Newsletter Sponsor:

Cyber security at sea is about more than just IT, and many navies are still missing the boat

Cyber security for navies requires a holistic approach, not just by baking it into system design, but also by taking into account operational technologies (OT) in addition to good old IT.

This fact is too often overlooked to a navy’s own detriment, but industry is now seeking to address this gap through comprehensive solutions, including targeted training.

Cyber security stats for navies are, understandably, classified. No fleet would like its adversaries to know where its systems’ vulnerabilities potentially lie.

Get on board on Fincantieri | Home Page

However, if related data for the commercial maritime sector is any indication of significant emerging gaps in cyber security, the facts speak for themselves: 75% of maritime professionals surveyed for newly published research by DNV believe OT security is a significantly higher priority for their organisation than it was two years ago.

Worryingly, only 33% are confident that their organisation’s OT cyber security is as strong as its IT security.

Such bias is the direct consequence of years spent focusing on the importance of protecting IT, ie software, hardware and communications systems used to process information, as defined in the Guidelines on Cyber Security Onboard Ships.

In a world where information superiority is a key advantage in any given theatre of operations, protecting data has become the ultimate challenge.

Yet, as Robert Anton Wilson once wrote: ‘We all see only that which we are trained to see.’

The reality is that ships are increasingly becoming connected systems of systems. The OT, that is the hardware and software used to monitor and operate physical devices and processes, is now also linked to IT through programmable logic controllers (PLCs) – which gather and process data from different onboard sensors in order to trigger (re)actions dependent on pre-determined parameters.

Attacks on OT systems can be carried out progressively, over a period of time. ‘This is easier, and stealthier, to do for an attacker because it can target separate systems that appear to be unrelated but which, over time, result in significant operational disruptions,’ a spokesperson for the French Navy specialised in cyber security, once explained to me.

The propulsion system is the most obvious target, but unfriendly actors can also attack all systems related to sustainment of the crew – even fridges – thus weakening the entire ship, which is only as good as its complement.

It is now time to train navies to see beyond the IT, and adopt a more comprehensive cyber security approach. Yet how can navies achieve such an ambitious objective even as they face recruitment issues and shortages of cyber security skills onboard?

The answer was obvious during this month’s SeaFuture trade show in La Spezia, where several companies clearly advertised their cyber security solutions – both for shore-based infrastructure and for vessels.

Above: Leonardo’s X-2030, seen here in a civilian application, can automatically correlate seemingly unconnected events to evaluate if there is a cyber threat. (Photo: Leonardo)

For onshore applications, Leonardo told Shephard that it has developed the X-2030 platform. Designed to be fitted in control rooms on military bases, this continuously monitors both IT and OT systems to deliver cyber-secure information superiority. Its advantage lies in the automatic correlation of seemingly disconnected events to raise alerts about potential cyber threats.

On board ships, there appears to be a significant emphasis on supporting the crew in the detection, identification, analysis of and response to cyber threats.

‘Crew operators are not typically aware about cyber risks and related technicalities,’ Marco Dri, head of maritime programmes at e-phors (part of Fincantieri NexTech, a cutting-edge technology subsidiary of the Italian group), told Shephard, ‘and as such it is critical to provide them with a system that helps make the right decisions at the right time.’

To this end, Fincantieri NexTech is working on a platform that provides an overview of all cyber security activity onboard – covering both IT and OT – and offers decision support. The platform suggests two potential courses of action when a potential cyber attack has been detected.

If an attack is detected on a non-critical system, the platform can take the appropriate course of action to isolate that system.

‘The same behaviour may be considered normal during maintenance operations but anomalous when the ship is deployed.’

If the attack is on a critical system, meanwhile, the platform can either require confirmation of a course of action or prompt the crew to carry out a manual check first.

‘Most importantly, for each suggested action the platform also presents the impact of each option on the ship’s operational availability and according to the current operational profile,’ Dri explained. ‘The same behaviour may be considered normal during maintenance operations but anomalous when the ship is deployed,’ he pointed out.

Still focusing on decision-making support and response automation, Gyala, an Italian company specialised in cyber security, has developed an all-in-one platform suitable for any type of device and operating system: AGGER.

‘As soon as AGGER is installed on board a ship, it is connected to all the ship's sensors and carries out a full scan of the ship’s systems to establish a baseline,’ Simona Piacenti, Gyala’s communications and marketing director, told Shephard.

On that basis, AGGER then leverages the military standard AI algorithm running at the core of its system to continuously run a cyber security diagnostic of both IT and OT systems.

If anything suspicious is detected, AGGER will automatically implement a commensurate countermeasure or alert crew members of the need to check on a system.

