[At the shipyard] Episode 5: Cybersecurity, a perpetual imperative

17 October 2024 Defense Naval Fleet services Episode

Naval Group’s Cybersecurity Operations Department’s offices are located at the naval base, not far from the dock where the multimission frigate’s (FREMM) technical stop is underway. It is 08h30 when an operator about to go on board with IT equipment presents a cyber hazardous work permit for approval.

“This process is mandatory for boarding FREMMs,” explains Alexandra, a Cybersecurity Prevention Engineer. “It is one of many processes introduced by Naval Group to safeguard and ensure the vessel’s digital hygiene during maintenance”. Ensuring the security of the FREMMs’ onboard information and operating systems is a key concern for Naval Group.

 

The Cybersecurity Operations Department received the request for the cyber hazardous work permit (HWP) from this particular operator two days ago. It specifies the nature and serial number of equipment taken on board, whether it will be connected to the ship, to which system or installation, and finally, what it will be used for.

After having assessed the cyber risks related to this request and having analysed the equipment in question, a cybersecurity officer reviews applicable digital hygiene rules with the operator. For example, the fact that each piece of equipment must have up-to-date anti-virus software and have been recently analysed.

“All Cyber HWPs must be approved by us in order to meet the French Navy’s cybersecurity requirements and prevent the risk of taking a malicious computer file onboard the ship during the maintenance works. I remind all Naval Group and subcontracted employees of this rule during the meeting organised right at the start of the technical stop. This rule is also included in the general prevention plan,” says Alexandra. The aim of these processes is also to protect Naval Group’s IT systems.

 

A few minutes later, the operator reports to the ship’s Cyber Officer at the worksite, with the approved Cyber HWP in hand. The Cyber Officer rechecks the HWP to ensure that things are in order before signing this permit. All personnel involved in work on board must be aware of and accountable for the cyber risks associated with the operations performed.

 

Prevention, a constant engagement

“An employee who fails to follow the procedure may be temporarily excluded from the worksite. This decision is taken in agreement with the ship’s Cyber Officer and the Production Manager,” continues Alexandra. “We regularly conduct awareness-raising programs, particularly for newcomers, in order to avoid being faced with such a situation. We also have a suitably equipped workshop enabling us to analyse operators’ equipment, as and when required. In the event of an anti-virus software alert, Naval Group’s Computer Emergency Response Team (CERT) analyses the file and instructs us on how to proceed. There’s no room for doubt when it comes to clearing equipment to be used on board!”

Engineers from the cybersecurity prevention team work in shifts and are available round-the-clock to respond to requests, urgent or otherwise, for all programs. Their vigilance in safeguarding cybersecurity on board plays an important role in contributing to the progress of work on site.