Search The Archives

Thursday, October 23, 2014

US SUBMARINE CONTROLS AT RISK: CYBER-ATTACKS COULD RENDER NUCLEAR SUBS USELESS OR WORSE

NAVSEA: Submarines Control Systems are at Risk for Cyber Attack

Virginia-class attack boat North Dakota during recent sea trials. US Navy Photo
Virginia-class attack boat North Dakota during recent sea trials. US Navy Photo
The head of Naval Sea Systems Command (NAVSEA) warned that the U.S. Navy will have to
ramp up its cyber-security efforts to secure the controls systems of its submarines. 
“It is the threat to our control systems,” Vice Adm. William Hilarides, commander of NAVSEA, told an audience at the Naval Submarine League Symposium in Falls Church, Va. on Wednesday.
“We’re just now starting to hear the inklings of it.”
There are little noticed cyber vulnerabilities on nuclear attack submarines like the Virginia-class boats that are slowly becoming the mainstay of the Navy’s undersea fleet, Hilarides said. One example of that is the Virginia-class boat’s backup Caterpillar-built diesel engine, he said. 
Specifically, the problem is a computer chip that helps control that engine—a chip that runs on Microsoft Windows XP, Hilarides said. 
That chip is connected into the rest of the vessel so that the data can be displayed in other parts of the submarine, he said. That means that chip is connected to the submarines machinery control system. 
But it goes beyond that, Hilarides said, the data from the chip sent off board the submarine to maintenance crews at a warfare center. The problem is that the data is automatically shared via an unclassified network, Hilarides said, which renders that chip on the diesel engine as a point of vulnerability for the multi-billion dollar warship. A hacker could attack that network and gain access to the submarine’s systems and cause chaos.
Hilarides pointed out that while crashing a submarine or warship’s information technology systems can be a nuisance, attacking critical systems like a ship’s gas turbines or a nuclear reactor could have catastrophic results.
The Navy can do a few things quickly to provide “reasonable security” to those sorts of systems, but ultimately ships and submarines need to be built with cyber-security in mind right from the outset, Hilarides said. “We’ve opened a new era of warfare and it ain’t going back in the tube,” he said. “We’re got some work to do.”