Back to news

April 22, 2020 | International, Naval, C4ISR

For the Navy’s hospital ships, networking is yet another challenge

Andrew Eversden

When the Navy hospital ship Comfort deployed to Haiti in 2010 following devastating earthquakes, media organizations broadcasting in the area ate up so much satellite bandwidth that the ship had to revert to paper processes and adjust its satellite communications for some ship-to-shore messaging.

While the outages weren't a widespread issue, said Sean Kelley, who served as the ship's top IT officer at the time, the problem highlighted a challenge these ships face: broadband.

Now, the hospital ships Mercy and Comfort are deployed to Los Angeles and New York, respectively, and are in the national spotlight as symbols of the coronavirus pandemic relief effort. But security and IT experts say the ships' mission presents the Navy with distinct networking problems, from cybersecurity to network connection for patients.

Onboard devices

When disaster strikes, the Navy's hospital ships deploy in a matter of days, mobilizing with a crew of about 100-1,200 personnel. But the influx of staff also leads to an incursion of devices, all of which must be secure and require bandwidth.

“You have a lot of different people going to a lot of different places that now have to be acclimated to this environment,” said Kelley, now executive vice president at Unissant, an IT and cybersecurity company. “So that's really one of the biggest challenges, is getting all those things turned on, all those things activated, making sure that they are all compliant with the latest patches and fixes, and making sure they're good.”

This process can be a “nightmare,” said retired Rear Adm. Danelle Barrett, former deputy chief information officer of the Navy and cybersecurity division director.

“The challenging part is always in the first couple days whenever this happens,” said Barrett, who oversaw communications and cyberspace for Operation Unified Response, the U.S. military's mission in Haiti following the 2010 earthquake. “The team is coalescing about how they want to operate, and they're getting their feet wet, getting new accounts on networks ... [getting] their logins.”

Cybersecurity aboard the ships is also complex. Both ships have 1,000 beds, 12 operating rooms, blood banks, labs, medical devices and a multitude of other “internet of things” devices connected to hospital beds. According to a 2018 survey by health care IoT security company Zingbox, each bed can have as many as 10-15 IoT devices.

“They have to be cyber-ready, or the mission of the Mercy is considered [degraded],” said Dean Hullings, global defense solutions strategist at Forescout, which handles Comply to Connect — a Defense Department framework created to ensure the cybersecurity of new devices — for the USNS Mercy.

Ensuring connectivity

For the devices to function, they need connectivity. When the ships arrived in ports in late March, technology firm CenturyLink “donated” connectivity to the Mercy, while Verizon provided connectivity to the Comfort.

Former and current Navy officials told C4ISRNET that adequate broadband is the most challenging IT consideration faced by these ships.

“Obviously you're going to be transferring imagery of X-rays or things like that that are more dense and require a ... higher data rate, so that bandwidth in port is important,” Barrett said.

And with the introduction of patients, bandwidth needs become more complex.

“The greatest communications challenge we are going to face during this deployment is the increased need for patients to communicate off the ship during their stay,” Tom Van Leunen, a spokesman for Military Sealift Command, told C4ISRNET. “Our hospital ships are designed to support official communication for the ship's crew and embarked medical community to complete their job. Adding a capability for patients to reach loved ones increases the risk of saturating the bandwidth off the ship.”

Aboard both ships, the Navy doubled the bandwidth, he said, adding that Navy personnel also set up separate networks for patients' communications.

While this solves one networking problem, it can also create an increased cybersecurity risk.

Securing the ships

Cybersecurity on the hospital ships follows the same standard practices as the rest of the Navy fleet. Since those aboard are largely Navy medical staff and personnel, they know what activities are acceptable on the network, Barrett said.

“You can't just go and plug anything into that network because of potential vulnerabilities that that system may bring that could affect not just the ship, but remember, the ship is then connected to the rest of the [Department of Defense Information Network],” Barrett said. “So risk by one is shared by all.”

ForeScout's Hullings said a hospital environment “epitomizes” why the Comply to Connect program is necessary. The ship has desktops, servers, routers, printers and other networks equipment, as well as mobile devices, such as tablets, that health care providers use to track patient care.

“The truly unique stuff is the mission systems of the hospital, like X-ray machines, MRI machines, the beds themselves in the post-operative recovery rooms, that are all sensors. And they are all passing data. They have to be protected,” Hullings said.

A spokesperson for the Navy told C4ISRNET that the ships are prepared for the cybersecurity challenges associated with their missions, but declined to address what additional cybersecurity challenges are introduced with the addition of private citizens.

“These ships have routinely deployed in humanitarian assistance missions such as Pacific Partnership (USNS Mercy) and Continuing Promise (USNS Comfort) that required them to operate in partner nation ports, with foreign national patients being brought to and from the ship,” said Cmdr. Dave Benham, a spokesman for the Navy's 10th Fleet. “In all operating locations, we take appropriate precautions to keep our networks secure, and we do not discuss specific measures in order to protect operational security.”

Cybersecurity on the hospital ships follow the same protocols as any other Military Sealift Command ship, said Benham.

“Protecting our networks is a continuous challenge, and the overarching concern is to ensure that the right information gets to the right place at the right time with the right level of protection,” he explained.

Cybersecurity aboard the hospital ships follow similar efforts to those recommendations made by the Centers for Disease Control and Prevention: Wash your hands.

“It's ‘wash your hands' with your computer, too,” Barrett said. “Do good hygiene with your computer.”

https://www.c4isrnet.com/it-networks/2020/04/21/for-the-navys-hospital-ships-networking-is-yet-another-challenge/

On the same subject

  • NATO drone surveillance hours surge amid growing appetite for intel

    May 8, 2024 | International, Aerospace

    NATO drone surveillance hours surge amid growing appetite for intel

    “The North Atlantic security environment is under threat,” said Scott Bray, the assistant secretary general for intelligence and security.

