A study on the application of RMF for weapon systems in Korea

Abstract

With the advent of the Fourth Revolution, military weapon systems are also being advanced. In particular, as the proportion of software embedded in these weapon systems increases, the cyber vulnerabilities of advanced weapon systems also gradually increase. If cutting-edge weapons stop abruptly or malfunction owing to software defects or cyberattacks, they will adversely affect defense security as well as combat power and economic losses. The U.S. DoD is implementing the risk management framework (RMF) to cope with cyber vulnerabilities and threats. RMF is a risk management (RM)-based framework that classifies the cyber vulnerabilities of weapon systems based on data and evaluates them according to confidentiality, integrity, and availability. The application of RMF to the Korean military's weapon-system acquisition procedure is still in its infancy. In this study, we studied the application of the RMF to weapon acquisition processors in the U.S. DoD and suggested that measures of availability, reliability, and safety that can affect weapon performance should be managed with security, and that security systems should be applied to reliability, availability, and maintenance (RAM).