The concept of cyber resilience can be difficult to understand; it is an abstract term, and its impacts are not always outwardly seen. To raise awareness of the risks of cyber risks to military platforms, a team was formed at Leonardo’s Cyber Security business in Bristol to create a physical demonstration of the dangers. Coined ‘Project Brick’, the five-strong team worked in an agile way – allowing creative input to improve efficiency and collaboration – to create an interactive Lego model to illustrate the inherent vulnerabilities associated with operational technology on military platforms and their potential impact.
The Lego demonstrator aircraft, based on a real-life stealth fighter jet, reinforces the message that cyber resilience is not just necessary in computers, but in all areas of modern life. As the world becomes more digitalised, with an increasing amount of interconnected electronic devices (or ‘the Internet of Things’), the intrusion gap widens.
The model provides the opportunity to highlight theoretical vulnerabilities and demonstrate the impact an adversary could accomplish without proper consideration of cyber security. In this project, the team used the specific example of a 5th Generation Fighter Jet, but this can be widened to consider other aircraft. The model takes users through a cyber kill-chain (a series of unique actions used to perform a cyber-attack) that an enemy might undertake, whilst outlining theoretical approaches in which an air platform may be exploited. The model simulates a general air platform network with a malicious adversary assuming control of air platform network nodes, then offers users an opportunity to perform an emulated attack against a subsystem, and allows them to witness the physical impact that could be delivered against it.
These approaches have all been academically researched and technically validated to ensure they are technically feasible (without revealing software-specific vulnerabilities).
Lewis, a Leonardo Graduate Cyber Security Consultant who has been involved in Project Brick since the outset, explains how the model works. “We were keen that Project Brick was able to explain to a young audience the importance of cyber security in our digital age. We wanted to paint the picture for them in a form that they would understand," he says.
“We’ve used a network of Raspberry Pis to control a series of LEDs and speakers. When an audience member plugs a USB into the cockpit, we pose this as an enemy exploiting a vulnerability in the system. A script is run on a laptop remotely which can make the sensors malfunction – causing disaster to strike.”
Gerwyn, Senior Cybersecurity Architect at our Bristol site, was keen to be involved in Project Brick after hearing about its creative way of demonstrating the constant threat of cyber-attack. Gerwyn comments: “Adversaries are always aiming to exploit and pursue potential attack vectors to achieve their objectives in one form or another – that is a constant in cyber security. Often, the variable that defines the success of an attack is the human element, in the form of attitudes towards cyber security or the knowledge they have to enforce it.
“What our graduates have done has found a really engaging way to demonstrate to the next generation of potential cyber security practitioners that the human element of cybersecurity always requires vigilance and support, as the consequences of not doing so are severe.”
October is Cyber Security Awareness Month – a collaboration between government and industry to raise awareness about digital security.