All posts by Guest Author

Seamanship and Leadership

Finding New Ways to Fight, Pt. 2

1 Comment

How the Mad Foxes of Patrol Squadron FIVE are harnessing their most powerful resource – their people – in an effort to cut inefficiencies and improve productivity.

By Kenneth Flannery and Jared Wilhelm

The U.S. Military Academy’s Modern War Institute recently published a thorough primer by ML Cavanaugh on what it means to drive innovation in the military.1  The most important take away was the difference between the buzzword, “innovation,” and the people who actually do the dirty work of driving positive change within the force called, “defense entrepreneurs.” This series focuses on an operational U.S. Navy maritime patrol squadron full of defense entrepreneurs, and how their unit is taking the “innovation imperative” from on high and translating it to the deckplate level. Part 1 focused on the “Why? Who? And How?”; Part 2 reveals observed institutional barriers and challenges.

Deckplate Challenges

It often seems that the tasks most worth doing are the most difficult to achieve. Since beginning our innovation experiment, the squadron has been met with a variety of challenges to the implementation of our vision. Some of these obstacles are specific to the unique nature of the military, while others are more specific to the nature of large bureaucracies. Many challenges come from external sources that are largely outside of our control, while other challenges are self-inflicted.

One of our biggest hurdles has been thawing the “frozen middle.” This concept refers to the middle management contingent within the squadron that may be less eager to adopt new ways of doing things. Perhaps the most frustrating part about the “frozen middle” is that the very people who would benefit from embracing these changes are often the ones standing in the way. It is understandable and expected when organizations are resistant to an innovation developed outside of their ranks. All organizations have budgets to balance and bosses to answer to such that outside entities may be only a blip on their radar. For example, attempting to highlight the importance of one squadron in one community in one service of the Department of Defense can be understandably futile. More vexing are the people inside of one’s organization who seem to actively resist change at every opportunity. Frustrating as it may be, recruiting the members of the “frozen middle” is paramount for success. Buy-in from all organizational levels is required for original ideas to reach critical mass and become self-sustaining. Without support from the most resistant group, a new process will inevitably wither and die, even if it enjoys support from the top and bottom of an organization.

When VP-5 implemented the Innovation Department, the “frozen middle” quickly became apparent. The chief’s mess and the O-4 department heads, always looking out for undue risk to the Commanding Officer, were particularly averse to change. These groups bring a wealth of experience to the squadron and are absolutely crucial to the success or failure of our unit. However, that same hard-fought experience can sometimes saddle people with preconceived notions about “the way things are done” and other such attitudes which can stifle a creative environment.

Stopping new innovations from being implemented is often the path of least resistance for the frozen middle. VP-5 discovered that those who are averse to change will attempt to use their position of power as a roadblock. Often, it seems the frozen middle’s apprehension is rooted in a reluctance to put forth the effort necessary to change. Many of our innovations are designed to reduce the time and energy required to complete a task. However, at the onset, hard work is required to overcome the existing institutional inertia. Many times someone will cite comfortable catch-all words, such as “OPSEC,” or some unnamed instruction in an attempt to avoid putting up the innovation capital required for real change. However, it was the defense entrepreneur’s job to push past that initial roadblock. If a genuine concern exists, we may have to alter tack and reevaluate, but concerns raised about innovation must be the result of concrete analysis as opposed to institutional inertia.

Hitting the Wall

We were not always successful in overcoming these barriers. On more than one occasion the squadron had projects come to a full stop due to an inability to get through to the frozen middle. One project in particular was a fairly lofty goal of adding the maintenance program OOMA (Optimized Organizational Maintenance Activity) on to our PEMA (Portable Electronic Maintenance Aid) laptops.

Under the current system, writing a MAF (Maintenance Action Form) requires access to the OOMA program which is hosted on the Naval Aviation Logistics Command Management Information System (NALCOMIS). In turn, maintainers and aircrew alike are limited to writing MAFs at computers or laptops with hardwired connections to NMCI. This means writing MAFs during preflight or post-flight requires a trip to the hangar, eating up valuable time. This is a burdensome and antiquated system, which results in poorly written MAFs and decreased MAF participation at large.

Requiring NMCI access for writing MAFs also presents a problem when departing on or returning from deployment. There is often a period of several days before NMCI connectivity is established which means MAFs must be handwritten. Once NMCI connection is established these MAFs are retroactively input into OOMA, requiring a significant number of man hours.