‘If the PLC that controls the engine has been shut down, AGGER will immediately respond by requesting the relevant manual safety actions for the physical devices before undertaking the restoration of the compromised system and therefore being able to restart the engine,’ Piacenti continued.

‘Because if the system has been hacked and is "lying", and if crew try to restart the engine, this could cause considerable damage, rendering the ship inoperable.’

AGGER also has a correlation module, which can link various small events in order to alert the crew if all these occurrences put together could qualify as a cyber attack. Lastly, AGGER’s risk management tool has been designed to run ‘what if’ scenarios. This module supports crew members in their decision-making according to the type of attack detected and the ship’s current operational profile.

Finally, although cyber security platforms seek to provide transparency and understandability to facilitate decision-making, the need to address the shortage of relevant skills remains an important tenet of any strategy. Both Leonardo’s Cyber & Security Academy and CY4GATE’s (part of the recently rebranded ELT Group) academy attest to industry efforts in supporting their clients on this front as well.

Germany now has a security strategy, but is its navy up to the task?

On 14 June, German Chancellor Olaf Scholz and his cabinet released the country’s first ever National Security Strategy (NSS). The fortuitous holding of the 2023 Kiel International Seapower Symposium (KISS23) the next day provided Shephard with fresh, firsthand reactions concerning the NSS’s implications for the German Navy.

The document should have been released in March, almost exactly a year after Scholz made his speech to announce the now famous Zeitenwende but was delayed multiple times.

And for good reasons. Because for a country that still carries many burdens related to World War II – referenced in the document itself – the exercise of creating a first ever NSS is no easy matter.

Above: The F126 is a significant future capability for the German Navy, but will be a long time coming. (Image: Damen)

As with many such strategies, the document itself contains little about the practical steps that should be taken to follow the path shown by its authors. Nonetheless it provides a very good overview of where the country’s thinking in terms of its geopolitical situation stands today.

There is a strong emphasis throughout the text on Germany’s commitment to security within the EU and the broader North Atlantic area. The document repeatedly refers to the fact that Germany is fully invested in NATO and will take the necessary steps to achieve its 2% share of GDP on military spending, as required by the alliance.

Beyond allies, the NSS also refers clearly to Germany’s relationship with its (potential) opponents. ‘Today’s Russia is for now the most significant threat to peace and security in the Euro-Atlantic area,’ the strategy states. In relation to China, it reflects the many conflicting views that have emerged in the past months within the EU: ‘China is a partner, competitor and systemic rival.’

Finally, the strategy rests on three key pillars: defending peace and freedom (strengthening the armed forces); resilience (ensuring food, energy and economic security, fostering technological innovation, upholding the international rules-based order); and sustainability (addressing the root causes and direct impacts of climate change).

During KISS23, numerous discussions focused on trying to make sense of what this means for the German armed forces, and the navy in particular.

The key message throughout all this talk was that the multiple demands for security that span the globe – from North Atlantic to Indo-Pacific – require that the German Navy develops a balanced fleet.

It will need to operate as a force for defence and deterrence, but will also have to continue carrying out other tasks, such as protecting sea lines of communication (SLOC) and crisis management.

In other words, it needs to move from a service that primarily handles regional constabulary operations to a fighting force against an organised opponent… all without losing sight of that constabulary role.

Yet the German Navy faces challenges both in terms of capabilities and personnel.

The last few years have seen a number of procurement programmes kicking off. These include: five K130 ‘corvettes'; the four F126 (ASW and ASuW) and F127 (AAW) frigates that are currently being drawn up – with multiple contracts awarded in the past year for the former programme; the future Type 212CD submarine, which is also under way; and, the acquisition of P-8A Poseidon maritime patrol aircraft (MPA).

The coming years could also see requests being drawn-up for SIGINT vessels, as the present ones need to be replaced, new oilers and next-generation mine layers and hunters. During KISS23 there was also a lot of talk about the possibility of acquiring unmanned systems.

Above: Recruiting enough personnel to meet its future ambitions may actually be the German Navy’s biggest problem. (Photo: Bundeswehr)

But all this procurement is slow, and personnel is likely to remain one of the most pressing issues for the German Navy. This is perhaps even more vital than future capabilities because, as one expert said, the most technologically advanced fleet is worth nothing without sailors to crew and fight it. Even uncrewed vessels, at least for the foreseeable future, still require multiple people to program, remotely pilot and maintain them, not to mention handle data processing work.

As such, the ‘German Navy objectives for 2035 and beyond’, as the service’s wish list published in March 2023 is known, might look on the mark when it comes to attempting to meet the demands of the NSS but a little too ambitious given the challenges currently facing the force.

