A worldwide phenomenon, the cyber threat targets all levels of society, from economic interests to government departments, not forgetting private individuals. Already prone to piracy, ships are also targets for cyber piracy. How do you defend against it? Explanations given by Michel Agostini, a Naval Group specialist in cyber defence.
Has combating cyber threats become a new area of capability for Navies?
As for anti-submarine or anti-air warfare, cyber defence or defensive computer warfare is in fact a capability with which it is of paramount importance that we equip our Navies’ ships in the face of the increasing threats of cyber attack. All the more so as this impalpable threat, once triggered, can develop very rapidly and in depth and includes specific evolving features to which you have to adapt rapidly.
Since the 1990’s, the worldwide phenomenon of the internet has led to a development in interconnection capabilities, an increase in computer know-how and, its corollary, deviancy in its uses.
In parallel with the professionalization of hackers, industrialists in the naval sector have equipped their ships with ever more numerous and efficient electronic systems and software enabling ever more numerous exchanges of data on board but also making them vulnerable in the face of the cyber threat.
Today, it’s possible for a small group or a state to render a component of an enemy ship defective, to steal data, to take control of the ship, of its information system, of its weapon system or one of the many monitoring and control programmable logic controllers used both for managing the ship’s power supplies and for its steering. For an industrialist such as Naval Group, it is a question of developing and integrating this cyber defence capability on board the ships that we design for our customers, amongst the most important of which is the French Navy.
Of what does the cyber threat consist and how can our ships defend themselves against it?
The threat is multi-faceted and diffuse. It may come from a developer who has accidentally or otherwise introduced a malware into a system or an item of equipment, or from the integrator, the maintenance supervisor or the user, propagating a malware via tools or simply by connecting a standard medium such as a USB key. It may also take the form of an intentional external attack. The vectors of such attacks may be deliberate and malevolent, or simply negligent and ill-informed.
Given the exponential increase of the threat of cyber attacks, both in number and in complexity, we are changing the response strategy. In Naval Group, we are moving from static protection by barriers to dynamic protection which behaves like a warfare sequence: detection, synthesis-decision, counter-reaction. The aim, as in all warfare fields, is to succeed in detecting weak cyber signals in all the ship’s functional chains and characterize as well as possible the underlying events in order to alert and propose counter-attacking postures, where applicable delayed in time and offset in space, if necessary working in collaboration with an operational security centre.
The architectural design of this Defensive Computer Warfare system requires a perfect understanding of the ship’s functional chains and data flows on the part of the naval system manufacturer.
Tomorrow, ships will also be as cyber-secure as they are watertight.
Right from the design of our ships and during their maintenance, we supply a protective architecture and integrate agile dynamic devices capable of acting in real-time (sensors and combat systems). We know that cyber threats, depending on their nature, are liable to affect the whole of all the warship’s functional chains and never cease to evolve.
In parallel with these technical engineering devices, we also take the human dimension into account by collating and distributing details of the accumulated good practices in the field of cyber hygiene, in accordance, in particular, with the recommendations of the national information system security agency (ANSSI). That involves the strict application of validation and accreditation processes that Naval Group has established and which cover the ship’s entire life cycle, i.e. not only Security by Design from conception to integration, but also the securing of corrective operations during the warranty and maintenance phases.
It also involves an information, training and awareness programme for the Group’s partners.
All these elements must also be shared with our customers on the one hand, and by the network of partners and suppliers on the other.
Is cyber defence a matter of national security?
This is clearly a national issue. The French government has defined objectives and priorities and put the resources in place in accordance with the Cyber Defence Pact initiated by the Minister of Defence in 2014. Industrialists are also taking action. After an initial investment out of its own funds, at the beginning of 2014, Naval Group was awarded the Maldives (French acronym for threat, analysis and detection of intrusions for ships) upstream study programme designed to produce a demonstrator of the Defensive Computer Warfare capability. Naval Group is also participating in the establishment of the Chair in Naval Systems Cyber Defence, integrated into the cyber defence centre of excellence in Brittany.
Currently, we are the only Naval system manufacturer in Europe capable of integrating a true cyber defence capability into our ships. We also, of course, intend to allow our client Navies to benefit from our advances in the field.
Cyber defence: field responsible for the detection of and reaction to computer attacks.
Cyber protection: aspect of cyber security responsible for developing and administering cryptographic resources.
Malware: or malicious software, any programme developed with the aim of harming a computer system or a network, such as viruses, worms or “Trojan horses”.
SOC: Security Operational Centre, this term designates the operational centre responsible for supervising one or more systems so as to detect computer attacks on them and react to these attacks in real-time by attempting to isolate the malevolent codes introduced and maintain the system in the operational state.