22 avril 2020 | International, Naval, C4ISR
Andrew Eversden
When the Navy hospital ship Comfort deployed to Haiti in 2010 following devastating earthquakes, media organizations broadcasting in the area ate up so much satellite bandwidth that the ship had to revert to paper processes and adjust its satellite communications for some ship-to-shore messaging.
While the outages weren't a widespread issue, said Sean Kelley, who served as the ship's top IT officer at the time, the problem highlighted a challenge these ships face: broadband.
Now, the hospital ships Mercy and Comfort are deployed to Los Angeles and New York, respectively, and are in the national spotlight as symbols of the coronavirus pandemic relief effort. But security and IT experts say the ships' mission presents the Navy with distinct networking problems, from cybersecurity to network connection for patients.
Onboard devices
When disaster strikes, the Navy's hospital ships deploy in a matter of days, mobilizing with a crew of about 100-1,200 personnel. But the influx of staff also leads to an incursion of devices, all of which must be secure and require bandwidth.
“You have a lot of different people going to a lot of different places that now have to be acclimated to this environment,” said Kelley, now executive vice president at Unissant, an IT and cybersecurity company. “So that's really one of the biggest challenges, is getting all those things turned on, all those things activated, making sure that they are all compliant with the latest patches and fixes, and making sure they're good.”
This process can be a “nightmare,” said retired Rear Adm. Danelle Barrett, former deputy chief information officer of the Navy and cybersecurity division director.
“The challenging part is always in the first couple days whenever this happens,” said Barrett, who oversaw communications and cyberspace for Operation Unified Response, the U.S. military's mission in Haiti following the 2010 earthquake. “The team is coalescing about how they want to operate, and they're getting their feet wet, getting new accounts on networks ... [getting] their logins.”
Cybersecurity aboard the ships is also complex. Both ships have 1,000 beds, 12 operating rooms, blood banks, labs, medical devices and a multitude of other “internet of things” devices connected to hospital beds. According to a 2018 survey by health care IoT security company Zingbox, each bed can have as many as 10-15 IoT devices.
“They have to be cyber-ready, or the mission of the Mercy is considered [degraded],” said Dean Hullings, global defense solutions strategist at Forescout, which handles Comply to Connect — a Defense Department framework created to ensure the cybersecurity of new devices — for the USNS Mercy.
Ensuring connectivity
For the devices to function, they need connectivity. When the ships arrived in ports in late March, technology firm CenturyLink “donated” connectivity to the Mercy, while Verizon provided connectivity to the Comfort.
Former and current Navy officials told C4ISRNET that adequate broadband is the most challenging IT consideration faced by these ships.
“Obviously you're going to be transferring imagery of X-rays or things like that that are more dense and require a ... higher data rate, so that bandwidth in port is important,” Barrett said.
And with the introduction of patients, bandwidth needs become more complex.
“The greatest communications challenge we are going to face during this deployment is the increased need for patients to communicate off the ship during their stay,” Tom Van Leunen, a spokesman for Military Sealift Command, told C4ISRNET. “Our hospital ships are designed to support official communication for the ship's crew and embarked medical community to complete their job. Adding a capability for patients to reach loved ones increases the risk of saturating the bandwidth off the ship.”
Aboard both ships, the Navy doubled the bandwidth, he said, adding that Navy personnel also set up separate networks for patients' communications.
While this solves one networking problem, it can also create an increased cybersecurity risk.
Securing the ships
Cybersecurity on the hospital ships follows the same standard practices as the rest of the Navy fleet. Since those aboard are largely Navy medical staff and personnel, they know what activities are acceptable on the network, Barrett said.
“You can't just go and plug anything into that network because of potential vulnerabilities that that system may bring that could affect not just the ship, but remember, the ship is then connected to the rest of the [Department of Defense Information Network],” Barrett said. “So risk by one is shared by all.”
ForeScout's Hullings said a hospital environment “epitomizes” why the Comply to Connect program is necessary. The ship has desktops, servers, routers, printers and other networks equipment, as well as mobile devices, such as tablets, that health care providers use to track patient care.
“The truly unique stuff is the mission systems of the hospital, like X-ray machines, MRI machines, the beds themselves in the post-operative recovery rooms, that are all sensors. And they are all passing data. They have to be protected,” Hullings said.
A spokesperson for the Navy told C4ISRNET that the ships are prepared for the cybersecurity challenges associated with their missions, but declined to address what additional cybersecurity challenges are introduced with the addition of private citizens.
“These ships have routinely deployed in humanitarian assistance missions such as Pacific Partnership (USNS Mercy) and Continuing Promise (USNS Comfort) that required them to operate in partner nation ports, with foreign national patients being brought to and from the ship,” said Cmdr. Dave Benham, a spokesman for the Navy's 10th Fleet. “In all operating locations, we take appropriate precautions to keep our networks secure, and we do not discuss specific measures in order to protect operational security.”
Cybersecurity on the hospital ships follow the same protocols as any other Military Sealift Command ship, said Benham.
“Protecting our networks is a continuous challenge, and the overarching concern is to ensure that the right information gets to the right place at the right time with the right level of protection,” he explained.
