Olivier Jacq
Directeur(s): Yvon Kermarrec
Encadrant(s): David Brosset et Jacques Simonin
Cybersecurity, Navy, Ships, Port, Intrusion detection, Situational awareness

SUJET DE THÈSE
Development of a Cybersecurity Dashboard for the Navy
Context
Cyber defense is now recognized internationally as a new domain of confrontation and conflict. While detection techniques for individual systems are well known, achieving a consolidated and shared cyber situational awareness at the operational, tactical, or strategic levels remains challenging. This limitation hinders the integration of cyber defense as a full-fledged combat domain and may affect cyber maneuverability in countering potential attacks.
The objective of this thesis is to design the organization, methods, and techniques that enable the collection of relevant cyber information at the military level, its analysis, and its effective representation to meet the expectations of the authorities responsible for cyber defense.
Problem Statement
The information systems and applications deployed by the Navy are numerous, varied, often compartmentalized or isolated, and developed by different manufacturers using diverse technologies. These information systems may be embedded and mobile (e.g., on a ship), isolated at sea and disconnected from the world (such as during a submarine dive or a satellite communication outage). This situation significantly complicates the collection of cyber-relevant information needed to detect possible signs of system compromise or attacks, whether targeting a single vessel or an entire fleet. This information gathering must be conducted without introducing additional vulnerabilities to the system being monitored or the interconnected systems.
At the command level—whether operational, tactical, or strategic—decision-making in a cyber maneuver must be based on tangible, timely, and comprehensible elements, even for non-experts. The detection, correlation, analysis, and near real-time presentation of compromise indicators are therefore essential objectives in the context of an ongoing attack. Additionally, the cyber situation must be presented in real time to various authorities, maintaining a high level of abstraction and adapting the presentation to convey the overall situation while sometimes omitting technical details reserved for domain experts. Cyber defense thus ensures the full operational capabilities of naval forces engaged in maritime operations.
Real-time or post hoc collection and analysis of this vast amount of information is a key factor. Big data technologies, particularly lambda architectures, may offer an innovative solution for military cyber defense but must be adapted to the specific constraints of ships at sea.
The thesis has two main objectives. First, by leveraging an in-depth understanding of naval information systems and the overall architecture of the Navy's IT systems, we aim to propose a precise description and modeling of the collection mechanisms and technologies that could be used to detect compromise indicators while maintaining a high level of security. Second, the use of innovative cyber technologies could establish a high-quality cyber situational awareness, defining the scope and consequences of an ongoing attack and facilitating appropriate countermeasures. However, the richness of sensors, the volume of collected data, and visualization needs will require adaptations or additional functionalities.
During this thesis, research will focus on the following key areas:
Publications
Olivier Jacq. Detection, contextual analysis and visualisation of cyber-attacks in real time: developing Cyber Situational Awareness in the maritime world. Cryptographie et sécurité [cs.CR]. Ecole nationale supérieure Mines-Télécom Atlantique, 2021. Français.
Olivier Jacq, David Brosset, Jacques Simonin, Yvon Kermarrec. Use of Suricata, ElasticStack, Neo4j and Linkurious for network defence. SuriCon, Oct 2019, Amsterdam, Netherlands.
Olivier Jacq, David Brosset, Yvon Kermarrec, Jacques Simonin. Cyber attacks real time detection: towards a Cyber Situational Awareness for naval systems. Cyber SA 2019 : International Conference on Cyber Situational Awareness, Data Analytics And Assessment, Jun 2019, Oxford, United Kingdom.
Olivier Jacq, Xavier Boudvin, David Brosset, Yvon Kermarrec, Jacques Simonin. Detecting and Hunting Cyberthreats in a Maritime Environment: Specification and Experimentation of a Maritime Cybersecurity Operations Centre. CSNet 2018 : 2nd Cyber Security In Networking Conference, Oct 2018, Paris, France.