Forgot your password?
typodupeerror
The Military Security United States

Cyber Vulnerabilities Found In Navy's Newest Warship 162

Posted by samzenpus
from the scuttle-the-ship's-computer dept.
An anonymous reader writes with some potentially troubling news about some security issues with the Navy's newest class of coastal warships."A Navy team of computer hacking experts found some deficiencies when assigned to try to penetrate the network of the USS Freedom, the lead vessel in the $37 billion Littoral Combat Ship program, said the official, who spoke on condition of anonymity. The Freedom arrived in Singapore last week for an eight-month stay, which its builder, Lockheed Martin Corp., hopes will stimulate Asian demand for the fast, agile and stealthy ships. 'We do these types of inspections across the fleet to find individual vulnerabilities, as well as fleet-wide trends,' said the official."
This discussion has been archived. No new comments can be posted.

Cyber Vulnerabilities Found In Navy's Newest Warship

Comments Filter:
  • by Anonymous Coward

    "The Freedom arrived in Singapore last week for an eight-month stay, which its builder, Lockheed Martin Corp., hopes will stimulate Asian demand for the fast, agile and stealthy ships"

    we paid for it so they can advertise?

    • Re: (Score:2, Insightful)

      by waddgodd (34934)

      Surprisingly, much of the US Navy's job is to advertise, cf the Great White Fleet and various other show the flag exercises, it's just this time the shipbuilder foolishly thinks that the advertising being done is "buy our stuff" and not "do you REALLY want to mess with us?" I'd not be surprised if the Freedom hasn't already got orders for the North China Sea to "advertise" to the DPRK and is just taking Liberty Call to replenish and resupply before they go.

    • Re: (Score:2, Interesting)

      by hairyfeet (841228)
      They are trying to sell it because it is a Vista sized bomb, its underpowered, undergunned, its a billion dollar piece of shit. Which shouldn't be surprising as the only thing our military industrial complex has been able to do since the 90s is pad the expense account but there ya go, yet another billion dollar boondoggle that won't do what we need and is good for nothing more than target practice.
    • we paid for it so they can advertise?

      You'd rather the ship stayed in port forever just so Lockheed -Martin doesn't get the free advertising?

  • by Jah-Wren Ryel (80510) on Sunday April 28, 2013 @12:05PM (#43574799)

    USS Yorktown circa 1997 [wikipedia.org]

    • by Anonymous Coward

      USS Yorktown circa 1997 [wikipedia.org]

      Not exactly the same thing. On the Yorktown a crew member entered a zero into a database field using the MSSQL management console, causing a divide by zero error. This occurred during system testing and was later fixed.

      Quite different from an exploitable security vulnerability.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Fixed? You call running your propulsion control and maneuvering systems on windows nt fixed? This is simply laughable.

        Such systems should only be run on a completely independent tactical network and run only on bulletproof RTOS's.

        • by CanEHdian (1098955) on Sunday April 28, 2013 @03:55PM (#43576117)

          Such systems should only be run on a completely independent tactical network and run only on bulletproof RTOS's.

          Plus you need an emergency backup that is independent of the network so you can run everything "locally" and have commands transferred from the bridge the old way.

          • by rtb61 (674572)

            The infamous, manual override. There is of course one serious problem with manual over ride in today's corporate run crazy ass world, you need skilled people (paid high wages) to do it and there just ain't no bloody corporate profit in that, hence no manual over ride. Obviously if you are fully capable of manual over ride, why bother with the automation, except for simple monitoring and reporting.

            It needs to be extremely complicated, repairable and upgradeable only at base by private contractors at enor

        • by drnb (2434720)

          Fixed? You call running your propulsion control and maneuvering systems on windows nt fixed? This is simply laughable. Such systems should only be run on a completely independent tactical network and run only on bulletproof RTOS's.

