Cyber Attacks at Sea Blinding Warships

Are GPS completely vulnerable to cyberattacks?

By Julien Chesaux, Cyber Security Consultant, Kudelski Security

Who Controls the Sea, Controls the World

The annual multilateral exercise between the U.S. and the Thai army, named “Cobra Gold” sees the deployment of the latest navy warships as proof of military domination in a contested region and reminds us of the fragility of technologies at sea as a chain of incidents demonstrated in 2017.

The world’s oceans can be beautiful and awe-inspiring, but also very dangerous. Most importantly, they are strategic for the global economy and, consequently, countries compete to control them. Statistics reveal the high value of the high seas: 70% of the globe is covered by water and over 90% of the world’s trade is carried by sea. Moreover, the global merchant fleet totals 50,000 ships that move 9 billion tons of merchandise annually, representing a turnover of $2,000 billion.
Human history is punctuated with many regional or global exchanges that happened through decisive battles at sea. The battle of Salamin saw the Athenians saving the concept of democracy against the Persians. The battle of Actium allowed the Roman Republic to become an Empire. The battle of Trafalgar destroyed Napoleon’s aspiration to invade Britain.

At the beginning of the 20th century, in 1905, the battle of Tsushima humiliated the Russian Empire and opened the pathway for an Imperial Japan. During WWI, the battle of Jutland contained the Imperial German Navy and WWII witnessed the battle of Midway that established the U.S. as the new navy superpower after the destruction of Japanese aircraft carriers fleet in the Pacific. More recently, the Crimea annexation by Russia was, even if triggered by different causes, a geopolitical move to avoid the loss of access to the Mediterranean Sea.

The current hawkish posture and the “gunboat diplomacy” followed by China is not a surprise regarding its ambitions to play a greater global leadership role, to protect its shores where most of its economic activity occurs (its “strategic belt”), and to defend its natural resources and sea lines to supply them from the South and East China Seas (represented by the Nine-Dash) to the Indian Ocean (currently projected as the “String of Pearls” ).

A Global Rivalry with Multiple Bottlenecks

Because globalization increases global trade, sea roads are busy and multiple bottlenecks are under the spotlight, including many straits and canals. For instance, the Strait of Malacca represents 40 % of global trade, 50% of energy trade, and is indispensable for regional hegemons like China and Japan.

Another geostrategic path is the Strait of Hormuz, between Oman and Iran, through which all the Gulf oil trade moves. In this region, the U.S. Navy is face-to-face with the Iranian one. The USS Harry S. Truman aircraft carrier is presently deployed in the Arabian Sea (near Oman) as part of the U.S. 5th fleet, which covers the Middle East, a crucial region for the U.S. as 18% of its imported oil comes from the Persian Gulf countries. In 1967, the blockade of the Strait of Tiran by Egypt was used as casus belli by Israel and started the Six-Day War. Indeed, the Strait is the only way to leave the Gulf of Aqaba and gain access to Iran’s oil. Other important passages such as the Bab El-Mandab Strait, the Danish Straits, or the Bosporus are well-known narrow gullies.

Canals are equally critical for international trade, especially the Suez and the Panama ones. The former was the theater of war in 1956 between Egypt and a French, British and Israeli alliance (encompassed in the secretive Protocol of Sèvres) to regain control after being nationalized by the infamous Egyptian President Nasser. The latter, under U.S. control for almost 100 years, was retroceded to Panama and recently enlarged to accommodate the new bigger ships and ensure revenue to Panama as it represents 5.5 % of its GDP.

The Art of Hacking Navigation Systems

In 2017, some incidents at sea have sparked interrogations as hundreds of South Korean fishing vessels returned earlier to port after their GPS (Global Positioning System) signals were jammed, allegedly by North Korean hackers. Later this year, a ship in the Black Sea reported to the U.S. Coast Guard Navigation Center that its GPS system had been disrupted and that over 20 ships in the same area had been similarly affected. In Asian waters, deadly collisions happened twice in two months; In June 2017, the USS Fitzgerald was struck by a container ship off the coast of Japan, killing 7 sailors. Later during the year, an oil tanker smashed the USS John S. McCain near the Malaysian coast and 10 sailors died.

