Category Archives: Cyber War

Threats, risks, and players in the cyber realm.

Why It Is Time For a U.S. Cyber Force

By Dave Schroeder and Travis Howard

The proposal to create a U.S. Space Force has cyber professionals wondering about the government’s national security priorities. While spaceborne threats are very real — some of which cannot be suitably described in a public forum — the threats posed in cyberspace have been all too real for over a decade, and include everything from nuisance hacks by nation-states, to the weaponization of social media, to establishing beachheads on our nation’s electric grid, or the internet routers in your own home.

Since 2009, incremental improvements have been made to the nation’s ability to operate in cyberspace during this period. The establishment of U.S. Cyber Command (USCYBERCOM) — first subordinate to U.S. Strategic Command, and then elevated to a Unified Combatant Command (UCC) — and the formation of the 133 teams that comprise the Cyber Mission Force (CMF) are chief amongst them.

Yet despite all of the money and attention that has been thrown at the “cyber problem” and for all of the increased authorities and appropriations from Congress, the nation’s offensive and defensive cyber capabilities suffer from inefficiency and a lack of a unified approach, slow to non-existent progress in even the most basic of cybersecurity efforts, and a short leash that is inconsistent with the agility of actors and adversaries in cyberspace. Our adversaries continue to attack our diplomatic, information, military, economic, and political systems at speeds never before seen.

The discourse surrounding the formation of a dedicated service for space defense has captured the American imagination, and for good reason. Since World War II, America has shown her ingenuity and innovation, and the success of the U.S. Air Force provides a historical model for how a combat-ready, specialized fighting force can be built around a new warfighting domain. However, a force structure has already taken shape within the U.S. military that would logically translate to its own service, and the operational culture it would both allow and cultivate would greatly enhance the effectiveness of national security.

It is past time to form the U.S. Cyber Force (USCF) as a separate branch of the United States Armed Forces.

America’s Position in Cyberspace is Challenged Daily — but it can be Strengthened

It’s no surprise that a wider breadth of adversaries can do more harm to American interests through cyberspace than through space, and for far less cost. In the aftermath of the 2008 Russo-Georgian War — the cyber “ghosts” of which are still alive and well in 2018 — Bill Woodcock, the research director of the Packet Clearing House observed, “You could fund an entire cyberwarfare campaign for the cost of replacing a tank tread, so you would be foolish not to.”

Deterring and responding to Russian hybrid warfare in cyberspace, countering Chinese cyber theft of U.S. intellectual property, shutting down state and non-state actor attacks, defending American critical infrastructure — including the very machinations of our democracy, such as voting and political discourse and even cyber defense of U.S. space assets are just some of the heavy-lift missions that would occupy a U.S. Cyber Force.

Admiral (retired) Jim Stavridis recently described four ways for the U.S. and allied nations to counter challenges like the weaponization of social media and multifaceted information warfare campaigns on Western democracy: public-private cooperation, better technical defenses, publicly revealing the nature of the attacks (attribution), and debunking information attacks as they happen. A dedicated U.S. Cyber Force, with the proper ways and means to do so, could accomplish all of these things, and be a major stakeholder from day one.

Admiral (ret.) Mike Rogers, former Director, National Security Agency (NSA)/Chief, Central Security Service (CSS) and Commander, USCYBERCOM, in his 2017 testimony before the Senate Armed Services Committee, cautioned against prematurely severing the coupling of cyber operations and intelligence that has been the hallmark of any success the U.S. has thus far enjoyed in cyberspace. General Paul Nakasone, the current DIRNSA/CHCSS and Commander, USCYBERCOM, made the same recommendation in August 2018. Despite increased resourcing of USCYBERCOM by both Congress and the Executive Branch, operational authorities in cyberspace are hamstrung by concerns about blending Title 10 military operations with Title 50 intelligence activities, along with negative public perception of the NSA. The relationship between USCYBERCOM and NSA requires a complicated (and classified) explanation, but blending cyber operations with rapid, fused intelligence is vital, and go hand-in-hand — to separate them completely would be to take the leash that already exists around USCYBERCOM’s neck and tie their hands with it as well. Offensive and defensive operations in cyberspace are two sides of the same coin — and intelligence is the alloy between them. Standing up a U.S. Cyber Force would also enable a deliberate re-imagining of this unique symbiosis, and a chance to — very carefully — lay out lines of authority, accountability, and oversight, to both prevent overreach and justifiably earn public trust.

The above challenges could be addressed in part by refining the existing structures and processes, but the real sticking point in USCYBERCOM’s sustainment of fully operational cyber forces lies in how we build forces ready to be employed. Force generation of the CMF through the various armed services’ manning, training, and equipping (MT&E) their own cyber warriors is an inefficient and weak model to sustain a combat ready force in this highly-specialized and fast-moving mission area.

Cyber resources play second-fiddle to service-specific domain resourcing; for example, the Department of the Navy has an existential imperative to resource the maritime domain such as shipbuilding and warplanes, especially during a time of great power competition. The cyber mission is secondary at best, and that’s not the Navy’s fault. It just simply isn’t what the Navy is built or tasked to do. This same reality exists for our other military services. Cyber will always be synergistic and a force multiplier within and across all domains, necessitating the need for the services to retain their existing internal cyber operations efforts, but feeding the joint CMF is ultimately unsustainable: the CMF must sustain itself.