          While I prefer a more traditional embedded environment with a RTOS, blaming the problem on Windows NT is perpetuating an urban myth. The divide by zero was in an application not the operating system. If this application had been running under Linux or Mac OS X or a RTOS it would not have mattered, the problem was internal to the application. Well at least according the the developers of the software and the Navy officers and chiefs on board the ship at the time.

      • by PPH (736903) on Sunday April 28, 2013 @01:55PM (#43575387)
        Its been a few decades since we lost any military assets to a zero [wikipedia.org].
    • by maxwell demon (590494) on Sunday April 28, 2013 @01:25PM (#43575211) Journal

      USS Yorktown circa 1997 [wikipedia.org]

      Interesting quote from there:

      “Because of politics, some things are being forced on us that without political pressure we might not do, like Windows NT. If it were up to me I probably would not have used Windows NT in this particular application ... Refining that is an ongoing process ... Unix is a better system for control of equipment and machinery, whereas NT is a better system for the transfer of information and data. NT has never been fully refined and there are times when we have had shutdowns that resulted from NT.”

      —Ron Redman

      • by Anonymous Coward

        Someone covering their ass isn't that interesting. He blames Windows NT rather than flaws in the client software, which was designed under his supervision, and the likes of you gulp it down without question.

        • by PPH (736903) on Sunday April 28, 2013 @01:51PM (#43575369)

          Client software shouldn't be able to bring down an O/S. Never mind an entire network.

          • Client software shouldn't be able to bring down an O/S. Never mind an entire network.

            It didn't. The network did not go down. LAN consoles crashed.

      • NT is a better system for the transfer of information and data

        I wonder where he got that idea?

  • I can't imagine... (Score:4, Informative)

    by The Real Dr John (716876) * on Sunday April 28, 2013 @12:23PM (#43574913) Homepage
    I can't imagine spending $37 billion dollars of taxpayers money on anything better for the the taxpayers than some more naval vessels. Why waste it on schools, or roads or infrastructure, when you can have... um, well, some nice new ships for the Navy to sail around in?
    • by Anonymous Coward

      I once heard an interview where that same rationale was used for healthcare in UK... it went something like ``if we can afford to spend $X on killing people, we can afford less than that to heal them''. (that interview had a lot of ww2 sentiment in it, but the basic idea is that military spending is way overboard compared to things-that-trully-help-people).

      • by Anonymous Coward

        the basic idea is that military spending is way overboard compared to things-that-trully-help-people).

        I'd give more credence to that view if it weren't for the fact that the US, which is one of the bigger defense spenders, didn't spend more than three times as much on health care as on defense. Britain spends less on health care as a percentage of GDP and still spends more than three times as much on health care as on defense.

        Health care (15.2%): http://en.wikipedia.org/wiki/Health_care_in_the_United_States [wikipedia.org]
        Defense (4.7%): http://en.wikipedia.org/wiki/Military_budget_of_the_United_States [wikipedia.org]
        Britain health car

        • by tehcyder (746570)
          I find it bizarre that the US spends a higher percentage of GDP on "healthcare" than Britain, even though we have a National Health Service. Clearly, someone is making a lot of money out of health in America. But the fact that you let insurance companies make money out of providing a natural right means that you are in effect creating insurance jobs rather than looking after people's actual health.
    • by Anonymous Coward

      that's more than a thousand dollar per american. have the republicans protested against it ?

      • by sconeu (64226)

        And there's the proof that the money needs to be spent on schools. Try $100, not $1000.

        • by sconeu (64226)

          Stupid comment filters. I was assuming GP was talking about the $37 billion.

    • by Solandri (704621) on Sunday April 28, 2013 @01:25PM (#43575209)
      U.S. spending per student on education is among the highest in the world [mercatus.org]. Of all the problems which plague our education system, funding is definitely not one of them.

      One can argue defense spending needs to be reduced. But proposing it should be spent on schools instead is just shifting money from one bloated program to another.
      • by tehcyder (746570)

        U.S. spending per student on education is among the highest in the world [mercatus.org]. Of all the problems which plague our education system, funding is definitely not one of them.

