Diversifying cyber systems is an idea whose time has come. With increasingly sophisticated hacking occurring every day, is it out of the realm of possibility to imagine that a US nuclear ICBM could be launched from a Navy ship or submarine back at its home country?
Armored Ships No Longer Sufficient for Protection
The US Navy is in the process of developing futuristic capabilities by diversifying its cyber systems or “nerve centers” aboard Navy vessels using a program called Resilient Hall, Mechanical, and Electrical Security (RHIMES). This program slightly changes the core programming code for physical controllers for each piece of equipment so that cyber attacks can be nipped in the bud by limiting them to a small area rather than infecting an entire ship. For example, a ship may have defenses for air-based and amphibious assaults, but hacking into and controlling one system doesn’t allow access to the other.
According to the Navy, each vessel has its own cyber risk management plan that looks at vulnerabilities, preventative measures, and incentive systems to protect the ship and crew. RHIMES seeks to avoid what is called “monocrop,” or systems that have the same software and configuration and can be completely overtaken with one exploit.
“In the event of a cyber attack, RHIMES makes it so that a different hack is required to exploit each controller, and the same exact exploit can’t be used against more than one controller” says Ryan Craven, Program Security Officer of Naval Research at the Cyber Security and Complex Software Systems Program.
With the recent introduction of the Stuxnet computer virus and increasing piracy and hacking worldwide, the threat of crippling or taking over large physical systems is increasing. According to Craven, a German steel mill was hacked in 2014 and hackers overheated the blast furnace, prevented workers from properly shutting down the furnace and caused massive damage.
The following video is an overview of RHIMES: