An Assessment of Vulnerabilities for Ship-based Control Systems

Abstract : Growing asymmetric threats, such as international terrorism, have replaced the hostile nation-state as the adversary of choice. As embodied by the September 11 attacks, the United States now faces enemies that seek to create havoc and disruption in nontraditional ways. This new adversarial paradigm makes the protection of the critical infrastructure of the nation even more important than ever. Unfortunately, this is the nation's soft underbelly. Computer-based control systems form the heart of the critical infrastructure, and these control systems are riddled with rampant vulnerabilities. A combination of industry apathy, physical challenges, and the growing reliance on the Internet by has exacerbated these vulnerabilities. The critical infrastructure of a Navy warship is just as vital to the operation of the vessel as the national infrastructure is to the operation of the nation. Unfortunately, a ship's infrastructure is similarly permeated with control systems, which have similar weaknesses and face similar threats as their civilian counterparts. This thesis examines the importance of the critical infrastructure on both the national and shipboard scale. Threats and vulnerabilities are established, and corrective actions are explored, with the goal of developing some strategies to improve the security of shipboard systems. As part of these corrective actions, a template security policy and a computer security checklist have been developed.