On board a US Navy Submarine, a Commanding Officer (CO) has many responsibilities and is held accountable for the particular mission as well as the health and safety of the boat and the crew.
Many challenges and threats accompany particular missions, including protecting the boat from internal and external cyber threats. With an increasing number of threats and the drive for cyber resiliency, ongoing efforts to secure and harden on-board tactical networks remain imperative. A CO must have the ability to evaluate their ship’s functional health and cyber health for real-time situational awareness and recovery. The crew, not trained as network engineers, needs help detecting, defining, and trouble-shooting cyber anomalies.
Part of the challenge in delivering this capability is efficiently doing so without over-burdening the CO and crew with additional displays and software. One approach is to amend or augment existing systems.
The ISMT (Inter-Subsystem Monitoring Tool) suite resides in the submarine’s command and control room and provides an overall network status of various subsystems within the boat’s tactical control system or combat system.
The new Cyber Dashboard and CO Report integrate with the ISMT to assist with cyber readiness, awareness, and recovery. Specifically, the dashboard provides intuitive cyber alerting and management. It identifies real-time, known, and unknown cyber threats in one centralized screen. It provides guidance so the crew, acting like on-board cyber engineers, can eliminate threats and protect their network. It also provides the Commanding Officer with a report of daily and on-demand cyber health status.
Currently, there is no efficient, direct way to determine the cyber health of the submarine. Indirectly, the fleet may determine part of a network has been taken down, or a hard drive has been compromised, or a network switch has been reconfigured. However, it may be well after the event has occurred, which makes response and recovery a lengthy and cumbersome process.
The ISMT subsystem is an ideal target to develop these cyber capabilities as it already touches many of the subsystems and network connections on the boat. Adding advanced cybersecurity architecture and tools enables the ISMT to meet several goals:
Increase Situational Awareness
-
- Reduce briefing time between Chief and CO
- Reduce time it takes to analyze log or alert/error messages
- Reduce complexity in reporting
- Reduce subjectivity
Formalize and automate current Cyber1D Incident Management procedures
Define training requirements
-
- Tactical CO Report helps identify what must be trained for the CO, Chief, and operators in order to be effective
- Tactical CO Report helps identify crew weaknesses from confirmed cyber events that can be resolved with underway training scenarios
Reduced alert fatigue
-
- Currently the operator must reference multiple displays within Information Assurance (IA) to get all the alerts that may pertain to a single cyber event and self-correlate
- Operators start to ignore certain alerts that are constantly displayed with no actionable behavior given to them by the tool
- Dashboard helps reduce the number of alerts displayed which increases the severity of the alerts that are shown
Reduced response time in the event of a cyber vulnerability
-
- Dashboard gives the operator actionable behavior when cyber events are detected
- Cyber Dashboard and CO Report gives the fleet more knowledge to make informed decisions on the safety to execute planned and unplanned capabilities
- Cyber Dashboard provides a single at-a-glance display for overall cyber readiness
- CO Report provides a single page report for daily cyber awareness
- Introduces the guidance and creation of cyber specific fleet training
Equipped with at-a-glance, real-time cyber situational awareness, and the ability to generate reports for daily, on-demand analysis, COs and crews can sense and respond to cyber threats more quickly. Ultimately, this allows COs to focus more on the mission and the safety of the crew.
