Home » Budget Industry » NAVSEA: Submarines Control Systems are at Risk for Cyber Attack

NAVSEA: Submarines Control Systems are at Risk for Cyber Attack

Virginia-class attack boat North Dakota during recent sea trials. US Navy Photo

Virginia-class attack boat North Dakota during recent sea trials. US Navy Photo

This story has been updated from a previous post to amend comments made by Naval Sea Systems commander, Vice Adm. William Hilarides, based on new information provided to USNI News in an interview subsequent to this posting. The revised information can be found in brackets behind the original text.

The head of Naval Sea Systems Command (NAVSEA) warned that the U.S. Navy will have to
ramp up its cyber-security efforts to secure the controls systems of its submarines.

“It is the threat to our control systems,” Vice Adm. William Hilarides, commander of NAVSEA, told an audience at the Naval Submarine League Symposium in Falls Church, Va. on Wednesday.
“We’re just now starting to hear the inklings of it.”

There are little noticed cyber vulnerabilities on nuclear attack submarines like the Virginia-class boats that are slowly becoming the mainstay of the Navy’s undersea fleet, Hilarides said. One example of that is the Virginia-class boat’s backup Caterpillar-built diesel engine, he said.

Specifically, the problem is a computer chip that helps control that engine—a chip that runs on Microsoft Windows XP, Hilarides said.

That chip is connected into the rest of the vessel so that the data can be displayed in other parts of the submarine, he said. That means that chip is connected to the submarines machinery control system.

[In a November interview, Hilarides said he was wrong in his understanding of the security threat to Caterpillar’s backup diesel control systems. 
“I should not have used that company’s name and pointed that there was a specific weakness in our system. As it turns out, Caterpillar has some of the most secure control systems on the planet,” he told USNI News].

But it goes beyond that, Hilarides said, the data from the chip sent off board the submarine to maintenance crews at a warfare center. The problem is that the data is automatically shared via an unclassified network, Hilarides said, which renders that chip on the diesel engine as a point of vulnerability for the multi-billion dollar warship. A hacker could attack that network and gain access to the submarine’s systems and cause chaos.

Hilarides pointed out that while crashing a submarine or warship’s information technology systems can be a nuisance, attacking critical systems like a ship’s gas turbines or a nuclear reactor could have catastrophic results.

The Navy can do a few things quickly to provide “reasonable security” to those sorts of systems, but ultimately ships and submarines need to be built with cyber-security in mind right from the outset, Hilarides said. “We’ve opened a new era of warfare and it ain’t going back in the tube,” he said. “We’re got some work to do.”

  • Marcd30319

    This was part of last’s 24 series that terrorist hacked into, aming other things, the comms system of a nuclear submarine which ordered it to sink a Chinese aircraft carrier.

  • Rob C.

    Hopefully, they’ll be able update or create a more robust software chip to handle the ship systems. I can see why there were elements of resistance against Microsoft’s change over from XP and dropping support for it.

  • KenPrescott

    That’s the problem with embedded systems: firmware all to often is congealed software, with all of the vulnerabilities baked into hardware for all time.