Cyber risk reduction in complex systems

From policy to practice in mission-critical environments

By Tom Kaminske, Astrion Operations Manager & Cybersecurity Test Engineer, supporting the 96th Cyberspace Test Group

Modern defense systems are no longer defined by individual platforms. They are defined by how well those platforms integrate.

Aircraft, sensors, networks, weapons, and mission systems now operate as tightly connected architectures across domains. That integration delivers unprecedented capability, but it also concentrates risk. A vulnerability in one component can cascade across the enterprise and directly affect mission execution.

Programs such as Golden Dome for America reflect this shift. Designed to unify multiple platforms, sensors, and vendors into a coordinated defense capability, Golden Dome represents a new generation of system-of-systems architecture where resilience must be engineered into the design.

Astrion supports cyber test and evaluation efforts across advanced fifth-generation aircraft, next-generation bomber platforms, and distributed cross-domain command-and-control (C2) architectures operating under contested spectrum conditions. These systems function as highly networked computing environments, where avionics, communications, software, and radio-frequency (RF) systems interact continuously.

As Department of War (DOW) systems grow more connected, cyber cannot be added at the end. In architectures of this scale, it must be engineered in from the beginning.

Early integration, lasting resilience

Effective cyber T&E begins well before systems are integrated or deployed. The Mission-Based Risk Assessment Process for Cyber (MRAP-C) begins with structured reviews of system documentation and architecture artifacts to identify mission-essential functions, critical data flows, and potential attack paths within a system’s design.

During this phase, Astrion works with program offices and technical stakeholders to evaluate how systems are constructed and how adversaries might exploit them. These assessments establish a risk-informed baseline for further testing.

Depending on program maturity, activities may include vulnerability scanning, cooperative penetration testing, and support to red team or adversarial assessment efforts. Findings from MRAP-C activities inform these later phases, allowing programs to prioritize mitigation and validate protections under realistic threat conditions.

In select cases, Cyber Tabletop (CTT) exercises further explore operational decision-making under cyber stress.

Early involvement surfaces vulnerabilities while design adjustments are still feasible, reducing rework and accelerating fielding without compromising mission assurance.

Phased testing for real-world complexity

Programs such as Golden Dome require a T&E model that scales with integrated system-of-systems architectures and validates performance under operationally representative conditions.

Following early architecture assessment, validation progresses through increasingly rigorous phases:

• Mission-based risk assessments to characterize attack paths and mission-essential exposures
• Cooperative penetration testing to validate protections against design intent in collaboration with program stakeholders
• Red-team-enabled testing to apply realistic exploitation techniques under mission conditions
• Authorized adversarial assessments to independently evaluate system resilience against advanced threat tactics

This progression moves programs from architecture-informed risk identification to operationally representative validation, ensuring protections function under mission-relevant conditions.

Astrion scales these efforts to system complexity and threat posture, with particular focus on high-value targets such as C2 and mission support systems.

From paper to practice

On paper, modern architectures are interoperable and layered. In practice, integration reveals complexity that documentation alone cannot surface.

In cross-domain C2 environments, systems operating at different classification levels must exchange information while preserving multi-level security boundaries. Access depends on user permissions, mission context, and enforcement of zero-trust principles across distributed architectures.

As platforms and decision-support tools are connected, dependencies emerge. A configuration that appears compliant in one subsystem can introduce exposure when integrated with another. Latency, spectrum interference, or degraded communications can create failure modes not visible during standalone testing.

The challenge is not only securing individual systems but validating how they behave once connected under operational stress.

Securing the space between

In system-of-systems programs, cyber risk rarely resides in one platform. It emerges in the space between systems, where data moves across interfaces and configurations evolve with each integration.

In contested cyber and electronic warfare (EW) environments, those seams become especially consequential. Systems that function as designed in isolation may degrade under spectrum interference or disrupted data flows.

EW adds another dimension. While jamming interrupts communications, more advanced electronic attack techniques can introduce manipulated or malicious inputs through RF pathways, causing systems to behave in unintended ways. In tightly integrated architectures, those effects can propagate across connected components.

Addressing this reality requires evaluating inter-system dependencies, not just individual performance. Survivability depends on securing the seams as much as the systems themselves.

Delivering survivability at scale

This evolution is occurring alongside expanding cyber acquisition guidance across DOW. As policy increasingly emphasizes early integration, cross-domain security, and mission-aligned validation, requirements now extend beyond individual platforms to how integrated architectures perform under operational stress.

As cyber threats grow more sophisticated and system complexity accelerates, programs like Golden Dome are no longer outliers. They represent the emerging operating environment. Meeting this demand requires continuous evolution in tools, techniques, and talent. Cyber test organizations must develop more advanced validation methods and cultivate highly skilled personnel capable of operating in increasingly complex and contested environments.

By combining early-phase assessments with mission-representative validation, complex defense systems can be made not only secure, but survivable.

In today’s connected battlespace, resilience is not a feature. It is foundational.