Vehicle Electronics and Architecture (VEA) & Cyber

Advanced Cyber Testing With Virtualization

by William Wysocki; Greg Price; Steve Friedman; Adrianne Conage


The growing sophistication and emergence of widespread cyber threats today has driven the DOD to place Cyber Resiliency requirements on new and legacy defense systems. The DOD has recently garnered a massive defensive DevSecOps effort aimed at defining structured practices to unify software (Dev), Security (Sec), and operations (Ops) under the umbrella of more OpSec-driven engineering practices. According to the DOD DevSecOps practicum referenced in this document [1], “Practicing DevSecOps provides demonstrable quality and security improvements over the traditional software lifecycle, enabling application security, secure deployments, and secure operations in close alignment with mission objectives.” Modern systems often contain greater networking capability and are therefore more exposed to cyber-threats. Legacy systems were often conceived prior to the field of cyber warfare maturing, resulting in unpatched potential vulnerabilities that could be exploited through trusting computing relationships. Each type of system presents different Cyber Resiliency requirement challenges. This paper explores the power and flexibility of employing virtualization technology as a tool for cyber-focused testing on both new and legacy defense systems across the DOD.