While maritime accidents are bound to occur, the consistency and regional concentration of the U.S. Navy mishaps in the Asia-Pacific beg for explanation. Cyber vulnerabilities have long been acknowledged against commercial maritime vessels, but the targeting of new naval systems – whether for navigation, engine and steering control, or commanding emerging autonomous surface and submersible drones – could become a new component of warfare.
Late last month, the USS John S. McCain, a U.S. Navy guided missile destroyer returning to base in Yokosuka, Japan collided with the Liberian-flagged oil tanker Alnic MC, killing ten U.S. sailors and injuring five.
Two months earlier, on June 17, the $1.5 billion U.S. Navy destroyer USS Fitzgerald collided with the Philippine container ship ACX Crystal just southwest of Yokosuka – the home of the U.S. Navy’s Seventh Fleet responsible for the operating in the Asia-Pacific. The incident left seven sailors dead.
In January, a guided missile cruiser, the USS Antietam, ran aground off the coast of Japan and then in May, another cruiser, the USS Lake Champlain, collided with a South Korean fishing vessel.
The accidents led to the dismissal of Vice Adm. Joseph Aucoin as commander of the Seventh Fleet. Admiral John Richardson, the Chief of Naval Operations, called for a review to determine what led to the McCain collision.
While there are a number of factors that could lead to such incidents – most notably human error – some have speculated that malicious digital interference in the maritime navigational systems could have contributed to the most recent collision involving the McCain. “Everything we operate has a cyber component – networks, radios, everything. We want to make sure that we understand that that is not a potential causal factor,” Adm. Bill Moran, the Vice Chief of Naval Operations told the House Armed Services Committee last week regarding the McCain and Fitzgerald incidents.
What are the factors that contribute to maritime traffic incidents, and are cyber capabilities able to contribute to human error and, in turn, the physical destruction of U.S. military assets and loss of life? What could this mean if conducted by an adversarial nation-state in the region, such as China, Russia, or North Korea?
The movement of maritime traffic is governed by the Convention on the International Regulations for Preventing Collisions at Sea. It is designed to provide common understanding of how ships should maneuver to avoid collision, essentially tasking the roles of the “stand-on” vessel, which guides them to remain at present course and speed given their relative position, and the “give-way” vessel that is obligated to avoid collision. Given that the McCain took its hit on the portside, it seems it had the right of way during the time of collision – meaning it remained on course at speed. The Fitzgerald, on the other hand, took its blow to the starboard, or right, side.
In good weather conditions and relatively vacant water, the speed and direction of ships can be determined using the naked eye, including at night based on colored navigation lights. But the McCain collision took place just east of the 1.7-mile-wide Strait of Malacca that connects the Indian Ocean and South China Sea – one of the busiest maritime crossroads in the world, accounting for an estimated 25 percent of global shipping traffic. The Fitzgerald collision occurred right off Tokyo, an area notorious for smog rolling in from Indonesia during that time of year.
To assist in understanding their relative positioning as well as determining incoming vessels’ course and speed, commercial ships often turn to beacons known as Automatic Identification System (AIS), which transmit the vessel’s name, cargo, course, speed, and readouts to other ships in its vicinity to avoid collisions. The systems rely on electronic platforms like radar or satellite geolocation systems such as GPS or the Russian GLONASS.
But cybersecurity researchers have shown that AIS transmissions can be falsified. This means that malicious actors such as pirates can disguise their information to evade authorities or ambush unsuspecting ships. But this also means that once hackers are able to breach the ship’s AIS systems, they can manipulate, or spoof, transmissions while the correct data continues to display on the transmitting ship, potentially contributing to collisions.
The U.S. military, however, uses encrypted GPS signals for geolocation and does not broadcast their positioning through AIS for obvious operational security reasons. Instead, the navies of some 75 nations use a non-classified data-sharing system similar to AIS known as Maritime Safety and Security Information System. The commercial ships that the U.S. naval vessels collided with, however, likely does not encrypt their GPS and transmits data through vulnerable AIS beacons.
Both Russia and North Korea has shown an interest in developing cyber-enabled electronic warfare capabilities to jam or spoof GPS navigation. But does this mean that cyber sabotage could result in the physical collision of naval vessels? “We ought to be clear, in the case of these accidents [involving the McCain and Fitzgerald], they were not related, and the navigation systems would have little to nothing to do with colliding with another vessel,” says Adm. Jonathan Greenert, the former U.S. Navy Chief of Naval Operations who also served as Commander of the Seventh Fleet in the Asia-Pacific.
Greenert, however, acknowledges that “The adversary’s strategic key would be to insert a lack of confidence in our own systems, as opposed to taking control of something and flying an airplane into the ground or steering a ship into another vessel.” This psychological impact could result in the Navy turning to more secure, yet less efficient means to navigate the high seas. The Navy is reinstituting “celestial navigation as a primary discipline – all of our officers and enlisted navigation personnel will learn how to steer by the stars and planets,” says Greenert. “If we can see them, we use them, either with assistance, such as magnification, or with the naked eye. Nobody is going to be able to manipulate that.”
When asked about the possibility of cyber sabotage involving the McCain last week, Moran told the committee of representatives that “Just about every three letter agency in Washington has looked to see if there were indications of an intention or potential acknowledgement of cyber attack. I have personally not seen any evidence of that,” adding that a team from U.S. Cyber Command was operating in Singapore, “capturing all of the computer and network information to see if they can find any abnormalities or disruptions.”
While it would be easier to blame such tragic events on malicious actors leveraging cyber attacks on U.S. military assets, the problem could be much more complex and entrenched. Reports prepared by the Government Accountability Office, an independent watchdog agency, have identified endemic problems of inadequate resources in the Navy – particularly overworked and undertrained crew, old and unmaintained vessels, and a grueling pace of operations, especially for the 100 ships that are constantly deployed overseas, many of which make up the Seventh Fleet.
There is also no clear motive other than perhaps testing that a nation-state such as China, Russia, or North Korea would engage in such cyber attacks. Cyber capabilities are perishable and as a result, such attacks on naval vessels would likely be reserved for times of war. If the motive is to coerce the United States, it is a poor attempt as no explicit demands have been made and the benefits to a would-be attacker are unclear. Such an attack would be extremely escalatory as well: if the navigational systems of either McCain or the commercial vessel it collided with were tampered with by state-sponsored hackers to intentionally induce a collision, the end result is an illegal use of force on a U.S. military target, and the United States’ right to self-defense through means outside of cyberspace would be in order – whether it be through sanctions, indictments, or kinetic response.
“Not only is there a danger of escalation, but there are legal ramifications – from the Laws of Armed Conflict under international law to the question of whether these activities violate the sovereignty of nations, which might occur when vessels are within a nation’s territorial waters,” says Rhea Siers, the former Deputy Associate Director for Policy at the U.S. National Security Agency.
Even if these incidents are the result of human error or under resourcing, the mere possibility of cyber interference could serve as a harbinger of what is to come. Even now, “efforts are underway to prevent the maritime sector from becoming enmeshed in cyber warfare – a possibility that could seriously impact national security and economic stability,” says Siers.
Levi Maxey is a cyber and technology analyst at The Cipher Brief. Follow him on Twitter @lemax13.