For years, security researchers and consumers have been fixated on concerns around hacking cars. Maybe they should worry about ship hacking instead.
Several recent collisions involving U.S. naval vessels have sparked speculation that someone or something is interfering with the ships’ ability to steer clear of other vessels in busy waters. The striking similarities between Monday’s incident involving the Navy destroyer USS John S. McCain, and June’s incident involving another destroyer, the Fitzgerald, suggest to observers some kind of systemic problem. Both ships are part of the U.S. Navy’s 7th Fleet, based in Japan.Speculation that the ships were hacked was fueled in part by a report on CNN that the McCain experienced a “steering failure” that caused it to collide with an oil tanker.
Adm. Scott H. Swift denied that to The New York Times, however.
No sign of failure or hack … at first glance
“The admiral said there were no signs of failure in the ship’s steering system or of a cyber attack, two possibilities that have been mentioned in news reports,” the Times reported. “But he noted that the investigation was in its earliest stages and said, ‘We are not taking any consideration off the table.’ ”
Chief of Naval Operations Adm. John Richardson tweeted the same point Monday, but it was hard to tell if he was tamping down hacking concerns or leaving the door open to the possibility.
“2 clarify Re: possibility of cyber intrusion or sabotage, no indications right now … but review will consider all possibilities,” he wrote.
Early speculation has focused on GPS-based navigation systems, and for good reason. There’s plenty of discussion inside and outside the military about the potential for tampering with GPS.
Tried and true navigation method
In the Navy, concerns run so deep that the Naval Academy recently re-instituted old-fashioned navigation training, teaching cadets the centuries-old technique of steering by the stars.
“The Navy stopped training its service members to navigate by the stars about a decade ago, focusing instead on electronic navigational systems,” NPR reported last year. “But fears about the security of the Global Positioning System and a desire to return to the basics of naval training are pushing the fleet back toward this ancient method of finding a course across open water.”
Real-life incidents support GPS hacking concerns. The U.S. Maritime Administration reported a suspicious GPS failure in the Black Sea back in June.
“The RNT Foundation has received numerous anecdotal reports of maritime problems with AIS and GPS in Russian waters, though this is the first publicly available, well-document account, of which we are aware,” wrote Maritime-Executive.com at the time. “An apparent mass and blatant GPS spoofing attack involving over 20 vessels in the Black Sea last month has navigation experts and maritime executives scratching their heads. … The backstory is way more interesting and disturbing.”
One event doesn’t make a disaster
Jammed GPS shouldn’t be enough to cause modern warships to collide with lumbering freighters. As Michael Crichton explained with great detail in the book Airframe—a discussion of plane crashes—these kinds of catastrophes always require an “event cascade.” They involve multiple failures, by both human and machines and, in particular, backup system failures.
In other words, while bad software could create a situation that would let a hacker drive a car into a ditch, it’s unfathomable that a glitch would lead to a naval vessel collision. Jeff Stutzman, chief intelligence officer at Wapack Labs, a New Boston, New Hampshire, cyber intelligence service, made this point in an interview with the McClatchy News Co.
“When you are going through the Strait of Malacca, you can’t tell me that a Navy destroyer doesn’t have a full navigation team going with full lookouts on every wing and extra people on radar,” Stutzman said.
On the other hand, it’s easy to imagine the chaos that could occur if there were a serious electronic failure in the middle of a busy shipping channel. Ships are alerted to other nearby vessels by an Automatic Identification System, or AIS. When they get too close, alarms sound. But as one ship captain told me, perhaps the alarms were ignored.
“In a crowded shipping channel … my AIS would alarm very frequently. … To the point where ‘alarm fatigue’ would set in,” he said.
If the naval ships involved in these recent incidents were somehow hacked, very few people would know—and it’s possible that information would never be released. But one thing seems certain: electronic systems, like drive-by-wire in cars, can make transportation much more safe, but we can’t be blind to the new risks it creates. Lives are at stake.
This article originally appeared on ThirdCertainty.com and was written by Bob Sullivan.
