Voting
?What about new design for our website
- Excellent
- Very Good
- Good
Voting Number 1647
- Birds of Goodness executes 41st humanitarian aid airdrop in north Gaza
- Birds of Goodness delivers over 3000 tons via 40 airdrops since humanitarian operation commenced.
- 'Birds of Goodness' executes 39th humanitarian aid airdrop in north Gaza
- 'Birds of Goodness' executes 38th humanitarian aid airdrop in north Gaza
- Saab delivers fourth GlobalEye to the UAE
- Birds of Goodness executes 37th humanitarian aid airdrop in north Gaza
- Birds of Goodness executes 36th humanitarian aid airdrop in north Gaza
- Birds of Goodness executes 35th humanitarian aid airdrop in north Gaza
- Led by the Commander of Joint Operations .. A delegation from the Ministry of Defense, has initiated several-day visit to the People's Republic of China
- Birds of Goodness executes 34th humanitarian aid airdrop in north Gaza
- Birds of Goodness' executes 33rd humanitarian aid airdrop in north Gaza
- Birds of Goodness delivers over 2,000 tonnes of aid via 32 airdrops since humanitarian operation began
- On the 2nd day of Eid al-Fitr... Birds of Goodness Executes 31st Humanitarian Airdrop and Eid Clothing in North Gaza
- On the first day of Eid Al-Fitr,UAE and Jordan conduct 14th joint food aid airdrop in northern Gaza
- UAE and Jordan conduct 13th joint food aid airdrop in northern Gaza
- 'Birds of Goodness' Executes 29th Humanitarian Aid Airdrop and Eid Clothing in North Gaza.
- UAE and Jordan conduct 12th joint food aid airdrop in northern Gaza
- 'Birds of Goodness' Executes 28th Humanitarian Aid Airdrop and Eid Clothing in North Gaza
- UAE and Jordan conduct 11th joint food aid airdrop in northern Gaza
- ‘Birds of Goodness’ delivers over 1,500 tonnes of aid via 27 airdrops since humanitarian operation began
2024-04-04
Thales Strengthens Naval Defence Against Cyber Threats
Cyber-attacks are increasingly common, affecting various sectors including government programmes and naval operations. State actors are utilising cyber warfare as a low-risk and cost-effective alternative to conventional warfare.
This shift poses a significant threat to naval operations, as even minor software issues or data breaches can have severe consequences during missions.
This shift poses a significant threat to naval operations, as even minor software issues or data breaches can have severe consequences during missions.
To address this challenge, a robust Naval Security Framework has been developed, offering navies worldwide a comprehensive and cost-efficient approach to implementing cyber defence measures on their ships.
Most generic security frameworks, like ISO standards, provide broad organisational guidance for setting up cyber defences. They offer standardised requirements conducive to improved quality and security across various contexts. However, implementing these frameworks can be challenging in highly specialised environments, such as military combat systems.
The evolving domain of cyber warfare at sea adds complexity, requiring tailored approaches to meet naval and accreditation requirements. Leading international defence contractor Thales has come out with solutions to bridge this gap.
Specialised Team
The company mobilised a specialised team to bolster naval cybersecurity and aid customers in implementing tailored cyber security frameworks onboard naval vessels. Naval warfare experts, product experts, cyber security specialists and network and software engineers combined their skillsets for more detailed results.
Based on a combination of Thales knowledge of naval specific threats, Thales’ naval mission systems, plus software and hardware knowledge, the team translated their findings into a new set of naval specific cyber security (engineering) requirements – with the strengths and limitations of other existing, accredited generic security frameworks in mind. The end result is Thales Naval Security Framework, or NSF!
Three Layers
The architecture of the NSF is built on three layers of security. The first layer is called Defence in-depth: this means the security is not based on one specific type of protection, but employs different kinds of protection at different levels of a system.
If one protection layer fails, others targeting the same threat remain active, providing crucial additional time to prevent further complications. For instance, user access control, file encryption, and security events logging form a Defence-in-depth software architecture.
If one protection layer fails, others targeting the same threat remain active, providing crucial additional time to prevent further complications. For instance, user access control, file encryption, and security events logging form a Defence-in-depth software architecture.
The second layer aims to reduce the attack surface of user systems. For instance, limiting user access rights based on specific roles minimises the risk of misuse. Network segmentation into different domains ensures that only necessary users have access to relevant information.
The third layer stresses self-reliance in cybersecurity, advocating for users to install their own protection measures instead of relying solely on external systems or partners. For example, a ship system must deploy a firewall on its data connection with shore systems. This principle is crucial across the military and commercial supply chain, where external suppliers’ equipment poses risks due to prevalent malware.
Seamless Integration
These architectural layers may seem straightforward, yet they’re not much different from what’s implemented in offices or suggested by generic frameworks. What sets Thales’ NSF apart is how it has integrated these layers into existing naval software procedures and hardware setups.
Generic requirements impact software processes aboard navy vessels, affecting crew performance. Likewise, they influence available space onboard, impacting existing safety protocols. They shape operator training and skill sets. Thales considered all these factors, tailoring generic standards into naval-specific solutions.
Two-factor Authentication
Consider two-factor authentication, like biometric fingerprint and password authentication, which is common on smartphones and social media. While secure, it may not be feasible in combat conditions where every second counts, or when wearing protective gear that obstructs fingerprint use. Such generic security measures don’t align with naval environments.
Similarly, governmental requirements mandate gateways between domains with different classification levels, common in office settings. Yet, in combat systems, strict throughput and latency requirements are essential for timely decision-making, making gateway implementation challenging. Time is definitely of essence.
There are many more navy specific safety, system, performance and operational requirements that require a tailored application and implementation of security best practices and controls. Thales Naval Security Framework has layered these over existing security frameworks to help users to more easily follow compliance with national regulations and international standards, while still meeting their naval needs.
More than its generic counterparts, it sets out to help you obtain accreditation and security while steering clear of implementing requirements that don’t fit the context (avoiding cost overshoots and project delays).
In the end, it is about achieving the desired security effects, through the right balance between protection, performance, residual risks, and costs, empowering users to choose what works best.
Thales offers various packages tailored to operational needs and risk appetite. Whatever users require, the company says it can implement security measures to safeguard system functionality and performance, prioritising safety and mission objectives. Ultimately, like finding one’s way to Rome, there are many paths to success.
Visitors Comments
Related Topics
.
No Comments