        So how come you have people with such large student debts?

        Because, in my book, having universities that charge $100K for a degree course doesn't mean that you've spendt $100K on education, it just means you're funnelling money towards wealthy private educational institutions that should, self-evidently, all be nationalised and owned/run by the people.

    • by magarity (164372)

      Schools are paid for by local governments, not the federal government. Roads and "infrastructure" are frequently paid by a combination of federal and local governments with local governments paying almost all ongoing maintenance.
      The navy meanwhile is a 100% federal responsibility.

  • by Joe_Dragon (2206452) on Sunday April 28, 2013 @12:33PM (#43574949)

    Windows for Warships 2012 now with more touch controls.

    To fire swipe the screen.

  • create demand? (Score:1, Insightful)

    by reynolds_john (242657)

    It should give pause to anyone joining the military that our citizens, and our own government would seek to arm the rest of the world, potentially to be used against us. better to stay in school, join the military industrial complex and create the weapons, rather than be paid a pittance and die prematurely on the battlefield. Take a page from our congressional leaders.

  • The first mistake was to call it the "Littoral Combat Ship", which makes people confused about the intended mission specs. I mean, literally who the hell uses the word "littoral"? "Almighty Almighty, this is Littoral Combat Ship Street Gang. Radio check, over!" Yuck.

    They should have called it the "Riparian Combat Ship". Ya, that's the ticket.

    • "Littoral" sounds meaner than "Shallow water".

      Shallow water combat sounds like your mom won't let you into the deep end of the pool.

  • by GeneralTurgidson (2464452) on Sunday April 28, 2013 @12:53PM (#43575059)
    Dr. Gaius Baltar
    • by Seumas (6865)

      That was my thought, exactly. "Didn't we already learn not to network our ships in BSG?"

      • by jmcvetta (153563)

        We learned, yes. The people actually building our military systems, apparently not so much.

      • We (the US Navy) has been networking it's ships since it was born... first with flags and lights forming a sneakernet, then with telegraphy and voice radio in the same role, and finally with direct data and control links since the 1950's. Internal networks have followed the same arc. (The original practice of both stretches back into antiquity.)

        Seriously, don't try and extrapolate technology lessons from TV or other fiction. It just makes you look like a fool.

        • by F.Ultra (1673484)
          So it's better to claim that something is good just becasue you have used it for a length of time?
          • Had I made such a claim, you'd have a point.

            • by F.Ultra (1673484)
              In that case you hid it very well. How else are we supposed to read your comment when you write that the Navy have used networking since it was born in a reply to a post about Networking ships beeing bad?
  • What a name. (Score:5, Insightful)

    by Stormwatch (703920) <rodrigogirao@nosPAm.hotmail.com> on Sunday April 28, 2013 @01:25PM (#43575207) Homepage

    USS Freedom.

    What a name, just like something out of a satirical comic book. Seriously, you 'murricans seem to have a fetish for the word, but the more you use it, the more you seem to forget its actual meaning.

    • Agreed.

      Good Ship Names:

      • U.S.S. Dauntless
      • U.S.S. Enterprise
      • H.M.S. Indefatigable
      • H.M.S. Indomitable
      • H.M.S. Implacable
      • U.S.S. Intrepid

      Bad Ship Names:

      1. U.S.S. Freedom
      2. U.S.S. George H. W. Bush
      3. H.M.S. Unicorn

      Ship Names Too Excellent to Use:

      1. G.S.V. Eschatologist
      • by NekSnappa (803141)
        Although no fan of George the First, I see nothing wrong with naming an aircraft carrier after a president who was a naval aviator. Now the USS Ronald Regan, that's another story.
      • by pesho (843750)

        G.S.V. Eschatologist

        My personal favorite:

        R.O.U. Xenophobe

      • Well I thought it was a good post, especially the GSV reference. if I had mod points you'd get some.
    • Why is it bad when Americans name a naval ship "Freedom" but not when the British have done so?

