Ships are increasingly using systems that rely on digitization, integration, and automation. Offensive actors understand the naval reliance on communications, ISR, and visualization technologies, and perceive them as vulnerable to disruption and exploitation. In 2016, the Baltic and International Maritime Council (BIMCO) in their “Guidelines on Cyber Security Onboard Ships,” warned about the vulnerability of Merchant ships from cyber attacks due to their increased networking and automation systems onboard. Navies are moving to network centric systems in which all the sensors weapons and command and control on ships, aircraft, submarines, and unmanned vehicles are ‘networked’ , which also enhances vulnerability.
Cruise ships could be sunk by cyber terrorists, official Government guidance has warned in a drive to improve protections from online attacks. Vessels could be vulnerable to “kidnap, piracy, fraud [and] theft of cargo” if their computer systems are compromised, the Transport Department said. At worse a cyber-hack could result in “risk to life and/or the loss of the ship”, the industry was also told.
Cybersecurity Measures
Operational commanders, depend on naval networks for command and control, maritime situational awareness, and integrated fires in all phases of conflict or crisis. The availability, integrity, and confidentiality of naval networks and communications systems need to be well protected. A malicious intrusion into naval networks may prove disastrous for own operations. On top networks are required for the logistics, administrative, medical, and training functions, writes Ralph D. Thiele, in Focus on Defense and International Security Game Changer – Cyber Security in the Naval Domain.
Yet, securely operating and defending naval networks is a particular challenge. A key issue has become to reduce ‘attack surfaces’ – i.e. the opportunities for malicious actors to get into naval networks. To this end, network controls include network firewalls, intrusion detection and prevention systems, security information and event management, continuous monitoring, boundary protection, and defence-indepth functional implementation architecture, anti-virus protection on all host systems, robust vulnerability scanning, and cyber risk management.
Technical cybersecurity applies across the naval network, afloat and ashore, including host level protection with software designed specifically for naval requirements. Information assurance is a top priority in highly networked environments. It requires the coordinated use of multiple security countermeasures to protect the integrity of the information assets. Obviously, it would be more difficult for an opponent to defeat a complex and multi-layered defence system than to penetrate a single barrier. Also, the naval ability to exercise command and control in the presence of a protracted “information blockade” employed by adversaries needs to be assured, especially under heavily contested or denied operational conditions.
The Royal Navy is running its first ever large-scale cyber war games, to protect warships and submarines from cyber attacks. Dubbed Information Warrior 17, the training exercise is designed to ensure the Navy is prepared for the challenges that a new era of warfare could pose, as project director Colonel Dan Cheesman of the Royal Marines explained. Thousands of members of the navy, air force and army will take part in Information Warrior 17, as part of an even bigger Nato training exercise, Joint Warrior, in Scotland. During the exercise, the navy will use artificial intelligence to set up a “ship’s mind”, which will allow warships and submarines to make decisions automatically.
The new Type-26 Global Combat Ship, which is designed to be the workhorse of the Royal Navy when it is built, has been designed to protect its weapons, engines and systems from cyber warfare as reported by Ben Farmer, Defence Correspondent. Geoff Searle, head of the Type-26 programme at BAE Systems, said: “It is an equally important threat to the more traditional threats and one that we take very seriously and design the ship to be confident it can withstand that.”
Automation, a tool for attackers, is key to Navy cyber defense. Adm. Gilday says it is required for protection that goes beyond boundary and point defenses. He calls for greatly increased investment in artificial intelligence and cognitive computing. Artificial intelligence should be leveraged to provide a greater understanding of activities deep inside Navy networks. “We need to move beyond touch labor, in terms of being able to respond rapidly to a threat,” the admiral declares. “We have great detection systems that alert us to known or suspected bads, but the challenge is to be able to quickly identify and respond to an intruder deep inside your networks.”
US Navy Diversifies Ships’ Cyber Systems to Foil Hackers
The Defense Department has said that warships are are broadly vulnerable to cyberattacks. The problem led the Navy to create the RHIMES system, a new effort to protect the electrical and mechanical systems of warships
U.S. Navy has developed a Resilient Hull, Mechanical, and Electrical Security (RHIMES) defense system to protect its ships against hackers who threaten to disable or take control of critical shipboard systems. Dr. Ryan Craven, a program officer of the Cyber Security and Complex Software Systems Program in the Mathematics Computer and Information Sciences Division of the Office of Naval Research, explained that RHIMES is designed to prevent an attacker from disabling or taking control of programmable logic controllers—the hardware components that interface with physical systems on the ship.
“Some examples of the types of shipboard systems that RHIMES is looking to protect include damage control and firefighting, anchoring, climate control, electric power, hydraulics, steering and engine control,” explained Craven. “It essentially touches all parts of the ship.” The loss of one or more such systems could prove especially devastating in the middle of a naval operation or battle; especially if hackers turn the ship’s systems against itself.
Traditionally, computer security systems protect against previously identified malicious code. When new threats appear, security firms have to update their databases and issue new signatures. Because security companies react to the appearance of new threats, they are always one step behind. Plus, a hacker can make small changes to their virus to avoid being detected by a signature.