Implementing OOMA on our PEMA laptops would be a simple way to streamline the maintenance action documentation process. PEMA laptops would be present on the aircraft, decreasing travel time and putting the feedback solution at the source of the problem. Optimizing this process would increase discrepancy documentation and create more detailed MAFs, facilitating faster resolutions to problems. Ultimately, OOMA on our PEMA laptops could eliminate some of the administrative and physical challenges that lead to wasted man hours and late takeoffs.

This project was led by a 2nd and 3rd Class Petty Officer with assistance from the Innovation Department. These intrepid innovators worked diligently in conjunction with the offices of Program Management Acquisition-290, SPAWAR, and the PEMA Fleet Support Team, but were ultimately told this project was not currently feasible. Part of the reason given had to do with the speed at which NAVAIR moves, which was colorfully described as a “turtle in a sea of peanut butter.” This is a common refrain we have heard time and again, and one that begs the question, “are these extended timelines actually necessary, or have we become so accustomed to them that they are now an accepted norm?”

Another instance where we ran into trouble was with a much smaller project. This time we were seeking permission to insert a Bluetooth USB device into an NMCI computer in order to display a rotating informational PowerPoint on a TV in the maintenance spaces. One of these TVs already existed in the squadron’s duty office, and we wanted to place one downstairs to address a maintenance concern about sometimes being left out of the loop.

We already knew Bluetooth devices were prohibited in NMCI computers so we reached out to the Information Assurance office for guidance about how to request a waiver, or if a waiver process even existed. In return, we received a curt e-mail informing us that USB devices were not allowed in NMCI computers, which was stated in the NMCI USB policy and also on the IA form everyone signs to gain access to NMCI computers. We responded to clarify, that indeed we already knew about the prohibition, but were asking if it possible to change the instruction. Ten months later we have yet to hear a response.

Innovation Breakthroughs

These experiences taught us that we needed a new way of approaching things that relied less on external forces and instead emphasized our own ability to create. One way VP-5 chose to thaw the “frozen middle” has been to outpace their skepticism. That is to say, rather than waiting for approval to pursue a particular initiative, we would simply go ahead and continue to work on a project until directed otherwise. The squadron would always inform the appropriate authorities and members of the chain of command, but we didn’t seek their explicit approval. When asking permission to do something, the answer was often “no,” even though there was rarely any substantiating reason for that “no.” Instead of asking, we started informing the Chain of Command of our projects and ideas. By doing this it seemed that we flipped the easy answer from “no” to “yes.” Employing this “Full Speed Ahead” tactic yielded many successes, including the creation of a new qualification program and incentivizing sailors to become innovators.

One hard won success for VP-5 was the development of the “P-8A Enlisted Engine Turns Program.” This program, long established in the P-3 community, allows a select number of enlisted maintenance personnel the opportunity to earn their “Enlisted Turn Operator” qualification. This qualification allows each operator to perform a variety of low-power engine operations for maintenance evolutions. Prior to the development of this program, these low-power turns required at least one pilot. This placed an unnecessary burden on the pilot cadre, which became particularly apparent when operating on detachment where extra pilots are few and far between.

To establish this program, VP-5 adopted a draft version of an Enlisted Turn Operator instruction from VP-30, the P-8A Fleet Replacement Squadron, and made it an official squadron instruction. The program now boasts an official curriculum consisting of written personnel qualification standards, simulator events, and aircraft events. To date, VP-5 has created four Enlisted Turn Operators, two of which had the distinction of being the first two P-8A Enlisted Turn Operators in the fleet. Throughout the process of establishing this program, the defense entrepreneurs clearly communicated their intentions up through the chain of command, and illustrated how they were mitigating the risk in this endeavor. The innovators gave the VP-5 chain of command the opportunity, but never a reason, to say “no.”

Another success for the VP-5 Innovation Department was incentivizing innovation. The Innovation Department first began to coalesce when the squadron was forward deployed to the 5th and 7th Fleet areas of responsibility. Throughout the six-month deployment the innovation movement seemed to be gaining steady momentum, and it was during this very early time that some of our most successful endeavors were developed. At the close of deployment in the spring of 2017, VP-5 shifted back stateside and continued to build this foundation. The Innovation Department was formally enshrined in a new instruction, detailing organizational roles and responsibilities, and we had regular innovation meetings with respectable showings. Unfortunately, interest and participation in the Innovation Department from the junior enlisted and junior officer ranks began to wane. At one meeting, attendance was limited to the box of doughnuts that had been brought for the no-show participants. This was a low point for the defense entrepreneurs. The lull in participation could have been due to a variety of factors, such as the return of family responsibilities, outside hobbies, and perhaps even an element of boredom. As time went on the new innovation initiative began to lose its luster.

