A leading supplier of mission-critical engine control units (ECUs) for U.S. military applications needed a way to securely transport firmware and key material to deployed systems – without relying on external connections, internet access, or physical vendor presence. The solution needed to meet government STIG standards, protect against tampering, and ensure end-to-end integrity from factory to edge-deployed systems.
ISS Solutions
ISS deployed its Secure Platform for Aerospace & Defense (SPAD), embedding the same hardened architecture used for top-tier defense primes. This solution included:
- Integration of DLM signing and delivery infrastructure into a SCIF-like secure lab
- Embedded TLS-secured comms layer on UltraScale-based ECUs to retrieve cryptographic material directly
- Secure key provisioning workflows synchronized with firmware signing
- STIG-compliant mechanisms for operation in fully air-gapped environments
The implementation provided device-level validation, traceability, and assurance, while minimizing human access to sensitive firmware.
Results
- Successfully demonstrated secure provisioning of firmware and keys to UltraScale ECUs
- Delivered edge-encrypted software and credential transport from factory to in-field deployment
- Enabled SCIF-level deployment without vendor presence or internet access
- Extended the same hardened supply chain architecture used by other major primes
- Positioned the supplier to deliver secured control modules to major aerospace OEMs
- Built foundation for integration with top-tier aerospace platforms, also using ISS security solutions