In the short and medium term, continued and enhanced cooperation with partners and allies is likely the most viable option for a navy that seeks to redress 40 years of steadily declining funding.

The view from above – how space-based sensors can play a key role in seabed warfare

The race for underwater maritime situational awareness (MSA) is on. Many nations are acquiring underwater systems to retain information superiority in this new ‘final frontier’.

But how can the data these submerged sensors gather be efficiently leveraged when it is a well-known fact that it cannot be communicated continuously?

‘Today, the emergence of drones and remotely operated robots – driven by the needs of industry [and] capable of carrying out operations that meet military objectives at a depth of several thousand metres – are transforming the seabed into a new space for strategic competition,’ reads France’s ‘Seabed Warfare Strategy’, published in February 2022.

While there is no questioning the veracity of this statement, one challenge continues to define the underwater domain – data transfer options below the waves are very limited.

Above: An increasing number of maritime surveillance satellites are now in orbit. The BRO-5 from France’s Unseenlabs is used for RF geolocation of ships at sea. (Image: Unseenlabs)

As such, underwater systems – whether crewed submarines or UUVs – continue to rely on surface relays to transfer data that, inevitably, is not real-time.

So what if the answer to the conundrum came from somewhere else entirely? What if it came from space?

NATO’s Centre of Excellence for Operations in Confined and Shallow Waters (COE CSW) has partnered with various navies, academia and industry to develop a Multi-Sensor Data Fusion Cell (MSDFC).

The aim of this is to combine data from underwater systems (sonobuoys and UUVs) with a wide range of space (optical, SAR, radar frequency scans), air (UAVs) and surface (AIS) assets to support detection, monitoring and identification of objects in any given area of interest.

‘Say you have UUVs patrolling the seabed near underwater cables, the information they are gathering, while invaluable, will not be available immediately,’ Patrick O'Keeffe, staff officer for space operations at COE CSW, told Shephard.

‘Fusing multiple space-based data together, on the other hand, may provide near-real-time valuable information about patterns of life that can raise flags if there is any ongoing suspicious activity in the area where the cables are.’

The role of the MSDFC then is to combine all available data and, leveraging the latest advances in AI and ML, detect any suspicious activity in areas of interest.

This might be a ‘research’ vessel hovering too long in an area that should not be of interest to the crew or nation. Or it can mean spotting items appearing and disappearing on a ship’s deck that could point to UUVs having been released in the area.

Above: UUVs like the BlueWhale are famously unable to transmit data in real time, so need to be augmented by space, air and surface assets for full situational awareness. (Photo: Atlas Elektronik)

The resulting information is subsequently corroborated with underwater data when it becomes available.

‘There are two key benefits here: first, through space-based data one can already start flagging suspicious behaviours at sea and enhance monitoring in the area,’ O’Keeffe explained, ‘and second, in an era where navies are stretched for capabilities and personnel, more accurate, near real-time MSA prevents them from sending ships without being certain there is cause for concern.’

The MSDFC was successfully tested for the first time during the REPMUS 2022 exercise, but most data analysis was carried out manually. One year on, the project is on track to move on to TRL 6-7, ready for testing a minimum viable product (MVP) – leveraging AI and ML – during REPMUS 2023.

‘Navies have been collecting data from space to seabed for years now, but such data is often in different formats and makes sensor fusion difficult,’ O’Keeffe added. This means the data is often decorrelated. ‘Yet what is clear is that, as technologies stand today, underwater MSA starts with identifying what is going on at the surface and deducing potential underwater activities, so by combining all the data, we are providing a more efficient, continuous way to monitor the seabed,’ he concluded.

This month’s featured programme entry from Shephard Defence Insight:

F124 Frigate Replacement Programme (F127) (Germany)

In late 2020, Germany and the Netherlands signed an agreement to work jointly on a next-generation frigate. Both countries have agreed to collaborate on research, development and acquisition of the frigates, working on equal operational requirements. This is intended to replace the German Navy's Sachsen-class (F124) frigates.

However, in light of the changing geopolitical scenario, rumours suggest that Berlin could abandon the idea of jointly developing the F127 frigates with the Netherlands in favour of a domestic solution. A total of six frigates are expected to be procured for a total estimated value of $9.3 billion.

Programme background

Requirements

The German Navy gave Shephard an update on the programme in October 2021. Germany expects to introduce the next-generation F127 frigate into service from the 2030s. The future anti-air warfare frigates will replace the current F124 class from 2032 at the earliest with new capabilities to defend against ballistic and hypersonic missiles.

