The Navy’s Expeditionary Fast Transport, or EFP, class of ships may be vulnerable to hackers and isn’t achieving key performance milestones, including some related to the cybersecurity of the ship’s systems, according to a new inspector general’s report.
The aluminum catamaran-style ships, which are designed to quickly move troops and supplies, “lacks capability,” an April 2018 report from the Department of Defense Inspector General found. One of those capabilities is securing control systems aboard the vessels.
“Cybersecurity vulnerabilities could potentially lead to hackers disabling or taking control of systems, preventing the EFP vessel from accomplishing its missions,” the report said. “According to a DoD cybersecurity instruction, if cybersecurity risk management is not adequately addressed during the initiation, development, and acquisition phases of the system development life cycle, these tasks will be undertaken later in the life cycle and will be more costly and time consuming to implement.”
The report also highlighted 14 unresolved information assurance control deficiencies related to “the availability, integrity, authenticity, and confidentiality of information exchanges.”
According to the Inspector General, Space and Naval Warfare Systems Command corrected 11 information assurance control deficiencies identified during the initial operational test and evaluation and follow-on operational test and evaluation, which were confirmed as corrected by the Military Sealift Command. The MSC is responsible for the operation and sustainment of the EPF vessel.
Network and information security continues to emerge in importance both ashore and afloat, with top officials from the Navy’s cyber elements emphasizing the need to secure onboard systems in particular. It’s an idea that was underscored in the Navy’s investigations into the 2017 collisions of the USS John McCain and the USS Fitzgerald, in which the Navy brought in teams from Space and Naval Warfare Systems Command and Fleet Cyber Command/Tenth Fleet.
“The role that SPAWAR played is important in the sense that we played a role, and that’s an indicator of the new reality of today, where our systems across the board are reliant on the network,” Rear Adm. Christian Becker, SPAWAR commander, told C4ISRNET in a recent interview.
Becker emphasized cyber resiliency throughout the fleet. “That starts with designing in that resiliency from the beginning, implementing IT standards, and making sure that when we deliver the capability for which we’re responsible, those capabilities are up-to-date, integrated properly, secure and ready for sailors to operate and maintain.”