Virtual Applications Reduce Cyber Attack Surface for Test Program Sets and Station Software

The Department of Defense (DoD) spends significant amounts of money addressing software obsolescence and compatibility across the Enterprise. Cybersecurity concerns drive constant change in operating systems (OS), software, and hardware. Automated test systems are particularly impacted by these changes because Test Program Sets (TPS) are validated to detect specific faults, and then remain unchanged. To validate efficacy, faults are inserted into avionics to confirm the TPS correctly detects and isolates the fault. Many times faults are inserted to create circuit opens or shorts by unsoldering and lifting pins. This is a lengthy, costly process requiring expert engineers and technicians, access to the avionics, and risk to damage the good avionics in the process. Future changes to TPSs or station software increase uncertainty that previously detected faults will still be correctly isolated. A technical solution is needed to reduce cyber risk, while maintaining existing TPS and station software in a known good state. This research presents Virtual Applications as a solution with widespread applicability across the DoD, Industry, and Academia. Application virtualization is a process that packages computer programs and their dependencies from the underlying OS into a single executable bundle. Applications are then isolated from the host OS. In this paper, we present the latest virtual application development by the US Navy with specific examples from the Automated Test Equipment (ATE) community. Virtual Applications allow legacy software to continue functioning on modern hardware and operating systems, limit cyberattack surface of fielded systems, reduce total ownership cost, and reduce technical risk from changes to known good software.