Battle damage repair is all about maintaining power to command. It’s about fixing only that which takes priority to make the mission a success. Say your frigate is taking heavy damage. The key to success may be keeping control over your fire control systems. It may be keeping your radar systems operational. The mission resilience of your naval systems can depend on many things, because it is built upon many domains – one of which is your cyber security. Definitively on the rise, cyber warfare at sea can throw a major wrench in your plans if you don’t have the proper digital defences in place - just like you would for the rest of your ship. Let’s take a look at your digital mission resilience!
‘Hacking’ is no longer something that only takes place on land, or that solely affects land-based assets. More and more state actors have discovered that cyber attacks can be a relatively cheap way to test and affect the operational capabilities of other countries – including their navies. The most nefarious ‘hacks’ don’t even need to happen in real-time. Malware may have been placed during maintenance, or snuck in while at a foreign harbour. A usb stick here, an unexpected click there, and it’s done. A small bit of software may lay dormant until you try to use your tracking radar or your gun, resulting in it being off by a few degrees. Just enough to cause problems, but not enough to notice right away – possibly placing your mission and the safety of your crew in danger.
Anti-Cyber Warfare works differently at sea than it would in a Security Operations Center (SOC) on land, because it needs to be embedded into the operational Navy context. There are no cyber experts on board of most navy vessels, and many Navies indicates they don’t expect this to be a viable option in the future. Connectivity with land cyber experts might be difficult or impossible given networks bandwidths or mission conditions. A quick response to maintain mission aim is key; full recovery can take place later with cyber experts in the harbor.
If crucial parts of your ship are in need of repair or about to be damaged, you want to be able to respond accordingly. If there’s a fire, you’ve got your firefighting gear in place. If a cable gets fried, you can switch it out with a new one. But since cyberwarfare is a relatively new threat, most navies don’t have specialized protocols in place to deal with cyberthreats. That is what we at Thales set out to solve. We know the naval field like the back of our hand, so combined with our expertise in naval systems and cyber security, our naval digital mission resilience approach is ahead of the pack!
Anti Cyber Warfare Work set
Anti-Cyber Warfare consists of three steps. The first is knowing your enemy: what are the kinds of attacks you can expect, and what is the potential impact of their damage? The second is being able to identify the problem once it happens, preferably as fast as possible. Last but not least: patching the problem, so your mission will not be affected – or at a minimum so that effects on the mission can be reduced as much as possible.
Based on these defence fundamentals, our naval cyber department has created a specialized workset that can be added to your combat management system, such as TACTICOS by Thales. The way this workset works is based upon extensive research done by our teams. We’ve analysed and defined countless software specific patterns found on naval ships, in order to be able to detect suspicious behaviour and/or intrusions. For instance, one of these patterns can be the fact that during the day, way more users log into the ship’s systems than at night. That means when a certain user logs in during the night, the system might flag that as an anomaly. Pattern detection could also flag something much more obvious, like your radar turning on by itself in an area where you’d usually keep it turned off.
The Anti-Cyber Warfare Workset enables you to detect specific mission system incidents and anomalies, and generates in response a set of mitigation options. It’s similar to a recipe book or a helpdesk script, where you don’t have to be an expert to get to expert results. Such a solid Cyber Battle Damage Repair protocol on board will help you reduce the chance of cyber-attacks as well of their possible impact. It will enable the commander to choose which response fits the current command aim best more quickly and more easily, which can then be implemented by the operator.
Newer updates (soon available) of our workset will include more ways for the commander to choose from to remedy a particular problem. Such as, for instance in the case of a misfiring canon, turning that specific software program off so it cannot be misused. Or resetting the software to a previous back-up, to let it bypass any malware and run smoothly again.
Dealing with cyber security issues will need to become part of on-board procedures. In this changing world, we recommend including cyber warfare awareness into basic training. Learning to work with workset will be a piece of cake for your operators, as we’ve specifically designed it for naval purposes and to be easy to use. Working together with you and our other customers, we’re speeding up the journey towards improved, futureproof mission resilience!
This article is part of the interview series ‘Safeguarding your strength @sea’, where we look behind the scenes of cyber security in the naval domain.