The cyber threat in Naval Warfare

Cyber warfare
Image courtesy of Marine Digital

The development in technology has made the weapons and systems used in naval warfare more effective and powerful but caused some issues about security. In particular, the continuous communication of the systems via satellite and link systems and the innovations brought within the scope of the network-centric warfare concept has started to bring cybersecurity issues to the forefront. Because naval warships require several computer networks to operate at sea to fulfil their missions, and as a fundamental principle, a computer is no longer secure after connecting to a network.

As the technology evolves and most of the systems begin to be managed in a network-centric manner, security requirements increased. Many algorithms have been developed to neutralize the security mechanisms. Hence, the defense against cyber threats has been the main subject of a never-ending dynamic struggle.

Although the development of command control systems, network-centric management of ships, and the increase in satellite capabilities have provided many benefits in warfare, they have made ships more vulnerable to cyber attacks than ever before. The computer networks of the warships not only allow for communications between the ship and shore establishments over the defence enterprise networks, but they also control the machinery that enables a ship to float and move. They ensure safe navigation, manage the weapon systems and maintain the recognized maritime and air picture for timely command and control.

eh - naval post- naval news and information
The cyber threat in Naval Warfare 7

What are cyber warfare and cyber attack?

Cyberwarfare uses digital attacks to attack a nation, causing comparable harm to actual warfare and disrupting vital computer systems. In computers and computer networks, an attack attempts to expose, alter, disable, destroy, steal or gain information through unauthorized access to or make unauthorized use of an asset. A cyberattack is any offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially malicious intent. Depending on the context, cyberattacks can be part of cyberwarfare or cyberterrorism.

Cyberwarfare, which took its first steps with various applications during the Cold War, became a severe threat worldwide since the early 2000s. Cyber ​​attacks carried out by Russia due to the events in Estonia in 2007 caused significant damage to national information systems, internet service providers, and banks. The direct result of the cyberattacks was creating the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn.

The attack that compromised the United States (US) Department of Defense (DOD) Non-Secure Internet Protocol Router NETwork (NIPRNET) and the Secure Internet Protocol Router NETwork (SIPRNET) in 2008 was accomplished by malicious software (malware) found on a USB flash drive that was left in a DOD base parking lot by a foreign intelligence agency. This attack led to the creation of the US Cyber Command.

The emergence of these attacks as a supportive element of the hot war was seen in the 2008 Russia-Georgia war. Although the Georgian army was not directly targeted by the cyber-attacks made by the Russians, the attacks on the Georgian websites were tried to weaken the government and the top administrators and to break the will of the people to fight. We can say that the real devastating effect of cyber attacks was first seen in Iran. The fact that Iran lost 20 percent of its nuclear capabilities due to the Stuxnet attack on its nuclear facilities revealed how dangerous cyberattacks are.

1bef9bd0 cb54 11e9 afbb 41ba524c604d - naval post- naval news and information
Iran lost 20 percent of its nuclear capabilities due to the Stuxnet attack

Cyber attacks on naval domain

The cyberattack didn’t show its dark face to the warships and the naval facilities yet. Though we witness cyber intrusions to several systems sometimes, an actual devastating cyber attack has not been noted so far. However, the countries have been building counter-cyber systems to cope with such attacks because cyber is a massive threat on the table.

The digitalization of command and control systems in warships and the gathering of naval assets in the same network via both radio frequencies, satellite, and data links made the ships vulnerable against such attacks. Together with the encrypted networks on the ships, almost every ship is connected to the internet. Though the internet and system networks of the ships are physically separated, there is still risk even if the distance between data cables of both networks is not enough.

uss vincennes showing some of the earlier aegis large screen displays now outmoded usn photo - naval post- naval news and information
Crew members monitor radar screens in the combat information center aboard the guided missile cruiser USS VINCENNES (CG-49).

As network-centric warfare becomes widespread, creating structures where units can use each other’s sensors and even weapons in a distributed architecture ensures that the assets can fight as a whole. But, the network-centric system is also a door for cyber-attacks. In such attacks, the enemy is invisible, the engagement bearing is not precise, its weapon is the computer, and ammunition is data. While it takes years to upgrade a regular weapon system, software to be used in cyber attacks is perhaps renewed day by day. Therefore, it is more challenging to build countermeasures.

In addition, a cyber attack can be carried out in the form of internal sabotage software on the ship. Such attacks may affect the combat management systems, navigation systems, and propulsion systems of a modern warship, and the damage is unpredictable.

Therefore, it is necessary to integrate counter-cyber systems to the warships that can defend against cyber threats. The ship’s structure should be designed accordingly to cope with the cyberattacks, including cabling standards, necessary sensors, notification systems, etc. The Counter-cyber system should be considered part of the warship’s defence system, just like air-defence or close-in weapon defence systems.

ship communications - naval post- naval news and information
The cyber threat in Naval Warfare 8

A cyber-resilient ship: Belharra-class frigates

In this era, protecting a ship against cyber attacks cannot be provided only with protective software and firewalls. The fight against a cyber threat should include all aspects such as hardware, software, structure, understanding, and doctrine. Though there are some applications, we can say that the first cyber-resilient warship designed under cyber warfare principles is France’s Belharra-class frigates, or Fregate de Defense et d’Intervention (FDI), which is currently under construction.

head of greek defense procurement agency visited naval group - naval post- naval news and information
Naval Group image

The FDI’s digital native design introduced on a French Navy’s warship is centered on a ship’s platform and combat system data infrastructure based on two data centers, a cyber management system to protect the whole ship.

According to an article written by Luca Peruzzi on EDR Magazine, the FDI incorporates a digital backbone based on two data centers where all the shared computing power is concentrated, one of which located inside the PSIM module while the other is under the hangar area for redundancy and higher platform’s survivability. This digital backbone with a competent, user-friendly, cyber-defense software-based management capability (CyMS) for both the platform and combat systems is also used for obtaining usage and diagnostic information.

If a cyber-attack occurs on the ship’s data system, the ship systems will be reloaded, and the cyber-attacked ship would keep fighting. While the ship is fighting against air, surface, and underwater threats with all its means, cyber experts at CyMS would support the ship against possible cyber attacks on the ship in close coordination with electronic warfare personnel.


Like many developments in history that have formed the end of the action-reaction principle, countries devoted pay more attention to cyber warfare after facing the devastating results of cyberattacks. The main reason for being late in developing defense systems against cyber threats in the naval domain is that no severe cyberattack occurred at sea. 

However, the absence of hot contact does not mean that there is no threat. The arms race has increased around the world, and many resources are being allocated to the navies. If software with the size of 100 kilobytes can neutralize a frigate that costs more than one billion $, the cyber threat should be taken into consideration in the first line. No one can guarantee that a 17-year-old hacker will not turn a network-centric system upside down.

Preparing against cyber attacks is a “must” for the navies. Thus, it will be understood how to build counter-cyber systems when facing an unexpected and devastating cyber attack.

a - naval post- naval news and information
The cyber threat in Naval Warfare 9