Back to news

April 22, 2020 | International, Naval, C4ISR

For the Navy’s hospital ships, networking is yet another challenge

Andrew Eversden

When the Navy hospital ship Comfort deployed to Haiti in 2010 following devastating earthquakes, media organizations broadcasting in the area ate up so much satellite bandwidth that the ship had to revert to paper processes and adjust its satellite communications for some ship-to-shore messaging.

While the outages weren't a widespread issue, said Sean Kelley, who served as the ship's top IT officer at the time, the problem highlighted a challenge these ships face: broadband.

Now, the hospital ships Mercy and Comfort are deployed to Los Angeles and New York, respectively, and are in the national spotlight as symbols of the coronavirus pandemic relief effort. But security and IT experts say the ships' mission presents the Navy with distinct networking problems, from cybersecurity to network connection for patients.

Onboard devices

When disaster strikes, the Navy's hospital ships deploy in a matter of days, mobilizing with a crew of about 100-1,200 personnel. But the influx of staff also leads to an incursion of devices, all of which must be secure and require bandwidth.

“You have a lot of different people going to a lot of different places that now have to be acclimated to this environment,” said Kelley, now executive vice president at Unissant, an IT and cybersecurity company. “So that's really one of the biggest challenges, is getting all those things turned on, all those things activated, making sure that they are all compliant with the latest patches and fixes, and making sure they're good.”

This process can be a “nightmare,” said retired Rear Adm. Danelle Barrett, former deputy chief information officer of the Navy and cybersecurity division director.

“The challenging part is always in the first couple days whenever this happens,” said Barrett, who oversaw communications and cyberspace for Operation Unified Response, the U.S. military's mission in Haiti following the 2010 earthquake. “The team is coalescing about how they want to operate, and they're getting their feet wet, getting new accounts on networks ... [getting] their logins.”

Cybersecurity aboard the ships is also complex. Both ships have 1,000 beds, 12 operating rooms, blood banks, labs, medical devices and a multitude of other “internet of things” devices connected to hospital beds. According to a 2018 survey by health care IoT security company Zingbox, each bed can have as many as 10-15 IoT devices.

“They have to be cyber-ready, or the mission of the Mercy is considered [degraded],” said Dean Hullings, global defense solutions strategist at Forescout, which handles Comply to Connect — a Defense Department framework created to ensure the cybersecurity of new devices — for the USNS Mercy.

Ensuring connectivity

For the devices to function, they need connectivity. When the ships arrived in ports in late March, technology firm CenturyLink “donated” connectivity to the Mercy, while Verizon provided connectivity to the Comfort.

Former and current Navy officials told C4ISRNET that adequate broadband is the most challenging IT consideration faced by these ships.

“Obviously you're going to be transferring imagery of X-rays or things like that that are more dense and require a ... higher data rate, so that bandwidth in port is important,” Barrett said.

And with the introduction of patients, bandwidth needs become more complex.

“The greatest communications challenge we are going to face during this deployment is the increased need for patients to communicate off the ship during their stay,” Tom Van Leunen, a spokesman for Military Sealift Command, told C4ISRNET. “Our hospital ships are designed to support official communication for the ship's crew and embarked medical community to complete their job. Adding a capability for patients to reach loved ones increases the risk of saturating the bandwidth off the ship.”

Aboard both ships, the Navy doubled the bandwidth, he said, adding that Navy personnel also set up separate networks for patients' communications.

While this solves one networking problem, it can also create an increased cybersecurity risk.

Securing the ships

Cybersecurity on the hospital ships follows the same standard practices as the rest of the Navy fleet. Since those aboard are largely Navy medical staff and personnel, they know what activities are acceptable on the network, Barrett said.

“You can't just go and plug anything into that network because of potential vulnerabilities that that system may bring that could affect not just the ship, but remember, the ship is then connected to the rest of the [Department of Defense Information Network],” Barrett said. “So risk by one is shared by all.”

ForeScout's Hullings said a hospital environment “epitomizes” why the Comply to Connect program is necessary. The ship has desktops, servers, routers, printers and other networks equipment, as well as mobile devices, such as tablets, that health care providers use to track patient care.

“The truly unique stuff is the mission systems of the hospital, like X-ray machines, MRI machines, the beds themselves in the post-operative recovery rooms, that are all sensors. And they are all passing data. They have to be protected,” Hullings said.

