ONR moves to protect ships’ systems from cyberattacks

ONR moves to protect ships’ systems from cyberattacks

The Navy is developing a robust cybersecurity system to protect its shipboard systems.  The Resilient Hull, Mechanical, and Electrical Security (RHIMES) system, developed by the Office of Naval Research, is designed to make electrical and mechanical shipboard systems more resilient to cyberattacks. 

The RHIMES system is not focused on data theft, which poses an inherent and separate risk. Instead, it seeks to protect against attacks like the infamous Stuxnet virus that targeted logic controllers in Iranian centrifuges, forcing them to spin so fast they destroyed themselves.   

“The purpose of RHIMES is to enable us to fight through a cyberattack,” said Chief of Naval Research Rear Adm. Mat Winter. “This technology will help the Navy protect its shipboard physical systems, but it may also have important applications to protecting our nation’s physical infrastructure.”

The program is designed to prevent access to programmable logic controllers, which are the embedded hardware components that interface with physical systems, according to Ryan Craven, one of the program officers heading efforts associated with RHIMES. Those components are used in shipboard systems for damage control and firefighting, climate control, electric power, steering and engine control. “It essentially touches all parts of the ship,” Craven explained.    

Rather than relying on virus definitions that depend on previously identified vulnerabilities, “RHIMES introduces diversity via a slightly different implementation for each controller’s program,” Craven said. “In the event of a cyberattack, RHIMES makes it so that a different hack is required to exploit each controller.  The same exact exploit can’t be used against more than one.”

While many physical controllers have redundant backups that allow systems to remain operational during controller failure, “without diversity in their programming, if one gets hacked, they all get hacked,” ONR documents state. 

“Vulnerabilities exist wherever computing intersects with the physical world, such as in factories, cars and aircraft,” Craven added, “and these vulnerabilities could potentially benefit from the same techniques for cyber resilience.”

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group