Building Cyber Resilience – one brick at a time

14 October 2022

A team of Leonardo colleagues based at the home of the company’s Cyber Security business in Bristol has found an innovative way to highlight cyber risks using Lego, during this year’s Cyber Security Awareness month.

The concept of cyber resilience can be difficult to understand; it is an abstract term, and its impacts are not always outwardly seen. To raise awareness of the risks of cyber risks to military platforms, a team was formed at Leonardo’s Cyber Security business in Bristol to create a physical demonstration of the dangers. Coined ‘Project Brick’, the five-strong team worked in an agile way – allowing creative input to improve efficiency and collaboration – to create an interactive Lego model to illustrate the inherent vulnerabilities associated with operational technology on military platforms and their potential impact.

The Lego demonstrator aircraft, based on a real-life stealth fighter jet, reinforces the message that cyber resilience is not just necessary in computers, but in all areas of modern life. As the world becomes more digitalised, with an increasing amount of interconnected electronic devices (or ‘the Internet of Things’), the intrusion gap widens.

The model provides the opportunity to highlight theoretical vulnerabilities and demonstrate the impact an adversary could accomplish without proper consideration of cyber security. In this project, the team used the specific example of a 5th Generation Fighter Jet, but this can be widened to consider other aircraft. The model takes users through a cyber kill-chain (a series of unique actions used to perform a cyber-attack) that an enemy might undertake, whilst outlining theoretical approaches in which an air platform may be exploited. The model simulates a general air platform network with a malicious adversary assuming control of air platform network nodes, then offers users an opportunity to perform an emulated attack against a subsystem, and allows them to witness the physical impact that could be delivered against it.

These approaches have all been academically researched and technically validated to ensure they are technically feasible (without revealing software-specific vulnerabilities).

Lewis, a Leonardo Graduate Cyber Security Consultant who has been involved in Project Brick since the outset, explains how the model works. “We were keen that Project Brick was able to explain to a young audience the importance of cyber security in our digital age. We wanted to paint the picture for them in a form that they would understand," he says.

“We’ve used a network of Raspberry Pis to control a series of LEDs and speakers. When an audience member plugs a USB into the cockpit, we pose this as an enemy exploiting a vulnerability in the system. A script is run on a laptop remotely which can make the sensors malfunction – causing disaster to strike.”

Gerwyn, Senior Cybersecurity Architect at our Bristol site, was keen to be involved in Project Brick after hearing about its creative way of demonstrating the constant threat of cyber-attack. Gerwyn comments: “Adversaries are always aiming to exploit and pursue potential attack vectors to achieve their objectives in one form or another – that is a constant in cyber security. Often, the variable that defines the success of an attack is the human element, in the form of attitudes towards cyber security or the knowledge they have to enforce it. 

“What our graduates have done has found a really engaging way to demonstrate to the next generation of potential cyber security practitioners that the human element of cybersecurity always requires vigilance and support, as the consequences of not doing so are severe.”

October is Cyber Security Awareness Month – a collaboration between government and industry to raise awareness about digital security.

Meet the Project Brick team

Lewis 

I am a Graduate Cyber Security Consultant who started working at Leonardo’s Bristol site as a graduate in September 2022. Recently, I have been working on Project Brick – an exciting introduction to consultancy, regarding the creation of a deliverable that simulates cyber-attacks on a military aircraft built from Lego.

Charlie

I joined Leonardo in September 2022 as a Scrum Master (also known as a Project Manager) in the Cyber Security Division. I am actively coaching and collaborating with the team on how to implement agile principles. We are working on a 4-week timeline to deliver a model that can demonstrate a cyber-attack on a Lego aircraft.

My role is to protect the team members from impediments, whilst guiding them on best processes to ensure a smooth delivery. I implement the product vision and keep a transparent team dynamic so everyone feels they can voice their ideas and creative input.

Max 

I am a Graduate Cyber Security Consultant who graduated from University of Gloucestershire in Computer and Cyber Security. I started at Leonardo in September 2022, and I have been assigned to Project Brick, which has brought about interesting research points and built bonds within the consulting team.

Gerwyn 

I joined Leonardo in October 2021 as a Senior Cyber Security Architect. Recently, I have been working in support of a number of projects within the defence sector. As someone who enjoys the creative, problem-solving aspect of cyber security, I was keen to be involved and provide technical support for the great work everyone has done on Project Brick.

Alastair

I have been with the company since September 2022, and I am a Junior Consultant.

Within Project Brick, I held the role of master builder, to which I ensured the delivery of the Lego model that can be seen in the project.