ONR moves to protect ships’ systems from cyberattacks
- By Mark Pomerleau
- Sep 23, 2015
The Navy is developing a robust cybersecurity system to protect its shipboard systems. The Resilient Hull, Mechanical, and Electrical Security (RHIMES) system, developed by the Office of Naval Research, is designed to make electrical and mechanical shipboard systems more resilient to cyberattacks.
The RHIMES system is not focused on data theft, which poses an inherent and separate risk. Instead, it seeks to protect against attacks like the infamous Stuxnet virus that targeted logic controllers in Iranian centrifuges, forcing them to spin so fast they destroyed themselves.
“The purpose of RHIMES is to enable us to fight through a cyberattack,” said Chief of Naval Research Rear Adm. Mat Winter. “This technology will help the Navy protect its shipboard physical systems, but it may also have important applications to protecting our nation’s physical infrastructure.”
The program is designed to prevent access to programmable logic controllers, which are the embedded hardware components that interface with physical systems, according to Ryan Craven, one of the program officers heading efforts associated with RHIMES. Those components are used in shipboard systems for damage control and firefighting, climate control, electric power, steering and engine control. “It essentially touches all parts of the ship,” Craven explained.
Rather than relying on virus definitions that depend on previously identified vulnerabilities, “RHIMES introduces diversity via a slightly different implementation for each controller’s program,” Craven said. “In the event of a cyberattack, RHIMES makes it so that a different hack is required to exploit each controller. The same exact exploit can’t be used against more than one.”
While many physical controllers have redundant backups that allow systems to remain operational during controller failure, “without diversity in their programming, if one gets hacked, they all get hacked,” ONR documents state.
“Vulnerabilities exist wherever computing intersects with the physical world, such as in factories, cars and aircraft,” Craven added, “and these vulnerabilities could potentially benefit from the same techniques for cyber resilience.”
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.