Some of this can be expected in any organization trying to introduce a new culture, but some may be due to the career timing structure of the military. Sailors in VP-5 spend between two and five years in the squadron. Officers find themselves on the left side of that spectrum, while enlisted personnel are normally toward the right. To a newly minted lieutenant junior-grade or petty officer, a three to five year tour may seem daunting, but it can be a relatively short stay when all of the various qualifications and certifications that sailors must achieve during their time in the squadron are considered. Therefore, there may be little incentive for a sailor to invest their time and energy on an innovation that may not come to fruition before their tour is over. The temptation to accept the status quo to appease an immediate superior is too attractive for many. Although there will be those who naturally appear to think outside the box and resist the status quo,  it is the responsibility of leadership to properly incentivize innovation.

VP-5 incentivized innovation by rewarding sailors who have contributed to innovation projects with awards and 96-hour liberty passes. While these may seem like superficial benefits, giving a sailor free time and recognition are the most immediate impact that a commanding officer can have on their subordinate’s life. It is necessary that more significant items, like promotions and advancements, are influenced at least in part by what a sailor has done to push the U.S. Navy into the 21st century.

Continuing the Fight

The concept of innovation is obviously not unique to the military. It is preached in boardrooms throughout the country as a way to cut costs, increase productivity, and generally rise above the competition. The companies that fail to adapt to changing environments often find themselves out of business. This same principle applies to the profession of arms. However, if we ever find ourselves “out of business” the opportunity to start over may not exist. Rarely are we afforded second chances to get it right. The time to find better ways to adapt and overcome is now.

Lieutenant Ken Flannery is a P-8A Poseidon Instructor Tactical Coordinator at Patrol Squadron FIVE (VP-5). He may be contacted at [email protected].

Lieutenant Commander Jared Wilhelm is the Operations Officer at Unmanned Patrol Squadron One Nine (VUP-19), a P-3C Orion Instructor Pilot, and a 2014 Department of Defense Olmsted Scholar. He may be contacted at [email protected]

CIMSEC is committed to keeping our content FREE FOREVER. Please consider donating to our annual campaign now so we can continue to provide free content.

References

[1] https://mwi.usma.edu/wear-pink-underwear-like-churchill-nine-principles-defense-entrepreneurship/

Featured Image: OAK HARBOR, Wash. (Oct. 21, 2016) Lt. Cmdr. Matt Olson, Patrol Squadron 30, right, talks Michael Watkins, a reporter with Whidbey News-Times and retired Navy Chief, through flight procedures in a P-8 simulator during a media availability on Naval Air Station Whidbey Island’s Ault Field. (U.S. Navy photo by Petty Officer 2nd Class John Hetherington/Released)

Capability Analysis

Institute for Future Warfare Studies Wants Your Writing on Seabed Warfare Concepts

Leave a comment

By Bill Glenney

Articles Due: March 5, 2018
Week Dates: March 12–March 16, 2018
Article Length: 1000-3000 Words
Submit to: [email protected]

The U.S. Naval War College’s Institute for Future Warfare Studies is partnering with CIMSEC to solicit articles putting forth concepts for warfare on and from the seabed as part of the larger maritime battle.

While the broad matter of economics and sea lines of communications should drive a national and Navy interest in securing the seabed, the transformative nature of warfare on and from the seabed should capture the imagination and be of concern to the Navy.

Systems operating from the ocean seabed – to include unmanned systems, mini-submersibles, smart mines, special forces, and others – will one day be deployed against surface, air, and land systems and not just traditional undersea forces – adding yet another dimension to cross- or multi-domain warfare. Navies will be forced to consider not only the role of the seabed and undersea forces in seabed combat, but also how effects from the seabed can shape the behavior of forces on the surface, in the air, and on land.

