Security Testing for Naval Ship Combat System Software

Military weapon systems are considered as "system of systems" (SoS). They comprise various equipment based on computers and networks and have been developed using commercial computing technology for several decades. The state-of-the-art weapon systems are information technology (IT) systems, for example, the cyber-physical system. In particular, the naval combat system, which is a weapon system, is a representative system interconnecting a number of equipments by using commercial computing technology. It is a software-based complex system, which produces and shares information about naval tactical situations by interconnecting the various systems installed on ships or remote platforms. Moreover, it performs tactical combat functions automatically or manually for assigned missions. As the core function and performance of the combat system shift from being hardware-centric to software-centric, cybersecurity threats to software that can affect the combat systems may emerge as a novel issue. The failure of the combat system to perform normal combat functions in an actual naval combat situation owing to cybersecurity issues is a very serious risk to naval operations. However, software security testing is not conducted systematically during system development because the cybersecurity of the combat system is evaluated to be less important than its function and performance, resulting in the development of an insecure and vulnerable combat system against cybersecurity threats. To build a secure combat system against cyberattacks, it is important to derive systematic and practical security testing for the combat system software during system development. This paper analyzes the previous researches on a software security test, characteristics of the combat system software, and guidelines for the software security testing of the Korean military's weapon system development. In addition, it proposes improved software security testing to strengthen the cybersecurity of the combat system based on its characteristics and missions.