In the wake of the widely-reported hacking that has taken place on just about everything that moves, the United States Navy has announced that it is developing a system to protect its fleet from internet attacks.
Like all good government systems, it has been given a name, RHIMES, which stands for Resilient Hull, Mechanical and Electrical Security system.
Protection against attacks on industrial systems is a top priority in government agencies. Earlier attacks, such as the Stuxnet worm which damaged Iran’s nuclear centrifuges, and the 2014 German Steel mill attack, gave good reason for organizations like the Navy to be concerned.
(This is the same US Navy, of course, which continues to use Windows XP - Ed)
Systems such as anchoring mechanisms, climate control and steering and engine controls may all be vulnerable to internet attacks on a modern Navy vessel.
As reported in Phys.Org, Chief of Naval Research Rear Admiral Mat Winter indicated “The purpose of RHIMES is to enable us to fight through a cyber-attack. This technology will help the Navy protect its shipboard physical systems, but it may also have important applications to protecting our nation’s physical infrastructure.”
Dr Ryan Craven, a program officer of the Cyber Security and Complex Software Systems Program in the Mathematics Computer and Information Sciences Division of the Office of Naval Research, told the media, that “functionally, all of the controllers do the same thing, but RHIMES introduces diversity via a slightly different implementation for each controller’s program”.
“In the event of a cyber-attack, RHIMES makes it so that a different hack is required to exploit each controller. The same exact exploit can’t be used against more than one controller.”
Hmm, that happily sounds a lot like a well-designed layered defense.
The RHIMES System is designed so that an exploit of one system can be isolated and prevented from replicating to other critical systems on a ship.
This type of containment is a classic step in a good incident response plan.
Could the success of such a system signal a new era in protecting and segmenting components in areas that touch our lives, such as commercial airliners or automobiles?
Dr Craven thinks so, saying “Vulnerabilities exist wherever computing intersects with the physical world, such as in factories, cars and aircraft, and these vulnerabilities could potentially benefit from the same techniques for cyber resilience.”
I am equally optimistic.