At its heart, the assumption of U. S. undersea supremacy based on owning the top 1,000 feet of the water column will become invalid, ineffective, and wrong, just as aviators once assumed air supremacy was assured from owning airspace above 30,000 feet. Similarly, the Submarine Force will have to abandon its traditional assumptions about how operating within the undersea domain enhances survivability. Seabed threats may mean the U.S. Navy could have to fight its way out of CONUS home waters before it could project power abroad, and allow adversaries to persistently threaten the U.S. Navy’s flanks and rear support areas. Warfare under the sea may come to look more like tunnel warfare of World War One or suppression of enemy air defenses in Syria than ASW of the Cold War.

The seabed has already long suffered from neglect by the U. S. Navy. For example, modern sea mines can already project power from the seabed with little to no warning, but since the end of the Cold War the Navy and the Submarine Force “whistled past the graveyard” and routinely dismissed the threat from sea mines out of hand. This neglect was reflected in continual lack of substantive funding related to USN mine warfare capabilities and associated tactical development. This trend continued even as more U.S. warships were sunk or damaged in the aftermath of WWII by sea mines than by any other weapon while potential adversaries have tens of thousands of mines. Weapons on the seabed exacerbate the problem even more.

Illustration of how a CAPTOR smart mine functions. (via U.S. Militaria forum)

Nations and commercial entities can be expected to routinely map seabed terrain to support their interests and activities. Available seafloor bathymetry may become comparable to a typical topographic map available in hard copy. This level of detail will facilitate planning for and the placement of systems on the ocean floor, especially with a focus on ensuring they could not be readily detected or attacked. Weapons and supplies could be hidden in seabed caves, trenches, and other geographical features within the complicated seabed landscape.

The threat posed by systems operating from this part of the maritime environment will only grow with technological change and proliferation. The impending proliferation of commercially-developed undersea and seabed systems will make these systems readily available to anyone with even a modest amount of funding. These systems had long ago departed being a resource only for a rich nation-state or billionaires intent on finding the resting place of sunken ships.

Authors are invited to write on the tactical and operational challenges, and potential solutions, that may emerge as maritime warfare expands onto the seabed. How can the Navy’s future force adapt to this coming reality? Authors should send their submissions to [email protected].

Professor William G. Glenney, IV, is a researcher in the Institute for Future Warfare Studies at the U. S. Naval War College.

The views presented here are personal and do not reflect official positions of the Naval War College, DON or DOD.

Featured Image: Undersea submersible (Brian Skerry, National Geographic Creative)

Space

The “Space Corps” is Dead…For Now

2 Comments

By M. Scott Lassiter

The last time Congress created a new military branch was in 1947 when they formed the Air Force out of the Army Air Corps. Now, several Congressmen want to create a new branch of the military: the Space Corps. However, when the House of Representatives passed the final version of this year’s National Defense Authorization Act (NDAA), now signed into law by President Trump, it addressed the controversial proposal in no uncertain terms:

“No funds authorized to be appropriated by this Act or otherwise available for fiscal year 2018 for the Department of Defense may be used to establish a military department or corps separate from or subordinate to the current military departments, including a Space Corps in the Department of the Air Force, or a similar such corps in any other military department.” ~H.R.2810 – National Defense Authorization Act for Fiscal Year 2018, Section 6605

Its proposer and strongest supporter, Representative Mike Rogers (R-AL), asserted that the Air Force has dropped the ball on space over the last two decades, allowing our adversaries to close the space technology gap with us. The only thing that could save us now was to create an entirely new branch of the military– The Space Corps– sharing a similar relationship with the Air Force as the Marine Corps has with the Navy.

Rep. Mike Rogers (R-AL), chairman of the House Armed Services strategic forces sub-committee proposed creation of the Space Corps in 2017, believing that the USAF had not adequately performed its duties in regards to the space mission. (Image credit: C-SPAN)

To be fair, we do have a problem. Modern Air Force strategy has highly valued fighters and air attack. Accordingly, fighter pilots represent 31 percent of the Air Force General Officer leadership, to include six out of the fourteen top four-star officers (for comparison, Air Force Personnel Command reports pilots of ANY aircraft compose only 20 percent of officers). Officers in other fields (such as space) have historically not been promoted as frequently or highly. Additionally, sixteen years of combat operations under inadequate budgets have encouraged raiding the space funds of tomorrow to meet the mission requirements of today.

Most significantly, our adversaries have indeed enhanced many of their space capabilities to near-peer status. Recently, China tested quantum communication satellites, and Russia enthralled the Space community with maneuvering satellites that have unknown strategic intentions. Both countries, as well as the European Union, have launched their own navigation satellites to remove their reliance on the American GPS constellation.