In July 2022, Shephard reported that Germany is interested in acquiring the SPY-6 radar, most likely the AN/SPY-6(V)1. Obviously, the decision to purchase the SPY-6 would lead to the adoption of the AEGIS CMS. It is unclear what effect the reported interest in US systems will have on previous plans for Germany to collaborate on the ships with the Netherlands.

Dutch agreement

It was announced on 17 December 2020 that Germany and the Netherlands had signed an agreement to work jointly on a next-generation frigate. This is intended to replace the German Navy's Sachsen-class (F124) frigates and the Royal Netherlands Navy De Zeven Provinciën (LCF) class. The two preceding classes of frigates are similar and were built around a common primary anti-air warfare system. 

The agreement was signed via video conference by Dutch State Secretary Barbara Visser and her German counterpart Benedikt Zimmer. The countries are to collaborate in the field of research, development and acquisition while working on equal operational requirements. The joint development is intended to benefit the industries of both countries. 

Ties between Dutch and German naval defence industries are already strong, with Damen and Thales NL taking key roles in the F126/MSK180 frigate programme, solidifying this relationship further. The Netherlands is expected to replace almost its entire fleet in the 15-year period between 2020 and 2035, accounting for 23 ships. The Netherlands had been seeking cooperation with Germany over its projects. 

The Netherlands LCF replacement programme was due to start in 2021, but in 2019, this was posted by five years due to a lack of funds. German plans to replace the F124 frigates may also have impacted this decision as talks between the Dutch and German MoDs had begun on jointly replacing the two classes. On this basis, this project is due to start by 2026, with the new ships delivered by 2035, should the Netherlands stick to its plan to have most of its fleet replaced within 15 years.

Timeline

The replacement project is in its early stages of the analysis phase, and the Integrated Project Team, under the direction of the Bundeswehr Office for Defense Planning, is to prepare a Capability Gap and Functional Requirement (FFF) phase document by July 2022 at the earliest. This will include an operational architecture, an operational concept, corresponding scenarios/vignettes and a threat catalogue concerning F127, as well as a prioritised requirements catalogue.

The second phase of the analysis will follow the FFF document's approvable and last until mid-2025. This will work out the technical features and solutions via a customer-products-management process with alternative options given to the Chief of Defence to choose from. This stage is intended to be concluded by the end of 2025 or the first half of 2026.

With the detailed design not available before 2026, construction will not be able to start any earlier than 2026.

Cooperation opportunities with the Netherlands are still being investigated. These will include capabilities, threat assessments, CONOPS and operational scenarios. Discussions are currently around working out what degrees of commonality are possible at a ship level for a common ‘Future Air Defender’.

On 5 March 2023, the German Armed Forces published and later deleted a 'Force Structure Goals 2035+' on its website, offering glimpses into Berlin's naval planning. The plan outlines five F127 frigates in service in 2031 and six in 2035.

In March 2023, Marine Schepen reported that the German Parliament asked the government whether the German procurement organisation BAAINBw or the German Navy has informed the Dutch Defence Materiel Organisation (DMO) that it intends to carry out the F127 project not as part of a joint German-Dutch programme, but through a collaboration with the US. According to the same media outlet, the German Navy has expressed its preference for a future class of frigates based on American radars and CMS.

German State Secretary for Defence Thomas Hitschler answered the inquiry by saying that the German-Dutch agreement was developed and signed in a different geopolitical context. Hitschler highlighted that Germany needs a timely solution (with marked AAW capabilities) to replace the F124 frigates. The need to procure a ship that can be available in a relatively short period of time makes reference to the number of issues the German Navy faced during the trials of the F125 frigates.

Contenders & Bidders

TKMS

TKMS's proposal for future anti-air warfare ships is based on the proven MEKO family design.

A spokesperson for TKMS told Shephard: ‘To ensure the timely and smooth replacement of the F124 class air defence frigates, we want to offer the German Navy the only proven design based on the MEKO A400 that is available on the market in this key German technology. With our new production site in Wismar, we have already set the course for long-term adherence to schedules and budgets. We are taking the opportunity to secure numerous jobs at the shipbuilding location in Mecklenburg-Vorpommern. Together with our industrial partners in Germany and Europe, we are making an essential contribution to our common security today and will continue to do so in the future.’

Kieler Nachrichten reported that TKMS is pitching a 220m long ship design that would displace some 12,000t. Interestingly, in the interview with Kieler Nachrichten, TKMS CEO Oliver Burkhard excluded the idea of cooperation with the Netherlands on the vessel.

Contract Award

Shephard estimates that to meet the target of having five F127s in service by 2031, a contract has to be awarded no later than 2024.

Don't want to miss out on future Decisive Edge content? Make sure you are signed up to our email newsletters.