navy security 2In addition to numerous and well documented cyber attacks on retail giants and government agencies, we are now seeing reports of how hackers can disable and take physical control of remote systems such as automobiles. Speculation abounds about weakness associated with legacy IT systems and platforms and the increasing possibility of assailants taking control of larger systems ranging from power grids and industrial plants, to commercial transportation such as trains and planes, and now ships at sea.

Homeland Security News examined this in a story Protecting Navy Ships from Cyber Attacks and the Navy certainly has valid reason for concern with the continued reliance on wireless and wired networks, systems and devices.

The article presented examples of unauthorized users gaining access into networked devices and systems and then wreaking havoc on systems that were designed with open architectures to support communication with little regard for unauthorized access or cybersecurity.

Unfortunately, we can no longer afford to operate like this in a highly networked world – not in our automobiles, our IT systems, and our devices that are connected to the Internet of Things, and certainly not in our warfighting systems and platforms.

We, as an entire Defense community, have a lot of catching up to do to ensure that current and new, and especially legacy shipboard systems, are secure from cyber attacks that would disrupt, disable and negatively affect the mission activities of a Navy Surface Platform (Ship).

This concern should be shared by all of the warfighting systems and platforms that reside within the Air Force, Marines and the Army because they also have expensive, long employment systems that remain in service for 10 to 20 years and have integrated IT components and subsystems that have been built to rely on networked communications connectivity.  We are behind on planning for the cybersecurity of these current, new and legacy systems across all of these platforms and it is a growing problem for those in the business of warfighting and defense of our nation.

The U.S. Navy appears to be first to respond with a solution that would secure the entire platform from the outside inwards. The Homeland Security News article details how the Navy is developing the Resilient Hull, Mechanical, and Electrical Security (RHIMES) system, a cyber protection system designed to make its shipboard mechanical and electrical control systems resilient to cyberattacks. The Navy is also looking at how to “build security” around the current and legacy systems that have weak or no cybersecurity controls and mechanisms to also secure these systems from the inside out.

There are a number of procurements upcoming that have this objective and are planned to be awarded in early 2016. At the same time, there are other emerging solutions and architectures, such as impenetrable software defined perimeters, that are being developed by commercial giants such as Coca-Cola, and large Federal agencies such as the Department of Homeland Security, that should also be evaluated to protect known and unknown vulnerabilities in mission critical infrastructure.

Watch this blog for updates in 2016.