The U.S. Navy warship USS John McCain, an Arleigh-Burke class destroyer, seen here in a June 2014 photo as it is docked in the Philippines, suffered a collision with an oil tanker Monday near Singapore. Ten crew members are missing. Bullit Marquez AP
The U.S. Navy warship USS John McCain, an Arleigh-Burke class destroyer, seen here in a June 2014 photo as it is docked in the Philippines, suffered a collision with an oil tanker Monday near Singapore. Ten crew members are missing. Bullit Marquez AP

Military News

US Navy collisions stoke cyber threat concerns

August 21, 2017 02:17 PM

UPDATED August 21, 2017 05:43 PM

WASHINGTON

The Pentagon won’t yet say how the USS John S. McCain was rammed by an oil tanker near Singapore, but red flags are flying as the Navy’s decades-old reliance on electronic guidance systems increasing looks like another target of cyberattack.

The incident – the fourth involving a Seventh Fleet warship this year – occurred near the Strait of Malacca, a crowded 1.7-mile-wide waterway that connects the Indian Ocean and the South China Sea and accounts for roughly 25 percent of global shipping.

“When you are going through the Strait of Malacca, you can’t tell me that a Navy destroyer doesn’t have a full navigation team going with full lookouts on every wing and extra people on radar,” said Jeff Stutzman, chief intelligence officer at Wapack Labs, a New Boston, New Hampshire, cyber intelligence service.

“There’s something more than just human error going on because there would have been a lot of humans to be checks and balances,” said Stutzman, a former information warfare specialist in the Navy.

Never miss a local story.

Sign up today for unlimited digital access to our website, apps, the digital newspaper and more.

Ten American sailors are still missing.

Chief of Naval Operations, Adm. John Richardson, did not rule out cyber intrusion or sabotage as a cause of the fatal collision. “No indications right now ... but review will consider all possibilities,” Richardson said in a tweet on Monday.

2 clarify Re: possibility of cyber intrusion or sabotage, no indications right now...but review will consider all possibilities

— Adm. John Richardson (@CNORichardson) August 21, 2017

It’s not the first time the Navy has suffered such an accident.

On Jan. 31, a guided missile cruiser, the USS Antietam, ran aground off the coast of Japan. On May 9, another cruiser, USS Lake Champlain, was struck by a South Korean fishing vessel.

In the wee hours of June 17, a destroyer, the USS Fitzgerald, a $1.5 billion vessel bristling with electronics, collided with a container ship, resulting in the deaths of seven sailors. The commanding officer and two other officers were formally removed from duties.

“I don’t have proof, but you have to wonder if there were electronic issues,” Stutzman said.

Todd E. Humphreys, a professor at the University of Texas and expert in satellite navigation systems, echoed a similar concern: “Statistically, it looks very suspicious, doesn’t it?”

It was probably a signal that came from the Russian mainland.

Todd E. Humphreys, professor at University of Texas

These irregularities are affecting the shipping industry too.

In a little noticed June 22 incident, someone manipulated GPS signals in the eastern part of the Black Sea, leaving some 20 ships with little situational awareness. Shipboard navigation equipment, which appeared to be working properly, reported the location of the vessels 20 miles inland, near an airport.

That was the first known instance of GPS “spoofing,” or misdirection.

Much more serious than jamming, spoofing interferes with location even as computer screens offer normal readouts. Everything looks normal – but it isn’t.

“We saw it done in, I would say, a really unsubtle way, a really ham-fisted way. It was probably a signal that came from the Russian mainland,” Humphreys said.

Such spoofing once required expensive equipment and deep software coding skills. But Humphreys said it can now be done with off-the-shelf gear and easily attainable software.

“Imagine the English Channel, one of the most highly trafficked shipping lanes in the world, and also subject to bad weather. Hundreds and hundreds of ships are going back and forth. It would be mayhem if the right team came in there and decided to do a spoofing attack,” Humphreys said.

The U.S. military uses encrypted signals for geolocation of vessels, rather than commercial GPS. Humphreys said there is no indication that faulty satellite communications were a culprit in the USS McCain accident.

Global shipping also was disrupted following a worldwide attack June 27 that hit hundreds of thousands of computers. Shipping giant A.P. Moller-Maersk was reduced to manual tracking of cargo amid the attack, and its chief executive Soren Skou this month announced losses of up to $300 million.

Most global trade occurs on the high seas, and the number of ocean-going ships has quadrupled in the past quarter century. Ships are also getting larger. The largest container ship now can carry more than 21,000 20-foot containers.

Autonomous ships operated by computers are on the near-term horizon. The world’s first crewless ship, an electric-powered vessel with capacity for 100 to 150 cargo containers, will begin a 37-mile route in southern Norway with limited crew next year, transitioning to full autonomy in 2020.

Most ships avoid collision through the use of a global protocol known as Automatic Identification System, or AIS. Beacons aboard ships transmit vessel name, cargo, course and speed, and readouts aboard ships display other vessels in the vicinity.

But the AIS system is known to be vulnerable.

“You can send an AIS beacon out and claim just about whatever you like. You can make a phantom ship appear,” Humphreys said.

It’s not just cargo carriers that rely on GPS and AIS beacons.

“Passenger shipping organizations and cruise lines … can be easily impacted,” said Eduardo E. Cabrera, chief cybersecurity officer at Trend Micro, a Tokyo-based cybersecurity firm.

Other factors can cause breeches on shipboard systems. Stutzman said crews rotate constantly, meaning shipboard log-on procedures are often simple and shared widely. Moreover, ship crews often download quantities of movies, books, and music while onshore to fight boredom while at sea, often linking to onboard networks and exposing them to viruses.

Tim Johnson: 202-383-6028, @timjohnson4