      • by Anonymous Coward

        I don't think that the British have ever had a warship called Freedom. http://en.wikipedia.org/wiki/List_of_ship_names_of_the_Royal_Navy_%28D%E2%80%93F%29

        • by MiniMike (234881)

          I noticed on that list the H.M.S. Flambeau. Isn't that just asking for trouble? Hope it had a good fire suppression system...

          There was also a U.S.S. Flambeau [wikipedia.org]

    • by Solandri (704621)
      It's a double-entendre. The Freedom is the lead ship in a new class of Littoral Combat Ships (LCS), designed to operate in shallow waters close to shore. It replaces the frigate (smaller than destroyers, typically used as escorts). The Navy tries to keep its main line ships away from shore, out of range of land-based radar and gun and missile batteries. The Freedom class ships are big enough to replace frigates in escort duty in open water, but have the freedom to operate closer to shore.

      Previous shi
    • We have a saying here in America: "The beatings will continue until morale improves." You don't like our style of peace? We have a fully armed drone that'll fix that. We can easily send it your way. Don't you forget that! All you foreigners always complainin' 'bout the way we do things. Ha! You're just jealous because of the beat down we gave everyone after World War 2. Since then, we've preserved the peace in... uh... that middle eastern place. Or were there two? Or three? I lose count. But we

  • That word is so overused, it's lost all meaning - and I don't even know what the meaning was in the first place any more.

    • by tehcyder (746570)

      That word is so overused, it's lost all meaning - and I don't even know what the meaning was in the first place any more.

      Cyber: to have virtual sex with an overweight 48 year old virgin male sysadmin who is pretending to be a blonde 19 year old nymphomaniac cheerleader.

      • It did. But even that use is now vague - if you do it by phone, it's now 'sexting.' Or does sexting mean sending images? I've seen it used both ways.

        People who actually do sexual roleplay online never refer to it as 'cybering' - they consider the term very vulgar and low-class.

  • What the hell does that even mean? Perhaps you mean software vulnerabilities?

  • by Anonymous Coward

    There is little difference in design philosphy between a WWII Fletcher class destroyer and the Freedom class Littoral Combat Ship. Fast, shallow draft, thin skinned. Just because they aren't currently bristling with armament doesn't mean they can't be up armed. One of the major design considerations for the LCS class is its "plug-and-shoot" architecture. From what I've seen of the design it wouldn't be hard to up gun the Freedom class LCS with 3 5"/62 guns. That would give the LCS about as much firepower as

  • Just some littoral stimulation for Asia. Haha.

  • I haven't read the article but I'll wager that they're using Windows. I remember an article posted here about ten years ago that reported on a Navy ship that was being run completely using Windows NT 4.0. It's kind of strange to depend upon such a wonky piece of software. But today with everything being so interconnected, using Windows today would seem to be a bad gamble. But then it might be interesting. When it was demonstrated that voting machines were using Windows it was seen to be an opportunity

  • Cyber cyber..cyber....cyber.cybercyber..cybercybercyber... siber syberrrrrrr cibrasrdasnmb.. compewter hakka esperts..

    I'm sorry - I don't care.

    Just roll out Microsoft - it will be che-*snigger*-per.. pwahaha. You think 150 brazillion dollars would buy you a decent rig.. Old guys with cigars.

  • It will probably corrode before it's hacked. They actually designed an ocean-going war vessel _without_ a cathodic corrosion protection system. I think they tacked one on later when real Navy men found out, but it's a damning insight into how this ship was 'designed' in the first place.
  • or does naming ships like "Freedom" sound a bit too dystopic.

    Also perhaps I am the only one that thinks it is funny that eventually someone is going to get killed by Freedom... It is a Warship after all.

    "Today Freedom killed thousands of people, truly a great day for Freedom!" LOL

Organic chemistry is the chemistry of carbon compounds. Biochemistry is the study of carbon compounds that crawl. -- Mike Adams

Working...