The vulnerability of US Navy ships to computer hacking is scarier than you'd think
The collision of guided-missile destroyer USS John S. McCain with a tanker near Singapore was the fourth accident involving ships from the US Navy's 7th fleet in less than a year.
Two of the incidents — collisions involving the USS McCain and the USS Fitzgerald earlier this summer — have left a total of 17 sailors dead or missing, more than the 11 service members killed in Afghanistan so far this year.
After the McCain collision, the Navy relieved the commander of the 7th fleet "due to loss of confidence in his ability to command," according to the Navy.
Honoring the seven Sailors assigned to the Arleigh Burke-class guided-missile destroyer USS Fitzgerald who were killed in a collision at sea. Navy photo by Mass Communication Specialist 2nd Class Raymond D. Diaz III
The service also planned a temporary halt of operations around the world and to launch a fleet-wide review in search of systemic issues that could have contributed to the most recent incidents.
The Navy is known for its thorough and unsparing reviews, which have been undertaken in the aftermath of each incident, and analysts are already pointing to internal issues, as well as high operational tempos in heavily trafficked waterways, that could be related to the mishaps.
But the number of accidents involving warships in the western Pacific — during "the most basic of operations" — has stirred concern that outside factors are affecting the ships and their crews.
Commanding officer of the guided-missile cruiser USS Philippine Sea (CG 58) oversees operations from the bridge wing of the ship. Navy photo by Patrick I Crimmins.
"There's something more than just human error going on because there would have been a lot of humans to be checks and balances" when transiting the Strait of Malacca, the narrow, heavily trafficked waterway the McCain was approaching, Jeff Stutzman, a former Navy information warfare specialist, told McClatchy.
"I don't have proof, but you have to wonder if there were electronic issues," said Stutzman, who is now chief intelligence officer for cyber-intelligence service Wapack Labs.
Adm. John Richardson, the chief of naval operations, tweeted on August 21 that there were "no indications right now" of "cyber intrusion or sabotage." But, he added, the "review will consider all possibilities."
2 clarify Re: possibility of cyber intrusion or sabotage, no indications right now...but review will consider all possibilities
— Adm. John Richardson (@CNORichardson) August 21, 2017
The admiral said the McCain's collision with the tanker was the second "extremely serious incident" since the Fitzgerald's collision with a Philippine cargo ship off the coast of Japan in mid-June. The nature of the incidents and the narrow window in which they occurred "gives great cause for concern that there is something out there that we're not getting at."
Experts have downplayed the likelihood of such attacks on US warships, noting that infiltrating Navy guidance systems would be very hard to do and instead citing human negligence or error as likely causes. Others have dismissed the likelihood of state-directed attacks on ships at sea, noting that such efforts would be a misuse of resources, strategically unwise, and generally harmful to maritime conduct.
But recent high-profile cyberattacks around the world have brought new attention to the security of maritime navigation, which is highly reliant on computer networks.
The US Navy uses encrypted navigation systems that would be difficult to hack or deceive, and there's no sign satellite communications were at fault in the McCain's collision. But there is technology out there to misdirect GPS navigation — typically through a process known as "spoofing" that leaves the system thinking it is somewhere it's not.
USS Fitzgerald (DDG 62) sits in Dry Dock after sustaining significant damage. Navy photo by Mass Communication Specialist 1st Class Leonard Adams.
The software and electronic gear needed to spoof a GPS system has become easier to get in recent years, particularly for private or nonstate actors.
In 2013, a team of graduate students led by Todd Humphreys, a professor at the University of Texas at Austin and satellite-navigation expert, were able to spoof the GPS on an $80 million yacht, directing it hundreds of yards off course without the system detecting the change.
In late June, GPS signals for about 20 ships in the eastern Black Sea were manipulated, with navigation equipment on the ships, though seeming to be functioning correctly, saying the ships were located 20 miles inland. An attack on thousands of computers later that month also disrupted shipping around the world.
Global commercial shipping is more vulnerable to such attacks and cargo ships are more exposed — the number of them plying the high seas has quadrupled over the past 25 years. And causing a collision by hacking or hijacking a commercial vessel's GPS is seen as increasingly possible.
The crowded seas of the Strait of Malacca. Photo from Safety4Sea.com
Most commercial and passenger ships use the Automatic Identification System, or AIS, to locate other ships and avoid collisions. But the AIS has weaknesses, and hackers could in theory send out a signal claiming to be a phantom ship, affecting navigation decisions by other ships in the area.
Dana Goward, former chief of Marine Transportation Systems for the US Coast Guard, said hackers could go after the unsecured navigation system on a commercial or private ship while simultaneously jamming a Navy ship's guidance systems. Or they could misdirect the commercial ship's guidance system, sending the ship off-course.
In the aftermath of the McCain and Fitzgerald collisions, the demands facing the US Navy, and the Pacific fleet in particular, have gotten renewed focus. Greater operational demands on fewer ships have cut into time for rest as well as time dedicated to training (and the nature of that training has changed as well).
In light of such demands, experience suggests that in high-traffic areas mistakes by humans manning the ships remained a likely culprit, said Goward, a former Coast Guard captain. "It's a difficult environment to be in and human error is always present," he told USA Today.