The Royal Navy is extremely confident that its prized asset- the brand-new 65,000 tonne HMS Queen Elizabeth aircraft carrier, as well as its complement of F-35 stealth fighters, will be safe from cyber-attacks in the future, even though several experts have warned that the mighty warship could be vulnerable to certain threats.
In June last year, The Guardian reported that during a tour of the £3.5bn carrier, visitors had spotted the presence of a number of screens using the outdated Windows XP operating system, the one whose weaknesses hackers had so completely exploited to inject hundreds of thousands of computers with the dreaded WannaCry ransomware.
Concerns immediately arose about whether the HMS Queen Elizabeth was equipped enough to ward off cyber attacks or if it contained weaknesses that hackers could exploit at the right moment.
However, Mark Deller, Commander Air on the carrier flagship told The Guardian that the ship was “less susceptible to cyber than most” and that there was a team of cyber specialists on the ship who were on the look out for cyber-attacks in future.
“When you buy a ship, you don’t buy it today, you bought it 20 years ago. So what we put on the shelf and in the spec is probably what was good then. The reality is, we are always designed with spare capacity, so we will always have the ability to modify and upgrade. So whatever you see in the pictures, I think you will probably find we will be upgrading to whatever we want to have in due course. It might have already happened but I can’t tell you,” he said.
Royal Navy confident about HMS Queen Elizabeth’s cyber capabilities
Recently, Commodore Mike Utley, the commander of the UK Carrier Strike Group, sought to allay concerns about HMS Queen Elizabeth‘s cyber-preparedness by publicly stating that he was extremely confident about the cyber security capabilities of the carrier.
“This is fifth-generation stuff, these things are built with that in mind. We know the threats that are there, and they were built to deal with them. That does not mean we can be complacent, because we can’t be complacent,” he told the Press Association in New York.
“It is not just about viruses and attacks, it is also about hybrid information warfare and the sort of shenanigans some nations are prepared to play. And we need to be ahead of that narrative,” he added, implying the challenges that lie ahead for the aircraft carrier.
Commodore Utley also told the press that while the Carrier Strike Group has separate commanders for anti-air, anti-submarine and anti-surface operations, it also has a commander who is responsible for tackling information warfare.
Hackers could use social engineering to steal classified data
While the cyber-preparedness of HMS Queen Elizabeth is essential for Britain’s national security, information warriors at the Royal Navy will need to stay alert for many a tactic that state-sponsored hacker groups could employ in the future to infiltrate the ship’s IT systems or to gain access to classified information about the ship.
Back in August, thanks to an alert airwoman, the Royal Air Force was able to prevent the breach of classified information about the cutting-edge F-35 stealth fighter, 138 of which are being purchased by Britain from the United States, with each fighter costing around £92 million.
The RAF learned in August that a hacker hacked into an RAF airwoman’s Tinder account and then used the account to initiate a conversation with an RAF airman to make him divulge details about the F-35 fighters.
Fortunately, the social engineering tactic failed as not only was the airman not connected to the F-35 programme, the woman whose account was hijacked also learned about the hack and informed her superiors immediately. After investigating the campaign, the RAF issued an internal memo to all servicemen to warn them about the risk posed by social engineering attacks.
“Within the last week a serving member of the RAF had their online dating profile hacked. It subsequently transpired that the perpetrator then attempted to befriend another serving member of the RAF to apparently elicit comment and detail on F-35.
“Fortunately, little information was disclosed and the individual whose account had been hacked reported this matter expediently enabling prompt follow-up action and investigation. Nevertheless, this incident serves to highlight the risk of social engineering (SE) and online reconnaissance against social media profiles that disclose links to HM Forces,” the memo read.