would you regain control of a compromised vehicle if there is limited connectivity?”
Phil Smith, cyber vehicular sciences division chief at the Ground Vehicles Systems Center, said the three focus areas of the challenge were resiliency, situational awareness, and sustainment and recovery.

Officials asked teams to develop concepts, technologies or systems that could help human-controlled and autonomous vehicles operate through cyberattacks or electronic warfare interference and return to a “known good state” with or without human intervention.

“The example scenario we came up with was really tied to the optionally manned fighting vehicle and robotic combat vehicle programs,” said Kedar Pavgi, program manager for NSIN’s hacks office. “Cybersecurity is at the core of both of those programs and one of the concerns is that if these vehicles are compromised, they still have a job to get done. … So how would you design potential countermeasures in a way where they can still accomplish a mission, but the operator knows that ... this cyberattack is happening?”

The event wasn’t about penetration testing, but rather coming up with novel solutions for the problem, he said in an interview.

Nine teams were selected from more than 500 hackathon registrants to present their ideas during a pitch event in late February. Judges from industry and the military evaluated the solutions.

The winning teams — which were made up of academia, ventures and startups — shared a pot of $70,000 to continue developing their solutions.

The grand prize-winning team — which took home $25,000 — was Distributed Spectrum, which created a radio frequency threat detection system.

Their “solution will detect cyberattacks in the radio spectrum in real time,” according to NSIN. The system “identifies enemy transmissions designed to disrupt vehicle operations and determine the threat they pose to the vehicle’s safety.”

The group was made up of students Alex Wulff, Isaac Struhl and Ben Harpe.

Three other teams — Base8, Koala-Proof and Synergy — took home prizes of $15,000.

The intent is for the winning teams to continue to collaborate with the Army on their concepts, Pavgi said.

There are organizations on board right now that are working on the issue, he said.

His message for the winners? “Stay in touch with them, use their feedback to continue developing your solution,” he said. “One day we want your solution to be included as they develop their vehicles and bring their programs into fruition.”

Topics: Cyber, Cybersecurity, Infotech, Information Technology

Comments (0)

Name *

Email *

Comment *

Please enter the text displayed in the image.

Characters *

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

I have read the legal notice.

Find an Article VIEW ALL ARTICLES