The United States Navy has announced it is currently working on developing a new system aimed at protecting its ships from pervasive Internet attacks, often leading to network spying and confidential data theft. Codenamed the Resilient Hull, Mechanical, and Electrical Security (RHIMES) system, the Office of Naval Research (ONR) revealed the enhanced security system is designed to make its shipboard mechanical and electrical control systems resilient to cyber attacks. “The purpose of RHIMES is to enable us to fight through a cyber attack,” said Chief of Naval Research Rear Adm. Mat Winter. “This technology will help the Navy protect its shipboard physical systems, but it may also have important applications to protecting our nation’s physical infrastructure,” added Adm. Winter. According to Dr. Ryan Craven, a program officer at the ONR’s cyber security division, RHIMES would also prevent hackers from disabling or taking control of programmable logic controllers – the hardware components that interface with physical systems on the ship. Craven explained: "Some examples of the types of shipboard systems that RHIMES is looking to protect include damage control and firefighting, anchoring, climate control, electric power, hydraulics, steering and engine control." Furthermore, Craven noted the system depends on advanced cyber resiliency techniques to introduce diversity and stop entire classes of attacks at once. “Most physical controllers have redundant backups in place that have the same core programming,” said Craven.
“In the event of a cyber attack, RHIMES makes it so that a different hack is required to exploit each controller. The same exact exploit can’t be used against more than one controller.”
The US Navy stated this latest development aligns with higher level strategic guidance to protect against cyber threats, such as “Cyber Power 2020” – an initiative to achieving the Navy’s vision for cyberspace operations. However, the ONR points out the technology may offer benefits outside of the naval service. "Vulnerabilities exist wherever computing intersects with the physical world, such as in factories, cars and aircraft," Craven said, "and these vulnerabilities could potentially benefit from the same techniques for cyber resilience." The announcement comes in the wake of the recent revelation that the hack of the Office of Personnel Management’s (OPM) systems earlier this year also involved the compromise of more than 5.5 million fingerprints, in additional to Social Security numbers, employment history, financial records and other personal data.
