The world recently has faced several cyber-attacks called WanaCrypt or WanaCry, hitting more than 150 countries in mid-May 2017.They did not only disturbed general operations but also hindered and disrupted secured information of several government bodies and general population. Such threats affect the financial sector as well as the defence sector at both personal and state level.
This recent event raises important questions on whether a nation’s defence assets are also prone to such cyber threats and more importantly are modern countries enough sufficiently prepared to face such attacks in a proactive way.
As anti-submarine or anti-aircraft warfare, Active Cyber Defence (ACD) is becoming a new form of warfare for our customers, and NAVAL GROUP is developing its cyber security expertise to meet their expectations even more effectively.
Modern combat assets and vessels remain extremely dependent on hyper-connected complex systems with predominant software (expert systems, command and control, algorithms, computers, databases…). Vulnerability to cyber malware and attacks exists and can penetrate deep into the systems. This makes it imperative to anticipate and implement efficient cyber security in defence.
Cyber security in naval assets
In the field of cyber security in naval defence and associated areas, any naval force must maintain their critical capabilities (diving, navigation and security) and safeguard combat edge (weapons, firing….). This includes being able to recover and restore all or part of the lost capacity and information which has come under cyber-attack. Ensuring the digital/ cyber security of armed naval platforms is first and foremost an end-to-end practice.
A cyber security perimeter as practiced by major shipbuilders and integrators like NAVAL GROUP covers all major aspects: platforms’ functional chains, port and industrial support infrastructure, cyber security at the system design stage, OEMs and industrial ecosystem and incorporation of the concepts and practices to act from end to end and throughout the lifetime of the ship. It is a constantly moving battlefront. It is therefore necessary to evolve and adapt quickly with scalable cyber-processes and techniques for updating defence systems extremely quickly, and at the same time, taking into account the fact that NAVAL GROUP is working on vessels that will operate for another 30 or 40 years.
As a whole the principle is to design a platform which can actively manage, detect, understand, respond/ sanitise and report any malware or cyber threat in real time condition. The cyber security is thus practiced in 3 main areas by NAVAL GROUP – in the company, at the dock and at the sea. This incorporates security in coordination and information transfer with other platforms of the fleet and with the naval bases.
The Company’s structure
NAVAL GROUP structures its approach for its internal systems and for its products and services around the American Cyber Security Framework standard of the NIST (National Institute for Standard and Technology).
This approach consists in mapping the systems and carrying out a risk analysis (IDENTIFY) so that they can be protected (PROTECT), detecting abnormal situations representing a forthcoming attack (DETECT), setting up the overall chain of reaction in case of an attack (RESPOND) and finally, restoring a nominal situation (RECOVER). This approach is implemented directly in all NAVAL GROUP processes so that cyber-security is taken into account in every aspect of the company’s business: for the enterprise information system; for new constructions, renovations and the fleet in service.
Cyber Security at dock
This will guarantee integrity prior to sea missions. This involves locking the overall digital operational configuration of the systems (including IPMS and combat systems), as well as a triggering the configuration to have sensitivity/ resistance to known threats.
Cyber security at sea
The main objective is to detect any anomalies by installing active warning systems on the systems operated on board. These active systems are now superimposed without being planned at the departure. The cyber reaction capacity then allows containment or isolation of systems in the face of attempts at cyber proliferation and degradation. Beyond that, in order not to be prone to similar malfunction, it is essential to re-initialize and configure the affected systems.
Cyber security as design approach
Modern architecture principles consider it imperfect to super-impose secured features in a system after factory design. The aim is to have architectures that take into account cyber security aspects from upstream. The aim is to facilitate system connections and data exchanges in rapidly expanding information flow (high-speed networks, heterogeneous data). These cyber-ready systems will inherently have access management and traceability capabilities. This will have capacities for early detection through self-monitoring and advanced malfunction analytics.
NAVAL GROUP, as the industrial prime contractor, participated in the first cyber work at the end of the 90s on the Horizon program of French-Italian frigates and then on the European Multi-Mission Frigates (FREMM) in the 2000s, not to forget the Barracuda-class of nuclear-attack submarines. Since the early 2000s, NAVAL GROUP has invested in cyber defence by setting up a department devoted to this sector and investing in R&D.
Today, NAVAL GROUP is probably one of the most advanced companies on the subject. This positioning is underpinned by a partnership approach with major industrialists in the Cyber domain, as well as innovative and specialized SMEs. The Group is working to establish a “Cyber Investment Fund” with major stakeholders in defence, industry and services as well as companies with a good knowledge of the market. There is a need for an ecosystem of companies capable of developing cyber-defence technologies and fostering the growth of those companies, such that the resulting ecosystem will enable them to benefit from secure, next-generation solutions with an influx of technologies capable of coping with the developments in threats over time.
New generation ships incorporated with cyber security configurations
NAVAL GROUP designed ships that are now cyber secured. NAVAL GROUP approach to imbibe cyber security from architecture level can be illustrated in their recent approach to build cyber-secured naval platforms. This approach was put into practice in fact while designing the latest ship with high complexity. The frigate of the FTI/ BELHARRA program scheduled to be admitted to service with French Navy in 2023 will have an architecture designed, among other things, to deal with cyber threats. The system configurations of future ships will be built on embedded digital ACCESS systems designed for embedded cyber secured architecture.
In 2017, NAVAL GROUP has multiplied the number of its collaborators, experts in charge of cyber security. The Group is investing significant part of its R & D in advanced solutions in this area and the result is creation of centre of excellence in form of “CyMS (Cyber Management System)” dedicated to elaborate cyber ship picture & status and “Cyber Security Laboratory”, which is the technical space for testing materials & configurations.
Protecting against threats is therefore the result of a global approach integrating a logic of internal protection and a more business-oriented logic with the products and services produced by the company.
Please wait...