There were also two other lesser-known incidents in 2017: in January, the USS Antietam ran aground near its base in Japan, and in May the USS Lake Champlain collided with a South Korean fishing vessel. Consequently, Vice Admiral Joseph Aucoin was relieved of his duty as commander of the U.S. 7th Fleet, the largest forward-deployed U.S. fleet based in Japan and covering Asia.

The causes of all these incidents are not clear. Some experts blame the weather, the heavy reliance on technology, the feeble signal of GPS, cyberattacks, the diminution of crew members or the high pace of deployment lacking training and maintenance. Regarding the number of incidents in a less-than-one-year period and the highly disputed regions where incidents happened (South East Asia and East Asia), the theory of a deliberate influence on navigation systems through cyberattacks is legitimate, especially when the navigation system used is analyzed.

Ships orientate themselves through Global Navigation Satellite System (GNSS) with many countries using their own: GPS for the U.S., GLONASS for Russia, GALILEO for the E.U., QZSS for Japan, BeiDou for China, and NAVIC for India. Although precise to a few meters, this technology is not highly secure because the message is feeble and can be hacked. The same year of these incidents, a security researcher based in France was able to enter the satellite communications system of a ship: Through Shodan, a specific search engine that can reveal connected devices, and by entering a simple username (admin) and password (1234), he accessed the communication center of a commercial ship and posted his performance on Twitter: “I’m connected to a mother****ing ship as admin right now. Hacking ships is easy”.

New Alternatives

To prevent this over-dependency on GNSS for Positioning, Navigation and Timing (PNT), some states are developing alternatives that rely on radio frequency, an old technology used since WWII. One of these systems is called eLoran (Enhanced LOnge-RAnge Navigation) and although it is less accurate, regional, and only two-dimensional, it offers a powerful signal that deters jamming or spoofing. The cost and the political inertia thwarted this technology, but this is likely to change given these events. South Korea is currently testing this technology and Russia is developing its own eLoran named eChayka. In the U.S., the Director of National Intelligence told a Senate committee that the global threat of electronic warfare attacks against space systems would rise in coming years and the U.S. Navy launched a Hack-Our-Ship event to assess cyber threats at sea, such as hacking a complex system software system simulating the ones used to control the U.S. Navy fleets. ,

Military and Economic Implications

In network-centric warfare, the military relies on information gathering to Observe, Orient, Decide, Act (the OODA loop), and GNSS are part of the tools to collect it. In the battlefield, it is the capacity to make the right decision as quickly as possible, and most specifically quicker than your enemy, which makes the difference between victory/life or defeat/death. Therefore, an army relying too much on one technology could be “blinded” during a conflict and unable to allocate forces efficiently.
Following 19th Century American Navy Strategist Alfred T. Mahan, the U.S. developed a great power projection capability after WWII that enables it to rapidly deploy military means to defend any interest whether political, economic, military or humanitarian. Power projection is a mix of hard and soft power, depending on the situation. This approach is materialized by aircraft carriers and the separation of fleets allocated to specific regions of the globe (7 for the U.S. Navy).

Aircraft carriers are not traveling the sea alone and an entire structure of ships and submarines escort them, known as a carrier strike group (CSG), with a total crew of more than 7,500. The total acquisition cost of a CSG exceeds $25 billion, an air wing (the aircraft on the aircraft carrier) another $10 billion and estimated annual operating costs are around $1 billion. Currently, the U.S. has 10 Nimitz-class nuclear-powered supercarriers.

Therefore, a major cyberattack on navigation systems, for example, could paralyze an entire CSG and considerably diminish the U.S. ability to maneuver.

On the economic side, the world’s largest container ship and supply vessel company, Moller-Maersk, suffered from the wiper malware attack named NotPetya and the company reported a loss between USD 200-300 million for Q3 2017. More specifically, navigation systems such as the Electronic Chart Display (ECDIS) are very vulnerable and have also been hit with different attacks being reported in Asia. According to the maritime technical lead at cybersecurity firm NCC Group, “Ecdis systems pretty much never have anti-virus”.

Pyongyang Hackers are Smart

Both of the military vessels involved in collisions, the USS Fitzgerald and the USS John S. McCain, are guided-missile destroyers equipped with the Aegis Ballistic Missile Defense System (BMDS), which is a system allowing the interception of an ICBM (Intercontinental Ballistic Missile), the ones that are currently being tested by North Korea and usually equipped with one or multiple nuclear warheads. An ICBM has four phases: boost, post-boost/ascent, midcourse and terminal (reentry in the atmosphere). The Aegis BMDS aims at destroying an ICBM during the post-boost/ascent phase (before the missile leaves earth’s atmosphere).

