FAST
Framework for Avionics Security TestingOverview
Vigilant Cyber Systems has implemented the Framework for Avionics Security Testing (FAST).
FAST is a software tool that reduces the complexity of testing the cyber security of Aircraft and Weapons (A&W) systems. Vigilant has reduced this complexity by carefully implementing FAST to enable cyber testers to rapidly identify, validate, and report vulnerabilities by abstracting the complexity of testing A&W systems into a simple and intuitive tool.
FAST is a software tool that reduces the complexity of testing the cyber security of Aircraft and Weapons (A&W) systems. Vigilant has reduced this complexity by carefully implementing FAST to enable cyber testers to rapidly identify, validate, and report vulnerabilities by abstracting the complexity of testing A&W systems into a simple and intuitive tool.
Problem
Air Force cyber testers are asked to protect A&W systems from cyber attack by identifying and
verifying vulnerabilities in target systems. They are given a few days to perform a test on a target. Our testers need
tools designed and built to maximize their ability to search for, validate, and report cyber vulnerabilities during
these valuable test windows. Time spent by testers wrestling with restrictive proprietary software, complex
hardware interfaces, vendor licenses, and other distractions reduce the security of the aircraft and weapons which
our Airmen use to Fly, Fight, and Win.
verifying vulnerabilities in target systems. They are given a few days to perform a test on a target. Our testers need
tools designed and built to maximize their ability to search for, validate, and report cyber vulnerabilities during
these valuable test windows. Time spent by testers wrestling with restrictive proprietary software, complex
hardware interfaces, vendor licenses, and other distractions reduce the security of the aircraft and weapons which
our Airmen use to Fly, Fight, and Win.
Solution
Vigilant has designed a modular system that avoids vendor lock-in, removes low level protocol and hardware complexity, and provides a simple method to customize functionality. The design implements three interfaces: User Interface, Hardware Interface, Scripting Interface.
One Window
The User Interface provides a consistent user experience regardless of what bus protocol or hardware device is being used. It allows all testers to access the target system through a single host running the FAST core application. Any number of users can interact with the target using a graphical or command line interface. Replication of work is reduced, a single hardware device can support multiple testers, and all data is logged and stored for review.
Any Device
FAST removes hardware complexity and vendor lock-in by implementing a Hardware Interface that
translates vendor APIs into FAST core functionality. FAST unlocks the capabilities of vendor hardware by interacting using powerful low level vendor APIs instead of relying on proprietary vendor software applications.
translates vendor APIs into FAST core functionality. FAST unlocks the capabilities of vendor hardware by interacting using powerful low level vendor APIs instead of relying on proprietary vendor software applications.
No Restrictions
The Scripting Interface provides fully customizable access to all FAST capabilities. The ability
to modify or create functionality during a test is a critical tool for cyber testers. Every target system is unique. Despite extensive preparation there are always unforseen complications once testing begins. The Scripting Interface provides a simple and fexible method of creating functionality or adjusting tools to enable a successful test regardless of unforseen complications.
to modify or create functionality during a test is a critical tool for cyber testers. Every target system is unique. Despite extensive preparation there are always unforseen complications once testing begins. The Scripting Interface provides a simple and fexible method of creating functionality or adjusting tools to enable a successful test regardless of unforseen complications.
Vigilant has been executing A&W tests for multiple years in support of the 47th CTS and has developed multiple internal tools to address shortcomings in test tools. FAST is the carefully crafted result of years of testing experience combined with years of software development experience. FAST is completely focused on empowering the tester while eliminating the difficulties of hardware vendors and the complexities of A&W testing.