Navy officials say there is still not a shred of evidence that malicious cyber activity had anything to do with the baffling string of four at-sea accidents involving its vessels in the eastern Pacific since the start of the year. But repeated public speculation on that front may be having a positive side effect: pressing the Navy to add cyber considerations to its investigations into major incidents and gaming out how it would actually respond in the event of a bona fide electronic attack.
The Navy did not immediately include cyber as part of its investigation into the collision involving the U.S.S. Fitzgerald in June. But after the second crash involving fatalities, the one involving the U.S.S. John S, McCain, the service did decide to dispatch a team of experts from its 10th Fleet to try to find any signs of “anomalous activity.”
That team, along with technical experts from Naval Sea Systems Command and Space and Naval Warfare Systems Command, are currently dockside examining the McCain’s systems in Singapore, where it’s temporarily moored following the ship’s collision with a commercial tanker last month.
“We’re trying to do a couple of things,” Vice Adm. Jan Tighe, the deputy chief of naval operations for information warfare, told an audience at the Center for Strategic and International Studies last week. “One is to try to confirm that cyber had no role in the collision, but also determine how we move forward in making this a normal part of these kinds of investigations. It is something that we think about a lot, and we’ve got to have both the authorities and the human capital built that’s ready to respond to these types of events.”
The Navy had already begun a concerted effort to instill cybersecurity rigor into the commands that are responsible for designing and building its major combat systems — one of the outcomes of a project called Task Force Cyber Awakening in 2015.
But Tighe said the McCain investigation presented an opportunity for the engineering experts within those commands to participate in a real-world, cyber-focused investigation and help build tactics, techniques and procedures to conduct future ones.
“These are the mechanical engineers and aeronautical engineers that live in our systems commands today and are the technical authorities on mechanical systems in our weapon systems or control systems or aviation platforms,” she said. “We think they would be the ones that we would tap into, and they would have multiple reasons for existing. One is simply that we want to build systems that are anticipating and resilient from cyber attack from the get-go, but the second piece is, as we continue to grow the amount of capability we have out there, what if we detect a cyber intrusion into one of those machinery systems? We need to have expertise that can respond to that. A third use so that they are capable of being part of the investigation and they have the full knowledge of their systems that they’re the technical authority for and can look for any signs of cyber intrusion or malware.”
Tighe said the investigation could last weeks or months — probably not years — depending on when and if the team does come across any cyber anomalies in the McCain’s systems that aren’t easily explained away. But as of now, there are no plans to conduct a similar investigation on board the U.S.S. Fitzgerald.
“We have all the data from Fitzgerald, and if anything is found we can go back and take a look at that,” she said. “But moving forward, we want to codify how we will do these types of mishap investigations to account for a cyber component. That’s where we will go from the results of the McCain investigation and just make it part of the normal process of how we do mishap investigations.”