A spokesperson for the Navy told C4ISRNET that the ships are prepared for the cybersecurity challenges associated with their missions, but declined to address what additional cybersecurity challenges are introduced with the addition of private citizens.

“These ships have routinely deployed in humanitarian assistance missions such as Pacific Partnership (USNS Mercy) and Continuing Promise (USNS Comfort) that required them to operate in partner nation ports, with foreign national patients being brought to and from the ship,” said Cmdr. Dave Benham, a spokesman for the Navy's 10th Fleet. “In all operating locations, we take appropriate precautions to keep our networks secure, and we do not discuss specific measures in order to protect operational security.”

Cybersecurity on the hospital ships follow the same protocols as any other Military Sealift Command ship, said Benham.

“Protecting our networks is a continuous challenge, and the overarching concern is to ensure that the right information gets to the right place at the right time with the right level of protection,” he explained.

Cybersecurity aboard the hospital ships follow similar efforts to those recommendations made by the Centers for Disease Control and Prevention: Wash your hands.

“It's ‘wash your hands' with your computer, too,” Barrett said. “Do good hygiene with your computer.”

On the same subject

  • US Army’s new all-domain sensing team to wrangle sensor architecture

    March 26, 2024 | International, Land

    US Army’s new all-domain sensing team to wrangle sensor architecture

    The Army's All-Domain Sensing Cross-Functional Team will focus on the challenge of building an architecture of sensors that can rapidly distribute data.

