In an increasingly connected — hence vulnerable — world, enemies see cyber attacks as highly asymmetric stealth weapons offering huge payoffs relative to cost. Such methods have obvious appeal for terrorist groups and even certain countries with designs on their enemies’ vital systems.
These scenarios pose a major challenge to naval cybersecurity. Smarter software and growing levels of warship automation demand robust protection as increasingly sophisticated malware can install itself on any computer undetected, then interfere with or even take control of entire systems. Operators of commercial vessels have reported the first cases of hackers gaining access to shipboard IT systems then paralysing them.
There are many ways to launch such attacks. One is via communications through, say, a satellite link to an infected shore station. Another is via portable devices, including portable computers, USB sticks and mobile telephones.
To counter such threats, France has mobilised government resources and contractors to protect all systems in service with its own forces and in countries that use French military equipment. ANSSI, France’s cybersecurity agency, is working with the defence procurement agency (DGA), contractors (including DCNS, Thales and Airbus), and a network of specialist companies to develop and constantly update cybersecurity capabilities, including advanced adaptive firewalls and IT surveillance modules designed to detect anomalies. Given that most attempted intrusions can be thwarted simply by following best practice, strict security rules are also essential.
Looking ahead, front-line fighting ships will most likely carry cybersecurity specialists and have access to specialised shore-based support centres. Smart cybersecurity solutions along the lines of current-generation combat management systems are also anticipated.
DCNS, already a leader in the field, has drawn up a naval cybersecurity framework and rolled it out to the entire group and its supply chain. With this rigorous, coherent framework in place, the DCNS group now offers products designed, developed, delivered and maintained in a cybersecure environment. All DCNS suppliers apply the framework and the compliance of all systems and equipment is checked before integration with the host ship. This strategy also applies to technology transfer programmes through partnerships with the relevant authorities and contractors irrespective of which systems the client chooses to install.