Use the US Navy’s MBSE approach to prevent another Baltimore bridge disaster

Dr Corren McCoy, chief data strategist at G2 Ops, an engineering and cybersecurity firm, writes for Splash today.

Virginia Beach, VA (May 8, 2024) –

The containership disaster that caused the collapse of the Francis Scott Key Bridge in Baltimore raises serious questions about how to make maritime systems around the world safer. While authorities have publicly ruled out a “deliberate act”, it is possible that the ship’s total loss of propulsion control was due to, or exacerbated by, failures of the ship’s Industrial Control Systems (ICS) and/or Operational Technology (OT). While some believe the event was caused by an incredible string of bad luck, the commercial maritime industry can protect against incidents such as this and make their ships more reliable by learning digital engineering lessons from the U.S. Navy.

The Navy’s Model Based System Engineering (MBSE) approach can help maritime operators see how an emergent vulnerability could impact critical operations, better understand how their integrated ICS and OT systems will behave when faults occur, and help them to prioritize fixes and allocate funding to ensure safety and operational resilience of maritime systems over their life cycle.

For years, the Department of Defense has been increasing its use of sophisticated digital engineering, and the Navy has been strengthening defenses and system operational resiliency through MBSE. Using MBSE, all ship’s information technology (IT), OT and ICS subsystems are modeled, including how they interoperate. This helps the Navy analyze potential system weaknesses, develop resilience plans, and test effectiveness within their complex systems.

Commercial maritime has been slow to adopt MBSE, in part because the method requires an upfront commitment to creating digital models. Automation, however, has dramatically decreased initial model generation level of effort, and more than ever – the benefits easily justify the investment.

After accurate granular models are created, they can be regularly updated, monitored, and manipulated to increase visibility and awareness of system operations and vulnerabilities. MBSE can be used by commercial ships to identify and mitigate potential life-threatening incidents that could be triggered by as few as two or three concurrent system failures. With the Navy’s approach, ships leveraging MBSE become less vulnerable due to the methodology’s capacity to illuminate interactions and dependencies between system components. This enhanced understanding makes it easier to predict and mitigate potential points of failure. Additionally, MBSE facilitates extensive simulation and analysis of system behaviors under various scenarios, enabling engineers to proactively identify and address vulnerabilities before they manifest in real-world operations. Consequently, the application of digital engineering reduces the likelihood of concurrent system failures.

One of the Navy’s MBSE applications is driving real-time cyber-resilience by connecting digital twin models of ship-board ICS with data feeds from open-source cyber intelligence databases. By bringing those capabilities together, they enhance analysts’ ability to glean insights into potential vulnerabilities in their systems and to rapidly identify risks associated with accessible pathways in the ICS cyber kill chain.

There are four main steps a commercial maritime operator would take to employ the Navy’s approach:

1. Model the baseline. The first step involves creating a digital twin of IT, OT and ICS subsystem, interface, data flow, and operations threads. MBSE models illuminate the architectural and functional characteristics of systems, interfaces and applications via high-fidelity digital twins. These models enable identification of potential component failures or cyberattack surfaces via a disciplined and standardized engineering approach. Digital models represent the architecture and operational behaviors through diagrams spanning operational threads decomposed to the level of configuration items. Baseline management and change management adjustments can be automated to address design volatility, rapid refresh/insertion rates, and ensure commonality between platform variants.
2. Connect intelligence repositories. The next step is to cross-reference the digital twin against the latest threat intelligence databases. Automated processes can be established to ingest, aggregate, and correlate threat data from open sources and map them to the architecture. This mapping can show how vulnerabilities and attack vectors might impact operational and mission threads.
3. Simulate operational risks. Algorithms can be created to simulate attacks, analyze operational impacts and probabilities, and rank mitigation strategies. This enables operators to drill down on platform and mission cyber risks and develop remediation recommendations ready for prioritizing, decision-making and approval.
4. Monitor and control. All this information is brought together and made usable through simple graphical dashboards. These interactive visualizations enable analysts to use historical and trend analysis to act quickly to implement configuration changes, isolate known vulnerabilities, and identify undiscovered attack vectors.

Commercial maritime operators should consider adopting a digital engineering approach to bolster trust in their role as critical infrastructure providers, avert future disasters, and save lives.

 

For more information about G2 Ops, contact:

info@G2-ops.com

G2 Ops, Inc.

2829 Guardian Lane

Virginia Beach, VA 23452

*****

Learn about Model-Based Systems Engineering and Cybersecurity at G2-Ops.com.