Cybersecurity aboard the hospital ships follow similar efforts to those recommendations made by the Centers for Disease Control and Prevention: Wash your hands.
“It's ‘wash your hands' with your computer, too,” Barrett said. “Do good hygiene with your computer.”
13 octobre 2024 | International, Aérospatial
The Space Force offered a rare glimpse into the X-37B’s latest endeavor, revealing that the spaceplane will conduct an aerobraking maneuver.
29 octobre 2019 | International, Naval
By: David B. Larter WASHINGTON — Submarine building, the pride of the U.S. Navy's shipbuilding efforts over the past decade, is facing a mountain of uncertainty, a point underscored by the replacement of senior members of General Dynamics leadership, compounding delays with construction of the Virginia-class submarine and nagging questions about the quality of the work after a high-profile welding issue threatened to trip up the Columbia-class ballistic missile sub program at the starting line. Adding to the uncertainty for General Dynamics, which operates the Electric Boat shipyard in Connecticut, are indications that profits from constructing Virginia-class subs may be slipping. And challenges in training new workers in the complex world of building subs as well as concerns that the Columbia program might negatively affect General Dynamics' bottom line are impacting General Dynamics' partner yard Huntington Ingalls Industries in Newport News, Virginia, as well as the U.S. Navy. Furthermore, a contract for the significantly larger Block V Virginia-class submarine, expected to be one of the largest in the Navy's history, has been repeatedly delayed amid disputes over labor rates, sources told Defense News. That contract is more than a year past due, according to Navy budget documents. In September, General Dynamics pushed out Electric Boat President Jeffrey Geiger. Industry and Navy sources, speaking on the condition of anonymity, said Geiger's replacement was the culmination of mounting frustration on the part of the Navy. That came to a head when quality control issues surfaced with missile tubes in production destined for the Virginia Payload Module, Columbia-class subs and the United Kingdom's replacement ballistic missile sub. Geiger's ouster came on the heals of General Dynamics replacing long-time executive John Casey as head of the Marine Systems division when he retired earlier this year. The shakeup, delays and lingering issues put the Navy and the submarine-building enterprise at a crossroads. It's clear that the Navy's efforts to ramp up production of its Virginia-class attack boats ahead of Columbia have encountered myriad issues and delays. But while delays may be acceptable for the Virginia program, the interconnected nature of submarine building means those delays could eek into a program that the Navy has for years insisted cannot be delayed any further: the replacement of its aging Ohio-class ballistic missile subs, part of the nuclear deterrent triad. The Navy has said Columbia must be ready for its first patrol in 2031 to ensure the nation doesn't fall below a dangerous threshold where retiring Ohio-class submarines leaving the country without an adequate number of boats to execute its deterrent strategy. But to head that off, the Navy may have reduce its expectations of the industrial base's capacity to build submarines, said Bryan Clark, a senior fellow at the Center for Strategic and Budgetary Assessments think tank and a retired submarine officer. “The Navy is going to have to reduce its appetite for submarine capacity while it gets the construction process in a better position,” he said. “All of the things we have seen in the past year in the submarine-building enterprise are the results of the ramped-up production levels and the challenges that EB [Electric Boat] faces in hiring more workers up in Connecticut. “They've been growing capacity, investing in infrastructure; they're trying to hire a bunch of workers and design engineers. [But] there just isn't a large workforce of those kinds of people up there as opposed to in Hampton Roads or the Gulf Coast. So there are a lot of challenges in ramping up production to [increase] Virginia-class production and, in addition, starting Columbia and beginning the Virginia Payload Module-equipped Virginias, which is a 30 percent larger submarine.” A bridge to Columbia In March, Defense News reported that all the Virginia-class submarines under construction were between four and seven months behind schedule. Naval Sea Systems Command pointed to the cumulative effect of ramping up to building two Virginia-class submarines per year. In a statement, the service's top acquisition official said the Navy was continuing to confront material, labor and shipyard infrastructure issues. Labor issues in particular hit the Newport News yard, which told investors in a recent earnings call that profits had slipped by about 23 percent on the Virginia sub building because of delays associated with labor issues. In the face of the mounting issues, the Navy should be willing to make difficult choices to get back on an even footing, Clark said. “Are we going to make some tough choices and dial back submarine construction deliberately to make sure we can get Columbia started correctly?” he asked. “And that means maybe we slow down Virginia, maybe we go to one per year for at least a couple of years to catch up.” Clark said the Navy should continue to fund two submarines per year but should expect that they will take longer to build while General Dynamics and Newport News stabilize their labor and parts issues. Paring back submarine production is a tough pill to swallow for the Navy, as it's been fighting for years to prevent a shortfall of attack submarines in the coming decade. The Navy expects its inventory of attack boats to drop from 52 to 42 by the late 2020s as Cold War-era Los Angeles-class attack subs retire. Furthermore, there's the question of whether scaling back production might invite a funding cut, which could make matters worse. The supplier and labor issues, after all, primarily stem from the 1990s when the Navy all but stopped buying submarines, which resulted in a contraction of the number of businesses that built submarine parts and a loss in skilled laborers who knew how to build them. Less funding would likely have a detrimental effect on sub-building