Application of the armament cyber assessment framework
As the Army modernizes, its weapon systems are becoming increasingly more cyber dependent. This increased connectivity provides incredible opportunities, but also introduces new risks. This paper introduces the Armament Cyber Assessment Framework (ACAF), a schema for creating security assessment workflows integrated into the design process. The goal of ACAF is to introduce a security oriented mindset into the solution prior to release, and to provide meaningful results at every level. This goal is accomplished through the study and incorporation of multiple industry leading frameworks into a uniquely iterative process. ACAF is implemented for testing via the Global Vulnerability Assessment and Penetration Platform (GVAPP). GVAPP works to provide automated vulnerability information during the armament design process. It offers meaningful risk calculus to armament designers without cyber security backgrounds to mitigate potential vulnerabilities prior to fielding the system. This work focuses on military applications, but is applicable to similar civilian platform technologies.
Vulnerability scan, Security assessment, Penetration test, Red team, Military
Aidan McCarthy, Liam Furey, Keagan Smith, Daniel Hawthorne, and Raymond Blaine. 2020. Application of the armament cyber assessment framework: a security assessment methodology for military systems. In Proceedings of the 7th Symposium on Hot Topics in the Science of Security (HotSoS '20). Association for Computing Machinery, New York, NY, USA, Article 20, 1–2. https://doi.org/10.1145/3384217.3384222