System Proves Resilient to Cyber Attacks
Leonardo used the 2018 Doha International Maritime Defence Exhibition & Conference (DIMDEX 2018) in Qatar to announce that its 76/62 Super Rapid (SR) naval gun has successfully ended an extensive vulnerability assessment campaign, ensuring that it will be resilient to cyber-attacks in the future.
The assessment was carried out as part of Leonardo’s commitment to ensuring its products and systems are protected against the threat of cyber-attacks from hostile actors. Continuous upgrades to the OTO 76/62 SR weapon system have made it increasingly dependent on technology that, while optimising the performance of the gun, has made the system potentially more vulnerable to cyber-attacks. The assessment therefore set out to identify potential cyber threats and implement specific countermeasures.
By challenging the technology adopted in the OTO 76/62 SR system and employing a set of best practices, it was possible to determine attack scenarios that could be exploited by voluntary or accidental actions. These scenarios include the presence of malware or viruses on removable devices, behaviour falling outside the common-sense rules of cyber security.
The key component of the OTO 76/62 SR is its gun console, which manages all other parts of the weapon system. Depending on system configuration, this could include the STRALES capability (i.e. a targeting system for the DART highly manoeuvrable projectile), the VULCANO ammunition capability and, in all cases, the Multi Feeding (MF) device for automatic ammunition handling. Focusing on the gun console and taking the whole weapon system into account, the assessment has allowed Leonardo to define potential weaknesses and implement security measures that mitigate the risk associated with the identified vulnerabilities.
In addition to satisfying Leonardo’s strict security policies against cyber threats, the OTO 76/62 SR cyber security assessment also demonstrated that the weapon system meets a number of security requirements put forward by expert bodies, specifically the NIST SP800-53, ISO 15408 and ISO 27002 standards.