With the recent string of US Navy ship collisions including the USS McCain and Fitzgerald, the mind of a security professional will instantly think of all the possible malicious ways an attacker could target naval systems to cause a vessel to crash. Multiple collisions with similar factors will lead to even more speculation. Although professionals should not claim attribution or causes without facts, I wanted to find out if it was realistic to think that a cyber attack could have caused this incident so I asked a former naval officer some questions.
At Defcon I watched a presentation on Using GPS Spoofing to Control Time. The presenter cited incidents involving GPS jammers and navigation systems showing incorrect locations. In one example, he suggested changing Uber trip details to get a free ride. When I told this to an Uber driver, he said, “That’s not very nice!” Changing the path of a ship in a maritime system could have far greater consequences.
Could Hacking Take Over All Control of a US Navy Ship?
I talked to a friend who is a former Navy Submarine OOD or Officer of the Deck. He said submarines are different, but this incident “makes no sense.” Even if all the electrical and navigational systems failed, there should be human lookouts who manually inspect the surrounding area to clear steer of ships that are not following the rules or are off-course. According to the Navy Lookout Training Handbook, three people should be manning a surface ship in peace time, two in the front with one on each side, and one in the back in non-sailor terms. Crew members should be watching for problems, and navy ships should have enough maneuverability to avoid colliding with an approaching vessel.
In an article by Ars Technica, With the USS McCain collision, even Navy tech can’t overcome human shortcomings, a former Navy officer explains that these watch positions are not easy without experience and training. When he was just starting out, “I was trying to keep track of every fishing boat and merchant ship in my head with well over 40 visual contacts bobbing around us as we steamed east.” He had some issues, at which point a more senior crew member noticed the problem took over. It is clear that training and experience are critical. With proper training, a crew following the rules should have seen the container ship approaching in the case of the USS McCain.
What about steering failure? Could attackers take over the steering such that the crew could not avoid the on-coming vessel? The article mentions steering failure was involved and possibly linked to the integration bridge navigation system (IBNS). If the electronic steering system fails, the ship has a manual hydraulic steering system for the rudder, according to my navy source. If that fails, they should go “red red” on masthead lights, which tells other ships that the navy ship can’t maneuver. Bigger ships should not be on auto-pilot in congested waters and will see the alert and avoid the navy ship. Unfortunately, in this article the Philippines-flagged cargo ship ACX Crystal collided with the USS Fitzgerald and the commercial vessel was on auto-pilot. Even if the Navy ship mast lights were alerting maneuverability failure, the cargo ship would have hit it anyway.
Blame the Humans or Consider Cyber Attacks?
In most cases, it appears that manual efforts and trained sailors can avoid collisions. Many people have suggested that training was the issue. The navy fired crew members. So, at this point should we just blame the humans and move on? Certainly, training is essential. Due to suspected GPS tampering possibilities, sailors are learning ancient celestial navigation techniques. Multiple people should be watching for problems, and manual overrides for electronic systems exist. However, failing to complete a full investigation into the root cause could leave ships vulnerable to cyber attacks.
Is it possible that someone could hack a ship? Two security researchers demonstrated they could remotely hijack digital systems and steer a Jeep off course. Although navy navigational and steering systems are much different and undoubtedly more secure, it is not a far stretch to think that someone might want to try to attack them and steer a ship off course. Thinking about the possibilities can help prevent future incidents. For example, in the book Dark Territory: The Secret History of Cyber War, Fred Kaplan explains how the movie War Games raised the awareness of possible security problems for the president at the time, Ronald Regan. Considering the possibilities led to an investigation of potential security flaws. The investigation uncovered systems very vulnerable to attack and resulted in national defense system improvements.
What are some of the potential causes of the US ship collision incidents? My naval source explained that AIS (automatic identification system) and VTS (vessel tracking service) track ship locations. Visit https://www.marinetraffic.com/ for a live map. A 2013 article by MIT Technology Review explains how a ship tracking hack caused tankers to vanish from view. This attack affected AIS. Although those specific vulnerabilities may no longer exist, changes to systems and code may have introduced new ones. A recent article suggests that Russia is testing a cyber weapon involving GPS Spoofing. Reporting incorrect locations of nearby ships could affect auto-pilot systems in military and commercial vessels that rely on that data to avoid collisions. Crews relying on navigational systems that use faulty GPS data could believe nothing was in their course when it is.
What about attacking the steering and other navigation systems on either the US Navy ship or the commercial ship involved in a collision? A Mashable article explains how security researchers remotely hacked ship satellite antenna systems. In one incident, bad data fed into a Navy “smart ship” left it dead in the water. What about the backup system? If the steering failed, the backup system should work and allow the ship’s crew to override and take control of the situation. The article Why are our ships failing? Competence, overload, and cyber considerations speculates about the possibility of the backup system failing. The author notes that both the USS McCain and the Fitzgerald are Aegis destroyers, and in the early to mid-2000s the Chinese stole the entire Aegis design. The Guardian reported 11 days before the attack that the Chinese asked the USS McCain to turn around ten times claiming the ship was in their territory. In an older report, Russia claims to be able to disable American maritime systems. Security researchers found flaws in some ships’ data recorders which could result in an inaccurate data about an incident.
Conclusion?
No one can draw a conclusion as to whether hacking was involved in the USS McCain or Fitzgerald incidents until concrete facts are available. Hopefully sufficient tamper-proof logs and recordings will provide enough evidence. Various headlines have jumped to conclusions on both sides. Whether investigators suspect a cyber attack or not, it is always good to understand attack vectors and to complete a full investigation to rule out the possibility. Even if a cyber attack was not the cause of these incidents, considering the attack vectors will help find and fix problems and prevent future system failure that could lead to dangerous consequences. The above links show that security problems do exist in maritime systems and regardless of the cause of these attacks, cyber-security awareness training is valuable for both military and civilian sailors. — Teri Radichel (@teriradichel)