NSWC Crane and NIWC Atlantic launch project to protect navy systems

6 December 2019 (Last Updated December 6th, 2019 14:26)

Researchers at the Naval Surface Warfare Center, Crane Division (NSWC Crane) and Naval Information Warfare Center (NIWC) Atlantic are using computer science methods in a project to make Navy systems more secure.

Researchers at the Naval Surface Warfare Center Crane Division (NSWC Crane) and Naval Information Warfare Center (NIWC) Atlantic are using computer science methods in a project, High Assurance Interface Protocols (HAIP), to make navy systems more secure.

The research project is intended to prevent cyber attacks that exploit interfaces such as USB that are commonly used with mice or keyboards.

Such computer peripherals can easily be hacked, subjecting the computer to security threats.

The system uses a robust firewall to connect the peripheral device to the computer and minimises the process of reacting to a threat, including identifying, assessing, patching, and fixing.

Naval Sea Systems Command (NAVSEA) cybersecurity engineer Robert Templeman has helped launch the research project.

Templeman says that HAIP uses a specific technology, language-theoretic security (LangSec), to create a syntactic firewall.

He said: “We rely on many protocols for communication between elements of our systems and platforms. Cybersecurity failures often occur when overly-complex, and vulnerable, interface protocols are exploited.

“Our current cybersecurity approaches do little to harden these interfaces, but some available approaches do exist to offer varying levels of protection.

“LangSec applies foundational computer science and mathematical laws to precisely define allowable traffic for a given protocol and can use proofs to provide guarantees of correctness.

“LangSec essentially applies the same rigour to the use of interface protocols that organisations such as DoD require of encryption.”

This is a project funded by the Naval Innovative Science and Engineering (NISE).

NSWC Crane computer scientist Adam Shull said that HAIP prevents attaching a commercial keyboard directly to a navy computer or system.

Shull said: “The peripheral device, which could have malicious software, would connect to the HAIP device, which would then connect to the computer.

“Running the HAIP firewall on a separate device allows it to protect systems currently in use.

“We envision HAIP being used to protect a wide variety of devices across the navy and Department of Defense (DoD) in the future.

“HAIP will ultimately help keep our country and the warfighter safe and secure.”

Templeman said that threats in cyberspace touch all platforms and systems and HAIP benefits the vessels.