Olivier Jacq

Development of a Cybersecurity Dashboard for the Navy

Context

Cyber defense is now recognized internationally as a new domain of confrontation and conflict. While detection techniques for individual systems are well known, achieving a consolidated and shared cyber situational awareness at the operational, tactical, or strategic levels remains challenging. This limitation hinders the integration of cyber defense as a full-fledged combat domain and may affect cyber maneuverability in countering potential attacks.

The objective of this thesis is to design the organization, methods, and techniques that enable the collection of relevant cyber information at the military level, its analysis, and its effective representation to meet the expectations of the authorities responsible for cyber defense.

Problem Statement

The information systems and applications deployed by the Navy are numerous, varied, often compartmentalized or isolated, and developed by different manufacturers using diverse technologies. These information systems may be embedded and mobile (e.g., on a ship), isolated at sea and disconnected from the world (such as during a submarine dive or a satellite communication outage). This situation significantly complicates the collection of cyber-relevant information needed to detect possible signs of system compromise or attacks, whether targeting a single vessel or an entire fleet. This information gathering must be conducted without introducing additional vulnerabilities to the system being monitored or the interconnected systems.

At the command level—whether operational, tactical, or strategic—decision-making in a cyber maneuver must be based on tangible, timely, and comprehensible elements, even for non-experts. The detection, correlation, analysis, and near real-time presentation of compromise indicators are therefore essential objectives in the context of an ongoing attack. Additionally, the cyber situation must be presented in real time to various authorities, maintaining a high level of abstraction and adapting the presentation to convey the overall situation while sometimes omitting technical details reserved for domain experts. Cyber defense thus ensures the full operational capabilities of naval forces engaged in maritime operations.

Real-time or post hoc collection and analysis of this vast amount of information is a key factor. Big data technologies, particularly lambda architectures, may offer an innovative solution for military cyber defense but must be adapted to the specific constraints of ships at sea.

The thesis has two main objectives. First, by leveraging an in-depth understanding of naval information systems and the overall architecture of the Navy's IT systems, we aim to propose a precise description and modeling of the collection mechanisms and technologies that could be used to detect compromise indicators while maintaining a high level of security. Second, the use of innovative cyber technologies could establish a high-quality cyber situational awareness, defining the scope and consequences of an ongoing attack and facilitating appropriate countermeasures. However, the richness of sensors, the volume of collected data, and visualization needs will require adaptations or additional functionalities.

 

During this thesis, research will focus on the following key areas:

Detailed analysis of the current situation to establish the problem statement: A preliminary study will be conducted to identify the challenges faced by teams in cyber information collection, synthesis, and processing, as well as potential solutions. This study, both bibliographical and practical, will result in a state-of-the-art review and demonstrate how mapping can be used as a tool for cyber crisis management and control.

Modeling the complete collection architecture: This work will define the functional and technological architecture required for effective information gathering. The resulting model must be configurable to adapt to different analyses and platforms, considering the diversity of operational scenarios (on land or at sea).

Modeling the analysis and presentation architecture: After collecting relevant cyber information, semi-automatic or automatic analysis of the large volume of data must enable the establishment of an almost real-time global cyber situation. This will help identify possible compromise indicators that require deeper human and technical analysis. The goal is to integrate, within a cyber-related information system, support for analysis activities related to collected and synthesized information to create a comprehensive cyber status overview.

Visualization requirements for operational, tactical, and strategic levels: Authorities operating at these levels must have access to an analysis and representation of the cyber situation tailored to their specific roles and decision-making needs, allowing them to assess potential impacts on their missions.

Implementation of a prototype: The thesis should result in a functional prototype. A portion of the work will involve implementation in collaboration with military authorities and industry stakeholders. The prototype may include both hardware and software components, depending on technical constraints.