Cyber attacks could prove just as deadly to technologically advanced warships as missiles and torpedoes in the future. That is why the U.S. Navy has been developing a defense system to protect its ships against hackers who threaten to disable or take control of critical shipboard systems.
The Resilient Hull, Mechanical, and Electrical Security (RHIMES) system aims to prevent cyber attackers from compromising the programmable logic controllers that connect a ship’s computers with onboard physical systems. RHIMES uses slightly different versions of core programming for each physical controller so that a cyber attack can’t disable or take over all shipboard systems in one fell swoop.
“In the event of a cyber attack, RHIMES makes it so that a different hack is required to exploit each controller,” said Ryan Craven, a program officer of the Cyber Security and Complex Software Systems Program in the Office of Naval Research, in a press release.“The same exact exploit can’t be used against more than one controller.”
That seemingly basic precaution could go a long way toward protecting crucial warship systems such as damage control and firefighting, electric power, steering and engine control. The loss of one or more such systems could prove especially devastating in the middle of a naval operation or battle; especially if hackers turn the ship’s systems against itself.
The threat of cyber attacks crippling or taking over large physical systems has already been proven in recent years. Stuxnet, the “computer worm” developed by the United States and Israel, attacked Iran’s nuclear program by compromising the physical controllers of Iranian centrifuges and running them at high speeds to damage the equipment. (A similar Stuxnet-style effort aimed at North Korea’s nuclear program failed because it couldn’t access the crucial computers.)
“Another powerful example is the hacking of a German steel mill in 2014,” Craven explained. “The hackers reportedly got in and overheated a blast furnace, and even made it so that the plant workers couldn’t properly shut down the furnace, causing massive damage to the system.”
The Navy’s RHIMES approach to cybersecurity could also pay off outside of warships. A similar strategy might help safeguard the physical controllers found in cars, aircraft, and factories. That could work in tandem with complementary defenses such as air-gapped systems isolated from networks or adding analog systems and humans into the loop as safeguards.