However, Rep. Roger’s Space Corps plan ignored three important truths:

1. Our adversaries have a vote on what their space capabilities are. Even with more focus on space, on what grounds were we to protest or prevent Russia from launching satellites? They have just as much right to the peaceful use of space as we do, and embarrassingly, we depend on them for all of our own manned space flight since the shuttle retirement in 2011.

2. We already have Air Force Space Command (AFSPC) Headquartered in Colorado Springs, it is run by four-star General John “Jay” Raymond. What would a Space Corps realistically do that AFSPC is not capable of doing? If Congress aims to get him a seat on the Joint Chiefs of Staff, it would be easier to amend Title 10 of the United States Code to make him a required consultant on all issues related to space, or change who he ultimately reports to. There is a precedent: that was the initial role the Commandant of the Marine Corps played before he was given a permanent seat. Such an amendment would also be far easier to implement than forming an entirely new branch.

3. A new military department will only complicate appropriations. Fiscal year 2009 was the last time Congress passed an appropriations bill for the Department of Defense before the actual start of the fiscal year. This has led to numerous continuing resolutions that Army Chief of Staff General Mark Milley called “professional malpractice” when he testified to Congress in April. Approaching a decade of indiscriminate budget cuts from sequestration, our forces are stretched thin. Congress proved this point on January 19th when they failed to pass the third continuing resolution for the 2018 fiscal year. The first two passed only hours before yet another government shutdown. When the third failed, the entire federal government shut down for almost three days until they ended it on January 22, with only another three-week stopgap passed. A new military branch would incur more redundant overhead. What makes Congress think that if we can’t afford to adequately fund space now, or anything else, we can afford it after we spend billions on a whole new branch?

USSTRATCOM commander, General John Hyten (left), directed the current commander of Air Force Space Command, General Jay Raymond (right), to also assume duties as the Joint Force Space Component Commander in December 2017. The author believes this will improve DoD’s space posture without having to create an entirely new military department. (U.S. Air Force photo by Senior Airman Kyla Gifford)

The Space Corps idea received a cold reception from the Department of Defense from the start. Air Force Secretary Heather Wilson told Congress, “If I had more money, I would put it into lethality, not bureaucracy.” Her sentiments were seconded in separate testimonies by General John Hyten, the Commander of United States Strategic Command (USSTRATCOM), as well as General Raymond.

Secretary of Defense James Mattis also opposed it. While he has recognized that we need to update our approach to space, he believes no one has adequately argued that the Space Corps is the way to do it. It would only become another budget strain.

To the Air Force’s credit, they realized several years ago that they were dropping the ball on space. It is no accident that General Raymond, a man with a background in missiles and space, was put in charge of AFSPC. Backing him up as the Unified Combatant Commander over AFPSC, General Hyten also has significant space experience. He led AFSPC as its previous Commander and served as the deputy there before that.

Even though the final NDAA scrapped the Space Corps, Congress did make at least one critical change to benefit AFSPC. General Raymond’s job now comes with a minimum six-year term. This draws from the Naval Reactors model begun by Admiral Hymen G. Rickover, where the Admiral oversees the program for an eight-year term. This has contributed to the Navy’s consistently strong nuclear operational and safety record, and it will do worlds of good for the space program as well.

The Air Force has the right leadership cadre in place. It needs a chance for this reinvigorated command structure to succeed. Proposing the Space Corps did get the attention of all the right people, but it has more problems than solutions. The concept will likely keep reappearing every year for the foreseeable future, as several congressmen have alluded to. Will our military one day require a Space Corps? Possibly. But it is not today, and it is not next year. Killing the proposal now was the right call.

Scott Lassiter is a U.S. naval officer assigned to United States Strategic Command, and a member of the Navy’s Space Cadre.

The opinions expressed in this article do not necessarily represent the views of the United States Navy, Air Force, Strategic Command, or Department of Defense.

Featured image: US Air Force personnel examine the experimental orbital vehicle known as the X-37B after a successful landing at Vandenberg AFB in December 2010. (AP)

Capability Analysis

Cyberphysical Forensics: Lessons from the USS John S. McCain Collision

3 Comments

By Zachary Staples and Maura Sullivan

The 2017 back-to-back collisions of two Navy destroyers led to much speculation about the role of cyberphysical interference in the disasters. As the senior officer representing the U.S. Navy engineering community during the USS McCain cyber assessment, it is clear that we do not yet have the basic tools to definitively answer the question, “were we hacked or did we break it?”

