A completely unclassified training environment available to engineers, suppliers and customers teaches product security skills and principles while under the guise of supporting real-world scientific collection missions in contested and uncontested environments. Known as the Mobile Optical Ultrasonic Sensor Explorer, or MOUSE, this low-cost, unmanned, remotely piloted terrestrial vehicle was designed to emulate critical mission capabilities — such as data links, sensors and vehicle management — that often are classified in real-world implementations. 

A virtual environment shows the Mobile Optical Ultrasonic Sensor Explorer, or MOUSE, in action during a remotely delivered training session. (CT Cubed Inc. image)

Cybersecurity traditionally has been measured at the end of system development, during the test and evaluation stage — after a system has been built. This could mean costly rework and schedule delays to address any vulnerabilities discovered, which has a domino effect when supplier components are involved.

As Boeing continues to design, build and deliver the latest capabilities to global defense customers, these systems continue to be at great risk of disruption from an adversary’s cyberattacks. 

“Evaluating cyber-risk is an extension of evaluating safety,” said Amy Reiss, Boeing Senior Technical Fellow. “The further left in the product life-cycle we can iterate for increased security, the better it becomes for everyone involved.”

In recent years, Boeing Product Security engineers have developed the Cybersecurity Maturation Methodology, or CMM, to address the challenge of constantly evolving cyberthreats to platform security, and to accelerate development of these platforms by consolidating complex security standards into an executable security approach.

To date, more than 115 Boeing engineers have been trained on CMM through the company’s new interactive hands-on course, which can use either physical or virtual training robots to give participants relevant platform security training in support of government contracts.

As part of the mission profile data provided, students receive an operational view of the MOUSE platform in a simulated mission environment. (CT Cubed Inc. image)

Tanner Franklin, a senior Product Security engineer at Boeing in El Segundo, California, recently completed the course. “It is a course that largely covers what would normally encompass skills gained over the course of years,” Franklin said. “I think ALL product security folks, no matter time in company, should take this class.”

Thanks to a recent contract with cybersecurity services and consulting company CT Cubed, Boeing’s CMM course is now available to suppliers and government customers in a continued effort to increase security through the company’s supply chain and customer base.

Interested in learning more?

The CMM course is available to Boeing’s product cybersecurity engineers, systems engineers, mission system software developers, their associated managers, and suppliers. Lasting only one week, it can be delivered with high-quality live instruction virtually or in person, facilitated by skilled individuals who are experienced in running hands-on and technically thorough practical training.

Students will learn realistic threats to embedded systems environments, current adversary tactics and appropriate selection of security controls within a financially constrained environment. Instructors will guide students through the PBED (Plan, Brief, Execute and Debrief) process to reinforce the desired learning objectives into the minds of students.  

To request more information or sign up for this course, please contact Elizabeth Spaunhorst with Boeing or email BoeingCMM@ctcubed.com.

By Christian Sy