Air Force Research Lab Prototyping DevSecOps Approach for Avionics Hardware

To build aircraft and weapons systems that are cybersecure by design and hardened against hacking during development, the Air Force plans to take the radical new DevSecOps approach it has pioneered in its software factories and apply it to avionics hardware and embedded systems.

Prototyping that approach is one of the the objectives of the Air Force Research Laboratory’s Agile and Resilient Platform Architectures (ARPA) program, launched last year, which began issuing task orders in August, awarding two, each worth up to $200 million, one to Ball Aerospace and the other to Booz Allen Hamilton.

“Just like what the Air Force is doing with Platform One for software, the AFRL vision is to be able to do this for avionics, writ large,” Booz Allen Hamilton Vice President Kevin Coggins told Air Force Magazine.

The BAH task order envisions an end-to-end multivendor digital design and development architecture called an Open Digital Automated Architecture. ODA2 “combines digital engineering, software factories, and current AFRL advanced avionics architecture technologies to advance warfighting capability for current and future Air Force weapon systems,” according to a “statement of objectives from AFRL.

ODA2 is important, Coggins explains, because contemporary aircraft, often referred to as platforms, are complex systems of systems—airframe, engines, flight control, weapons—each built by different vendors, which means different, often geographically distant, or even competing, teams of engineers.

“They’re all made by different design teams who didn’t talk to one another; they’re made in different years; they’re built thinking about different cyber or other threats. And then they all come together on the platform,” Coggins said.

But that integration, the way the systems connect together, can create or reveal previously undiscovered vulnerabilities. “So you do an assessment of the platform, right after you start to fly it, and you find out you’ve got all these threats and vulnerabilities now. But to fix them, you’ve got to go back to the same vendors and their individual processes. Each one is trying to fix the same vulnerability, and it’s just not coordinated. And you are going to start spending money.

“How do you ever stay in front of the threat like that?” he asked.

ODA2 will be a collaborative environment, Coggins said: “The work we won is to set up an environment that allows you to solve that problem of time and geographies and different vendors, because they’re using common model-based system engineering [or “digital twin”] approaches, common testing procedures against known threats, and even common [software] libraries for certain things.”

Those common elements were a key part of the ODA2 value proposition, Coggins explained, because it enabled centrally devising a fix for a new vulnerability in some widely used component, for example, and then allowing it to ripple out “in a unified way across vendors and platforms. That’s what we lack today.”

Fixing a single vulnerability once, rather than separately in every different program and platform it affects, would have big cost implications, Coggins pointed out. In the current environment, “Sometimes we decide not to address a vulnerability because it’s not affordable.” The common code libraries and standardized architectures of ODA2 would “bring a lot more [vulnerabilities] into that affordable bucket.”

Common or reusable components could also help speed certification requirements and other red tape that might delay new capabilities, he said. “Through this reuse, and through this ability to test once and deploy anywhere, you can really accelerate that testing timeline.”

ODA2 will have three elements, Coggins said.

  1. The digital development environment (D2E) will enable cost savings by rigorously testing software packages and then reusing them across different avionics systems.
  2. The digitally integrated collaboration environment (DICE) is where the Air Force can lay down baseline standards, provide common software libraries or components, and test out how vendors’ solutions interact with each other.
  3. The digitally integrated flight environment (DIFE) is where digital twins of the finished platforms are put through their paces and tested. “It creates this digital environment that enables you to buy down risk across multiple avionics design projects, versus one at a time,” said Coggins.

“In the D2E, I build it,” explained Coggins. “In the DICE, I integrate it with everyone it talks to. But in the DIFE, I prove that I integrated it right and built it right.”

The five-year award is worth up to $200 million, and the work will be done in Beavercreek, Ohio, outside Dayton.