Raytheon [RTN] has developed a Cyber Anomaly Detection System (CADS) for aircraft that carry the MIL-STD-1553 data bus, and its commercial counterpart, ARINC-429, company executives said during an Oct. 3 briefing to discuss some of the programs that the company is to feature at the 2019 Association of the United States Army (AUSA) conference this month.
The 1553 data bus “hasn’t been updated for security,” Greg Fry, Raytheon’s cyber resiliency product manager, said of the new CADS system.
“What we’ve found is that as technology has increased and more and more COTS [commercial-off-the-shelf] products are put on aircraft, there’s more of an attack surface for cyber threats to go into the platforms,” he said.
The 1553 data bus is the internal communications pipe for avionics systems, including autopilot, GPS, and fuel valve switches among other systems and components.
Military aircraft carrying the MIL-STD-1553 data bus include the U.S. Army’s CH-47 and AH-64 helicopters by Boeing [BA], U.S. Air Force F-16 fighters by Lockheed Martin [LMT] and F-15 fighters by Boeing, and U.S. Navy F/A-18s by Boeing.
Over the last three years, Raytheon has been using internal funds to develop the system, which the company envisions as providing cyber protection for military and civilian aircraft, unmanned systems, ground vehicles and satellites. “There was some worry about different vulnerabilities in aviation platforms,” said Amanda Buchanan, Raytheon’s engineering lead for CADS. “We had some customer feedback, and they wanted to assess whether this [cyber intrusion] could be a problem, and we looked into it and said, ‘Yeah. It could be.’ Then they said how would you solve [it]. That’s kind of how this all started.”
The company is teaming with the Air Force Research Laboratory to provide hardware for CADS. Among CADS’ advantages, “versatility is a big thing, as is its customizability,” Buchanan said.
CADS “became a minimally viable product last June when the sales efforts kicked in,” Fry said. “We’re gaining traction quickly.”
CADS is designed to detect threats that come over the supply chain, for example malware that can migrate onto the data bus, through maintenance systems, and operational threats that can come either from an enemy or from a U.S. soldier inadvertently causing a cyber intrusion to propagate by plugging his malware-infected cell phone into a USB port on a Stryker vehicle, for example, Raytheon said.
The system is designed to inform pilots of cyber intrusions on aircraft systems, but the pilot must respond manually.
Raytheon said that it can adapt CADS to monitor any internal communications system beyond MIL-STD-1553 and ARINC-429.
The company is also seeking Federal Aviation Administration and military certification for a cyber defeat system to be integrated into CADS.