  • No stealth? No problem ― Eurofighter makes its pitch against F-35 in Berlin

    April 26, 2018 | International, Aerospace

    No stealth? No problem ― Eurofighter makes its pitch against F-35 in Berlin

    By: Sebastian Sprenger BERLIN ― Eurofighter officials are downplaying the F-35 fighter′s stealth capability at the Berlin Air Show, positing that the consortium's non-stealthy Typhoon still beats out the American competition in the race to replace Germany's Tornado fleet. “Stealth is only 10 percent of the capability mix,” Eurofighter marketing chief Raffael Klaschke told Defense News on Wednesday. “We're still better at the other 90 percent,” he argued, referring to the aircraft's combat capabilities. While the company could rest easy with the German Defence Ministry's recent proclamation that the Eurofighter is the preferred path for the upcoming multibillion-dollar Tornado-replacement program, Lockheed Martin's massive showing at the air show may have some officials nervous. Eurofighter CEO Volker Paltzo doubled down on the argument that the Typhoon would guarantee continued vibrancy in the European military aircraft market. “I want to underscore that every euro spent on Eurofighter within Europe stays in Europe,” he told reporters. Executives also stressed that the European aircraft would come free of any “black boxes,” a reference to the expectation that all technological and operational details would be owned by Europeans, which may not be the case with the F-35. F-35 advocates have touted the fifth-generation aircraft's stealth and other advanced capabilities for deep-strike and standoff combat, and there are some in Germany, especially in the Air Force, who believe that European technology simply cannot compare. At the same time, whatever follow-on aircraft Berlin chooses for its 90-strong Tornado fleet is only expected to be a bridge toward a brand-new development, raising the question of whether a costly acquisition of the U.S. planes would be a worthwhile investment. Klaschke described stealth as a “niche capability,” adding with a nod to the F-35′s competition: “We're not scared.” Officials were less willing to discuss the expected nuclear-weapons capability of the Eurofighter, which it would pick up from the Tornado. Paltzo pointed to “confidentiality” in discussing the topic, referring to the Defence Ministry for information. What is clear, however, is that the Eurofighter will be able to carry forward Germany's pledge to deploy U.S. atomic arms at the behest of NATO, according to Paltzo. And while the U.S. Defense Department must certify the aircraft-weapon pairing, the CEO said he does not expect America to influence the fighter decision toward its own industry's product. “This is a subject where we would not expect leverage by the U.S. over the Eurofighter,” Paltzo said. https://www.defensenews.com/industry/2018/04/25/no-stealth-no-problem-eurofighter-makes-its-pitch-against-f-35-in-berlin/

  • DoD and Australia ink first-ever cyber training partnership

    December 9, 2020 | International, C4ISR, Security

    DoD and Australia ink first-ever cyber training partnership

    Mark Pomerleau WASHINGTON — The U.S. military and Australia announced a first-of-its-kind agreement to develop a virtual cyber training range together. U.S. Cyber Command will incorporate Australian Defence Force feedback into the Persistent Cyber Training Environment (PCTE), per a Cyber Training Capabilities Project Arrangement signed Nov. 3. This agreement is valued at $215.19 million over six years and provides the flexibility to develop cyber training capabilities for the future, Cyber Command said in a release Dec. 4. PCTE is an online client that allows Cyber Command's warriors to log on from anywhere in the world to conduct individual or collective cyber training and mission rehearsal. In the physical world, military forces regularly go to a training facility, such as the National Training Center at Fort Irwin, to work on particular concepts or rehearse before deploying. But a robust environment has not existed for the Department of Defense's cyber warriors, creating readiness gaps. The program is run by the Army on behalf of the joint cyber force. “Australia and the U.S. have a strong history of working together to develop our cyber capabilities and train our people to fight and win in cyberspace,” said Australian Army Maj. Gen. Marcus Thompson, the Australian signatory and head of Information Warfare for the Australian Defence Force. “This arrangement will be an important part of the ADF's training program, and we look forward to the mutual benefits it will bring.” In the past, the two countries created cyber training ranges separately, which could take months and stymied cooperation efforts, Cyber Command noted. U.S. officials have long held that the military will never fight alone, and this extends to cyberspace. “This project arrangement is a milestone for U.S.-Australian cooperation. It is the first cyber-only arrangement established between the U.S. Army and an allied nation, which highlights the value of Australia's partnership in the simulated training domain,” said Elizabeth Wilson, U.S. signatory and Deputy Assistant Secretary of the Army for Defense Exports and Cooperation. “To counter known and potential adversarial threats, the Army has recalibrated our strategic thinking; we've made smart decisions to refocus our efforts to invest in the new, emerging and smart technologies that will strengthen our ability to fight and win our nation's wars.” Gen. Paul Nakasone, head of Cyber Command and the National Security Agency, has made partnerships — with other nations, private sector actors and academia — a key pillar of his tenure. Cyber Command has deployed personnel to other nations to conduct what it calls hunt forward missions, which serve the dual role of helping shore up defenses of partners while allowing U.S. cyber personnel to potentially uncover tools used by adversaries to better understand their techniques. Congress, in the annual defense policy bill for fiscal 2021, also authorized a pilot program with Vietnam — which many cyber experts assert is rapidly growing its cyber capabilities — Thailand and Indonesia to enhance their cybersecurity, resilience and readiness of military forces. https://www.c4isrnet.com/cyber/2020/12/04/dod-and-australia-ink-first-ever-cyber-training-partnership/

All news