Cyberphysical systems are the backbone of the global infrastructure we rely on for transportation, power, and clean water, and are growing at an exponential rate. The deep integration of physical and software components is not without risks and most industries are technically and organizationally unprepared to conduct forensic examinations. The ability to trust cyberphysical systems is dependent on our ability to definitively identify and remedy cyber interference, which is dependent on our understanding of how data flows impact the physical world.

There are broad lessons from the USS McCain cyber assessment that highlight the type of forensics needed to build and sustain cyberphysical infrastructure around the globe. In order to prevent and respond to future cyberphysical events, whether malicious or accidental, the Navy and organizations dependent on cyberphysical systems must establish post-event procedures for cyber forensic investigations, develop trusted images, and integrate threat intelligence with engineering teams.

Post-event Procedures

Post-incident shipboard forensic examination is a unique activity that is separate and distinct from cybersecurity evaluations or responses to network intrusion or malware. Typically, when cybersecurity operations centers observe malicious communications or indications of compromise within their operating network, they have a clear map of the network and key pieces of information, such as an initiating IP address or malware signatures, from which to begin the forensic mission. They start by identifying and classifying malware on the offending endpoint and can take immediate actions to observe the adversary in their system and identify what is being targeted, while simultaneously acting to clean and quarantine the network.

In stark contrast, post-incident cyberphysical assessment requires an undirected baseline on a variety of media, including hard drives from voyage management systems, machinery control stations, and IT network endpoints. Greatly complicating post-incident response is the fact that many segments of the network will likely be shut off by design or physically destroyed by the casualty itself. The task of cyber forensic teams is essentially the equivalent of trying to determine why a building collapsed without blueprints, physical access to the structure, or any data on what happened immediately prior to the collapse.

The technical understanding and research required to define standard operating procedures for shipboard cyber forensic investigations do not currently exist. While the task of developing a comprehensive approach to shipboard cyber forensics is daunting, the military has experience developing specialty training paradigms, such as submarine navigation and tactical aviation. Hunting a cyber adversary in industrial control systems is a complex task requiring unique operational and tactical expertise. An achievable near-term milestone would be to create procedures for an attack surface assessment for a routine pre-planned mission, which could provide a test-bed for developing more comprehensive procedures, as well as a better understanding of capabilities and gaps.

Trusted Images

All ships operate three main networks: the voyage network that supports the safe navigation of the vessel, the engineering network that controls propulsion along with material handling and auxiliary systems, and the administrative network that supports business operations and crew welfare needs. U.S. Navy vessels also have a combat systems network. The interconnectedness of operational and information technology networks means that traditional information technology tools and perimeter-based security solutions are inadequate for cyberphysical systems. For example, the addition of even simple PKI security can overwhelm the processing power of installed cyberphysical processors and cause a system crash instead of preventing unauthorized access. Additionally, in order for systems like GPS to function, the system must allow access to all properly formatted traffic, rendering perimeter defense insufficient. Security for complex cyberphysical systems requires capturing data flows and developing contextually aware algorithms to understand the dynamics during shipboard operations.

To generate network situational awareness sophisticated enough to do cyber forensics, the team will need to search for electronic anomalies across a wide range of interconnected systems. A key component of anomaly detection is the availability of normal baseline operating data, or trusted images, that can be used for comparison. These critical datasets of trusted images do not currently exist. Trusted images must be generated to include a catalog of datasets of network traffic, disk images, embedded firmware, and in-memory processes.

1. Network Traffic: A common attack vector is to find a computer that has communications access over an unauthenticated network, which issues commands to another system connected to the network (i.e. malware in a water purification system issuing rudder commands). Cyberphysical forensics require network traffic analysis tools to accurately identify known hosts on the network and highlight anomalous traffic. If the trusted images repository contained traffic signatures for every authorized talker on the network, it would allow forensic teams to efficiently identify unauthorized hosts issuing malicious commands.

2. Disk Images: Every console on the ship has a disk that contains its operating system and key programs. These disks must be compared against trusted images to determine if the software loaded onto the hard drives contains malicious code that was not deployed with the original systems.

3. Embedded Firmware: Many local control units contain permanent software programmed into read-only memory that acts as the device’s complete software system, performing the full complement of control functions. These devices are typically part of larger mechanical systems and manufactured for specific real-time computing requirements with limited security controls. Firmware hacks give attackers control of systems that persist through updates. Forensic teams will need data about the firmware in the trusted image repository for comparison.