The Lazarus hacking group, famous for the Sony breach in 2014 and allegedly linked to North Korea, targets individuals associated with U.S. defense contractors with the same tools and tactics of the Sony breach. This time, the phishing emails display fake job listings and companies’ internal policies. Some jobs listed were for the US (Terminal High Altitude Area Defense) THAAD system, which is a BMDS, and intercept an ICBM in its terminal phase (after the missile re-enters in the atmosphere).

Therefore, if the four U.S. Navy collisions in Asian waters are due to a cyberattack, the explanation could be that the North Korean government is attempting to infiltrate the U.S. military system to be able to collect information on the full spectrum of BMDS and, at best, disrupt the defense systems against its ICBM. On the diplomatic side, it could be a strong message sent to the US and its Asian allies assuring them that Pyongyang has serious capabilities and that it would be better to negotiate with it than escalate tensions.

This strategy is part of a general trend in APT (Advanced Persistent Threats), long-term targeted specific cyberattacks mixing a combination of social engineering, cyberweapons, and vectors to get inside networks, instead of hacking directly the big fish such as the Department of Defense or a big player in weapons (Aegis, Boeing, Lockheed Martin, etc.), hackers will target a third party working for these targets. Indeed, their cybersecurity posture will be lower than a critical administration or company with technologies and processes in places regarding cyber defense, and with aware employees towards phishing campaigns.

Future Tensions at Sea

Among many strategic hotspots, the most sensitive ones are currently the Indian Ocean, the South and East China Seas, and, for the foreseeable future, the Artic.
The Indian Ocean is now a space of geopolitical criticality from a maritime perspective, especially now that the U.S. wants to improve its relations with New Delhi to counterbalance Beijing’s aspirations in the context of the BRI (Belt and Road Initiative). China is determined to change the status quo in this region and is investing in ports (i.e. the String of Pearls) to control the flow of merchandise along sea lines from China to the Middle East and Africa.

Indeed, these sea lanes through the Indian Ocean are vital for China’s oil imports, as about 40% come through the Strait of Hormuz and over 80% through the Malacca Strait. Thus, the rationale of shifting from a land-based armed force to a sea-based one is to defend these interests at sea and protect China as a regional hegemon. Hence, the people’s liberation army is building aircraft carriers, submarines, patrol vessels, and has put in place an A2/AD (Anti Access/Area Denial) tactic with investments on shore-based anti-ship missiles. Ultimately, China wants to push the U.S. behind its second island chains (on the east side of the Philippine Sea).

As pointed out by The Economist, the Asia Pacific is the trade region of the future: Eight out of the world’s ten busiest container ports are there. Two-thirds of the world’s oil shipments travel across the Indian Ocean. Almost 30% of maritime trade goes across the South China Sea; it accounts for over 10% of world fisheries production and is thought to have oil and natural-gas deposits beneath its seabed.

Another strategic hotspot will emerge northward: the Arctic. Within decades, the ice melting phenomenon will open shipping lanes, allowing vessels like Russia’s first ice-class LNG (Liquefied Natural Gas) tanker to travel through the region. It will also increase disputes for access to resources and to preserve its fragile ecosystem.

Like in Rudyard Kipling’s novel “Kim” where he made popular the great game at stake between the British and Russian empires to control Central Asia in the 19th Century, the new great game is now between the US and China for the control of all Asia. This rivalry will encompass the use and leverage of sea power as naval strategist Alfred T. Mahan put in perspective in “The Influence of Sea Power Upon History” as national prosperity and power depend on the control of world’s sea-lanes, thus: “Whoever rules the waves rules the world”.

About the Author

Julien Chesaux AuthorJulien Chesaux is a Cyber Security Consultant at Kudelski Security, a Swiss and American cybersecurity company. Julien mainly works on cybersecurity, information security, and geopolitics analysis in order to help clients to find solutions regarding their threats. He is also a speaker and writer for different think tanks, journals, and events. He has worked in diplomacy and cybersecurity for 10 years in Switzerland, Australia, the Balkans, and France. His main research interests are Global Security, Cyber Geopolitics, and International Affairs.
LinkedIn profile: www.linkedin.com/in/julien-chesaux-65279456
You can reach me at julien.chesaux@gmail.com