efforts, said Bill Greenwalt, a former Senate Armed Services Committee staffer. “Under our current budget and appropriations process, slowing down — which likely implies cutting program funding — would exacerbate industrial base problems as it already has in the past due to lack of program demand,” Greenwalt said. “Congress and the Navy need to be prepared for industrial base surprises and seriously face the past problem of the underfunding of naval shipbuilding.” “A flexible schedule and more realistic and flexible funding mechanisms will be needed to meet whatever industrial base challenges ... will inevitably arise,” he added. “In the near term we may even need to look at some of our allies' capabilities to meet shortfalls and help us keep on schedule until we rebuild U.S. capacity.” Greenwalt's view tracks with that of General Dynamics, according to a source with knowledge of the company's thinking on the difficulties it has faced. The company considers ramping up production on the Virginia-class sub as essential to building a sufficient labor force and supplier capacity so the resources are available to build Columbia class on schedule, the source said. ‘Two-hump camel' The Navy's top acquisition official, James Geurts, has similarly described the issue. On the possibility of building a third Virginia-class submarine in 2023, Geurts told the House Armed Services Committee's sea power panel in March that it would benefit the Columbia-building effort. “We can get some of the additional workforce trained up, get some more of the supplier base and get some of the supplier builds out of the way before Columbia gets here,” he said. Officials everywhere seem to agree that the labor force is the most critical factor when it comes to getting submarine building on track. In an exit interview with Defense News in August, outgoing Chief of Naval Operations Adm. John Richardson said turnover at shipyards was a challenge but also an exciting chance to build a new generation of skilled labor. “We're asking a lot of the submarine industrial base right now to continue with Virginia, two to three per year including that payload module, and deliver Columbia,” Richardson said. “And the workforce is going through a transformation. “The people who built and delivered the Virginia program, the Los Angeles program and Seawolf — those folks are retiring. We used to have this two-hump camel in terms of the demographics of the shipyard: You had the Cold Warriors and you had the post-9/11 folks. And that Cold War hump is gone. And I think that although it's going through some friction right now, it's really inculcating, indoctrinating and educating a brand-new workforce.” Richardson also sounded a note of warning about work quality, saying that the managers overseeing the work for the submarine-building enterprise must be on top of their jobs. “We've had some welding issues: We've got to be on that,” he said. “[It's] a lot closer oversight as we educate this new team.” Clarification: The story has been updated to better reflect the arguments surrounding the future of submarine building. https://www.defensenews.com/naval/2019/10/28/after-a-leadership-shakeup-at-general-dynamics-a-murky-future-for-submarine-building/
17 juin 2019 | International, Sécurité, Autre défense
By: Mark Pomerleau Contractors, facing an increasing barrage of cyber intrusions by foreign entities, should protect themselves using traditional regulatory approaches but also new techniques such as blockchain and artificial intelligence, according to a new report from Deloitte. As companies in the defense supply chain began following the Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity regulations and the Department of Defense started to assess how adoption went, “we started to form our own ideas on what we see as emerging issues and solutions that [can] ... improve the cybersecurity posture against our enemies,” Jeff Lucy, managing director in cyber risk services practice at Deloitte, told Fifth Domain. On the regulatory side, the report, titled “Third-party risk management: Cybersecurity in the Defense Industrial Base,” says prime contractors must comply with the defense regulations measuring their companies' compliance with national cybersecurity standards. They should also create awareness among their subcontractors and smaller companies by providing training. Third, primes should create third party assessment programs for performing cybersecurity evaluations of their suppliers. However, the paper also suggests non-regulatory approaches, including automating supply chain functions, integrating blockchain to boost cybersecurity and using artificial intelligence to gain real time visibility into the threat landscape. Lucy noted that the Pentagon is beginning to take these regulations seriously and the problems aren't going away. “In 2019 we've seen that the DoD has started to move forward, start to take action to enforce their expectations around the DFARS requirements,” he said. “It's clear now with the steps that we're seeing with [Undersecretary of Defense for Acquisition and Sustainment] Ellen Lord getting the [Defense Contract Management Agency] on board to start auditing the suppliers processes for assessing their suppliers.” Cyber intrusions into the supply chains of defense contractors have become more prevalent in recent years. In a recent example, the Chinese government was blamed for a series of hacks and while the information they stole was not technically classified, in aggregate, it was considered to be quite damaging to the U.S. This year's Department-wide annual report on Chinese military activity included a new section highlighting that China's exfiltration of sensitive military information from the defense industrial base could allow it to gain a military advantage. Ultimately, Lucy said the solution to the supply chain and cybersecurity for the defense industrial base is manageable. “Most primes, from what I've seen with interactions with our customers, have put some level of the basic elements for a supplier assessment program in place already,” he said. “They've done some level of canvassing their suppliers, critical suppliers, taking a risk based approach to understand whether their suppliers are in adopting” standards. https://www.fifthdomain.com/industry/2019/06/14/how-contractors-can-guard-against-cyber-intrusions/