4. In-memory Processes: Finally, advanced malware can load itself into the memory of a computer and erase the artifacts of its existence from a drive. Identifying and isolating malware of this nature will require in-memory tools, training, and trusted images.

In addition to the known trusted images, future forensic analysis would benefit from representative datasets for malicious behavior. Similar to acoustic intelligence databases that allow the classification of adversary submarines, a database of malicious cyber patterns would allow categorization of anomalies that do not match the trusted images. This is a substantial task that will require constant updating as configurations change. However, there are near-term milestones, such as the development of shipboard network monitoring tools and the generation of reference datasets that would substantively improve shipboard cybersecurity.

Organizational Integration

As future shipboard assessment teams work to confirm or refute the presence of cyber interference, they will need the assistance of a cyber intel support team to validate assumptions about their findings aboard the vessel. The basic flow established in the USS McCain investigation was to look at the physical systems involved in causing the collision (i.e. propulsion, steering) and then begin looking for cyberattack vectors to those systems.

Ruling out cyber interference requires evidence of absence, which can be uniquely challenging. In order to refute a particular attack vector, coordination with a cyber intel support detachment is essential to understanding the range of possible cyberattack scenarios for a particular physical effect. For example, advanced cyber effects could be delivered over a radiofrequency pathway. Therefore, cyber investigators will need to understand the electromagnetic environment the ship is operating within, as recorded in national systems, and give access to analysts capable of identifying anomalies in the signal pathway.

Shipboard assessment and cyber intel support teams each have specific sets of expertise necessary to understand the full suite of cyberattack vectors and their potential impacts on shipboard systems. Cyberattack tactics are constantly changing and the highest levels of technical expertise and security clearance are required to keep abreast of the potential methods to penetrate networks and attack industrial control systems. Cyber intel teams will never have the engineering expertise to understand the full range of potential physical impacts on shipboard systems. As was demonstrated with Stuxnet and the attack on the Ukrainian power grid, the most successful cyberphysical attacks exploit the organizational gap between engineering and cyber teams.

Organizational constructs for cyberphysical systems will never be straightforward because cyber risk cuts horizontally across engineering systems and traditional intelligence activities. Organizational integration between the cyber and engineering communities must be practiced and continually refined in order to prevent and respond to cyberphysical interference. A near-term milestone would be to execute joint training exercises between the cyber intel and engineering communities in order to promote cross-disciplinary understanding and begin to build out the template for future organizational integration.

Conclusion

Network connectivity in industrial control systems has revolutionized the way humans interact with physical systems and ushered in a new era of capabilities from energy generation to manufacturing to warfighting. These advancements are not without risks, and to avoid cyberphysical catastrophe, the development of tools to ensure resilience, security, and safety must keep pace. Shipboard forensics provide a prime example of the current gaps in our ability to understand, monitor, and protect cyberphysical systems. The lessons learned from the forensic examination of the USS McCain can provide the foundation for the procedures, data, and organizational constructs required to create modern tools to monitor and protect cyberphysical systems.

Zac Staples had a 22-year career in the United States Navy as a surface warfare officer specializing in electronic warfare. His final tour was as the Director of the Center for Cyber Warfare at the Naval Postgraduate School, where he led inter-disciplinary research and development teams exploring cyber capability development. Zac holds a B.S. in engineering from the U.S. Naval Academy, a Masters in National Security Affairs from the Naval Postgraduate School, and is a distinguished graduate of the Naval War College.

Maura Sullivan specializes in systemic risks and data-driven emerging technologies. Maura was the Chief of Strategy and Innovation at the U.S. Department of the Navy, where she developed and implemented the strategic roadmap for emerging cyberphysical technologies. Previously, Maura led a start-up within the global catastrophe risk company, RMS, developing software and consulting solutions for managing systemic risks for financial and insurance markets. She was a White House Fellow, has a Ph.D. in epidemiology from Emory University and a B.S and M.S. in earth systems from Stanford University.

Zachary Staples (USN, Retired) and Maura Sullivan, PhD are the co-founders of Fathom5, a maritime cybersecurity company.

Featured Image: Operations Specialist 3rd Class Daniel Godwin, from Milton, Fla., stands watch in the Combat Information Center aboard the aircraft carrier USS Enterprise (CVN 65). (U.S. Navy photo)