“Instead, RHIMES relies on advanced cyber resiliency techniques to introduce diversity and stop entire classes of attacks at once,” Craven said. Most physical controllers have redundant backups in place that have the same core programming, he explained. These backups allow the system to remain operational in the event of a controller failure. But without diversity in their programming, if one gets hacked, they all get hacked.
“Functionally, all of the controllers do the same thing, but RHIMES introduces diversity via a slightly different implementation for each controller’s program,” Craven explained. “In the event of a cyber attack, RHIMES makes it so that a different hack is required to exploit each controller. The same exact exploit can’t be used against more than one controller.”
“The purpose of RHIMES is to enable us to fight through a cyber attack,” said Chief of Naval Research Rear Adm. Mat Winter. “This technology will help the Navy protect its shipboard physical systems, but it may also have important applications to protecting our nation’s physical infrastructure.” “Vulnerabilities exist wherever computing intersects with the physical world, such as in factories, cars and aircraft,” Craven said, “and these vulnerabilities could potentially benefit from the same techniques for cyber resilience.”
Navy Bolstering Cybersecurity for Unmanned Vessels
The Navy is exploring how to better protect its unmanned vessels with anti-tamper measures to prevent hacking from adversaries. “We are looking at specifics of anti-tamper [technology] as we do for any platform, but obviously for unmanned, it’s a little bit of a different problem” because sailors won’t be on board to deal with issues that arise, said Rear Adm. Casey J. Moton, program executive officer for unmanned and small combatants.
The sea service is investing big in robotic platforms. Over the future years defense program, the Navy has allocated about $12 billion for unmanned aircraft, surface vessels and underwater systems in fiscal years 2021 through 2025, according to Bloomberg Government. The ships could be deployed in high-risk environments without putting sailors in harm’s way. “Although they will be under the protection of their carrier strike group, the vessels are probably at times going to have higher attrition,” Moton said during a webinar hosted by the Center for Strategic and International Studies. “That’s part of our calculus and part of the way that we’re going forward from that standpoint.”
The service is testing anti-tamper capabilities in its unnamed prototypes to address cybersecurity issues, he said. The Navy envisions its future large unmanned surface vehicle, or LUSV, as part of the Aegis integrated control system network, which means the vehicle will still be overseen by a human who will make decisions remotely such as telling the vessel when to fire munitions, he said. The service has taken the need to prevent tampering into account during its wargaming and other studies, Moton said. “From our standpoint, we are doing some robust things for the fact that these vessels will operate [network] capable. Certainly the cyber efforts are robust.”
Naval Dome Adapts Cyber Security System for Port and Navy Applications
Naval Dome has adapted its award-winning maritime cyber protection technology for compatibility with port-based systems and naval vessels and rebranded its direct-installation security software to differentiate between the different types of application. The cyber defence software will now be marketed as Marine Dome for use in commercial vessels, cruise ships and yachts; Port Dome for ports and harbors; and Navy Dome for application in naval vessel and military craft.
Naval Dome CEO Itai Sela said: “The proven capability of our cyber security solution in protecting ships’ OT systems from unauthorized access and hacking, together with the recent SL4 type-approval from DNV GL – the classification societies’ highest level of security certification – has sparked significant interest from other sectors.
“We have now adapted the software for compatibility with systems typically used in ports and harbours and naval vessels. While the technology is intrinsically the same, we have changed some of the algorithms to suit the different type of systems and equipment used in these areas.”
The Israel-headquartered company has also appointed Israel Defense Forces’ former Head of Naval Operations, Rear Admiral (Ret.) Ido Ben-Moshe, to facilitate the requirements of these new market sectors. Ido Ben-Moshe, Vice President Business Development, Naval Dome, said: “By installing Port Dome across a port’s connected machinery and OT systems or Navy Dome on the systems installed on naval vessels we remove the cyber pressure points and safeguard these important sectors against attack.”
Ben-Moshe said ports are particularly vulnerable as they become more reliant on networked connectivity. “The increase in autonomous, connected machinery, computer integrated operating systems and terminal management systems will leave ports increasingly susceptible to a cyber-attack if they are not properly protected. It is crucial that ports’ OT systems are as impregnable and impervious to cyber-crime as the ships we protect.”
While the same concept applies to naval vessels, the approach will differ somewhat from commercial vessel application. “A naval vessel is unique and therefore needs a unique cyber security solution to protect its connected systems,” said Ben-Moshe. “We deliver a tailor-made cyber defence solution capable of protecting weapons systems, navigation systems and machinery control systems from unauthorized access, whether they are retrofit or legacy installations.
“Using intelligence agency-grade security technology, Navy Dome blocks internal and external cyber-attacks to provide maximum protection with minimal human intervention. It integrates with existing systems and software, providing real-time cyber alerts and blocks malicious files to prevent unauthorized access to systems critical to a vessel’s ‘fight, flight or float’ capability.”
Naval Dome is currently the only provider of cyber defence solutions to the maritime industry to have achieved Security Level 4 (SL4), the highest level of certification that can be awarded under the DNV GL rules. DNV GL CP-0231 is a type approval program developed using the international standard ISA/IEC 62443, Security for Industrial Automation and Control Systems. Naval Dome is currently verifying Port Dome and Naval Dome applications with a number of ports and naval forces, respectively.
References and Resources also include:
https://www.onr.navy.mil/en/Media-Center/Press-Releases/2015/RHIMES-Cyber-Attack-Protection.aspx