  • Produire local, passage obligé des entreprises partant à l'international

    November 29, 2019 | International, Other Defence

    Produire local, passage obligé des entreprises partant à l'international

    Grandes et petites entreprises doivent se plier aux exigences croissantes des États de produire sur place une partie de leurs gros contrats. Y compris Dassault Aviation pour vendre son Rafale en Inde. Enquête. Difficile d'y échapper. Les exigences de compensations industrielles, ou offsets, occupent une place croissante dans la négociation des grands contrats. Elles sont presque autant l'apanage de pays émergents, qui cherchent à accélérer la montée en gamme de leur industrie domestique, que de pays développés. Dans le seul secteur de la défense, le montant global des offsets a progressé de 25 % entre 2012 et 2016, pour représenter près de 2,5 % des dépenses militaires. Pour décrocher le contrat de 36 avions Rafale en Inde, Dassault a dû s'engager à réinvestir 50 % de sa valeur dans le pays, sous forme de fabrication locale et d'approvisionnement auprès de sous-traitants indiens. Il a ouvert un site pour produire ses avions d'affaires Falcon et le Rafale avec l'indien Reliance. DCNS a consenti à transférer une partie de sa production et de ses compétences en Australie, dans le cadre du "contrat du siècle" de 12 sous-marins. Politique du "make in India" en Inde, "Buy american act" aux États-Unis, droits de douane exorbitants sur les importations de véhicules pour forcer les constructeurs à réaliser l'assemblage sur place... Au-delà de la défense et de l'aéronautique, le parapétrolier, le ferroviaire et la filière nucléaire font aussi face à des contraintes similaires, plus ou moins structurées. "La plupart des nouveaux contrats en Afrique prennent en compte la volonté de transférer des équipes et de produire localement ", remarque Pedro Novo, le directeur de l'international de Bpifrance. Accompagner les PME et les ETI "Les compensations industrielles étaient auparavant supportées par les seuls intégrateurs. Mais à mesure qu'elles augmentent et que les grands groupes externalisent davantage, elles descendent de plus en plus dans la supply chain", pointe Philippe Advani, un ancien d'Airbus, qui préside le comité sur les offsets des conseillers du commerce extérieur. Avec le groupement des industries françaises aéronautiques et spatiales (Gifas), il a publié en juillet un guide pour aider ETI et PME à naviguer dans les contraintes de transfert de savoir-faire ou de production – souvent complexes – fixées par les gouvernements. Pour les sous-traitants, l'opération n'est pas sans risque. En Inde, le spécialiste de l'ingénierie aéronautique Ametra, qui emploie 700 salariés, a sauté le pas l'an passé en créant une coentreprise avec un partenaire indien à Hyderabad, dans le sud du pays. "Cela demande du cash, et un pillage de propriété intellectuelle peut être plus dramatique pour une petite entreprise", reconnaît Philippe Advani. "Devenir indien en Inde, par exemple, implique d'accélérer la structuration de sa société, de revoir la logistique et la gestion des flux de données, d'impliquer le conseil d'administration. Il faut un accompagnement pour mettre ces contraintes à la portée des PME", énumère Pedro Novo, qui a lancé il y a un an le fonds Build-up International afin de co-investir dans des filiales à l'étranger d'ETI françaises et étudie une vingtaine de dossiers. Certains ont fait de ces contraintes un nouvel axe de leur stratégie. Depuis deux ans, le fabricant de c'ble marnais Axon'Cable surveille les obligations de compensations industrielles des grands contrats militaires pour implanter ses nouvelles usines. "Il est plus facile de vendre à nos grands clients car ils ne trouvent pas leurs fournisseurs habituels et nous en profitons pour démarcher des industriels locaux", pointe son président, Joseph Puzo, qui a ouvert en 2016 une filiale au Brésil et prépare un bureau en Australie pour 2020. L'ETI, qui possède déjà une usine low cost en Inde, a créé en début d'année une deuxième coentreprise, Dhruv, avec un partenaire local, afin d'obtenir le statut d'"offset indien partner", qui permet de répondre aux demandes de compensation industrielle. Produire localement ne supprime pas pour autant tous les échanges. Seul l'assemblage final est réalisé à proximité du client. Les composants les plus sensibles restent exportés depuis la France. Le meilleur moyen de protéger ses innovations. Latécoère suit Thales et Dassault en Inde S'implanter en Inde ne faisait pas partie des plans initiaux de Latécoère. "Je savais que l'Inde était un pays compliqué et bureaucratique. Nous serions certainement allés dans un autre pays d'Asie s'il n'y avait pas eu les contreparties du contrat Rafale", reconnaît volontiers Yannick Assouad, la PDG de l'équipementier aéronautique. Son usine de c'blage de Belagavi, dans l'État du Karnataka, a démarré sa production en septembre. Pour vendre ses 36 avions de combat, Dassault a dû s'engager à des compensations industrielles, dont l'ouverture d'un site à Nagpur, dans l'État du Maharashtra, pour produire des pièces pour le Rafale et le Falcon. En 2017, Latécoère a décroché auprès de Dassault la fourniture de harnais électriques pour le Falcon 2000 en s'engageant à suivre l'avionneur en Inde. "Se localiser dans un pays d'offset n'était pas suffisant pour remporter le contrat car il faut avant tout être compétitif. Mais c'était la cerise sur le g'teau", reconnaît Yannick Assouad. Dans la foulée, sa nouvelle usine indienne a permis à l'ETI de décrocher un deuxième contrat auprès de Thales, lui aussi tenu à des offsets, pour son système de divertissement à bord. De quoi atteindre plus vite que prévu le seuil de rentabilité de l'usine de 300 salariés. En attendant que Dassault implante sa chaîne d'assemblage du Falcon en Inde, Latécoère exporte toute sa production indienne vers la France et les États-Unis pour Thales et se fournit en France. "Nous allons progressivement démarcher des clients locaux et essayer d'évaluer la supply chain", précise la PDG.

  • DIA announces winners in massive intelligence technology contract

    September 19, 2018 | International, C4ISR

    DIA announces winners in massive intelligence technology contract

    By: Brandon Knapp The Defense Intelligence Agency (DIA) awarded spots on a contract worth up to $500 million to eight defense companies and one research organization as part of the agency's effort to buy research, development, technical, and engineering services for intelligence missions, according to an announcement from the Department of Defense Sept. 14. DIA selected AT&T, Booz Allen Hamilton, Harris Corp., KeyW Corp., Leidos Inc., Lockheed Martin Corp., Macaulay-Brown Inc., Northrop Grumman Corp., and Southwest Research Institute for the procurement program, known as HELIOS. The companies won five year contracts that include five additional one-year options. The award winners will have multiple opportunities to compete for task orders on the indefinite delivery / indefinite quantity contract in support of DIA Directorate for Science & Technology missions. Unclassified documents released in 2017 describe in part the scope of HELIOS as offering support services for “sensor technology focus areas including Measurement and Signature Intelligence” as well as “cross-cutting technology areas such as unattended remote sensing, robotics...and data processing, exploitation and dissemination.” Mission areas for HELIOS include space situational awareness, foreign counter space threats, the Internet of Things, data exfiltration, and rapid prototyping. The Virginia Contracting Activity received nine responses to their original open solicitation posted in Dec. 2016. All nine solicitors received a contract with a minimum award of $10,000. The HELIOS program has an estimated completion date of September 2028.

All news