The Cyber Force is Already Taking Shape

USCYBERCOM, NSA, the 133 teams comprising Cyber Mission Force — are approaching full operational capability in 2019 — and the operational and strategic doctrine they have collectively developed can now more easily transition to a separate service construct that more fully realizes their potential within the joint force. There is a strong correlation here with how the U.S. Army Air Force became the U.S. Air Force, with strong support in Congress and the approval of President Truman. The DoD has begun revising civilian leadership and building upon cyber subject matter expertise, as well, with the creation of the Principal Cyber Advisor (PCA) to the Secretary of Defense — a position that Congress not only agreed with but strengthened in the Fiscal Year 2017 National Defense Authorization Act. Such a position, and his or her staff, could transition to a Secretary of the Cyber Force.

The footprint would be small, and room in Washington would need to be carved out for it, but the beginnings are already there. Cyber “culture” — recruiting, retention, and operations — as well as service authorities (blending Title 10 and Title 50 smartly, not the blurry “Title 60” joked about in Beltway intelligence circles) would all benefit from the Cyber Force becoming its own service branch.

Perhaps one of the greatest benefits of a separate cyber branch of the armed forces is the disruptive innovation that would be allowed to flourish beyond the DoD’s traditional model of incremental improvement and glacial acquisition. The cyber domain, in particular, requires constant reinvention of techniques, tools, and skillsets to stay at the cutting edge. In the early 2000s, operating in a cyber-secure environment was thought to mean a restrictive firewall policy coupled with client-based anti-virus software. In 2018, we are developing human-machine teaming techniques that blend automation and smart notifications to fight and learn at machine speed. Likewise, the traditional acquisition cycle of military equipment, often taking 4-6 years before prototyping, just doesn’t fit in the cyber domain.

In short, the “cyber culture” is an incubator for innovation and disruptive thinking, and there are professionals chomping at the bit for the chance to be a part of a team that comes up with new ideas to break norms. A dedicated acquisition agency for cyber would be an incubator for baked-in cybersecurity controls and techniques across the entire DoD acquisition community. The Defense Innovation Unit (DIU) — recently shedding its Experimental “x” — is proving that something as simple as colocation with innovation hubs like California’s Silicon Valley and Austin, Texas, and a willingness to openly engage these partners, can deliver innovative outcomes on cyber acquisition and much more. Similarly, the Cyber Force must be free to exist where cyber innovation lives and thrives. 

Creating the USCF has other benefits that would be felt throughout the military. The Army, Navy, Marines, and Air Force, relieved of the burden of feeding the offensive and national CMF and paying their share of the joint-force cyber bill, can better focus on their core warfighting domains. This doesn’t absolve them of the need for cybersecurity at all levels of acquisition, but a USCF can be an even greater advocate and force-multiplier for DoD cybersecurity efforts. Services can and should retain their service-specific Cyber Protection Teams (CPTs), which could be manned, trained, equipped, and tactically assigned to their service but also maintain ties into the USCF for operations, intelligence, and reachback. Smart policies and a unity of effort can pay big dividends here, as the services would naturally look to such an organization as the resident experts.

Extreme Challenges with Existing Forces

Much has been made of the extensive difficulties faced by our military services for the recruiting and retention of cyber expertise in uniform. Brig. Gen. Joseph McGee, Deputy Commanding General (Operations), Army Cyber Command (ARCYBER), described an example in which a talented cyber prospect “realized he’d make about the same as a first lieutenant as he would in a part-time job at Dell.” Examples like this are repeated over and over from entry-level to senior positions, and everything in between, on issues from pay to culture. In the military, being a cyber expert is like being a fish out of water.

The service cyber and personnel chiefs have made a clear case before the Armed Services Committees of both houses of Congress for the urgent need for flexibility on issues such as rank and career path for cyber experts specifically. Cyber needs were repeatedly cited as the rationale for the need for changes to restrictive military personnel laws. Many of these items were indeed addressed in the Fiscal Year 2019 (FY19) National Defense Authorization Act (NDAA), with provisions which may now be implemented by each service in what is hailed as the biggest overhaul to the military personnel system in decades:

  • Allow O-2 to O-6 to serve up to 40 years without promotions, or continue service members in these grades if not selected for promotion at a statutory board
  • Ability for service members to not be considered at promotion boards “with service secretary approval” — for instance, to stay in “hands on keyboard” roles
  • No need to meet 20 years creditable service by age 62 for new accessions (no need for age limit or age waiver above 42 years old for direct commissions)
  • Direct commissions or temporary promotion up to O-6 for critical cyber skills

But even these provisions do not go far enough, and the services are not obligated to implement them. When the challenges of pay, accessions at higher rank, physical fitness, or military standards in other areas come up, invariably some common questions are raised.

A common question is why don’t we focus on using civilians or contractors? In the case of naval officers, why don’t we make them Staff Corps (instead of Restricted Line), like doctors and lawyers who perform specialized functions but need “rank for pay” and/or “rank for status?” What about enlisted specialists versus commissioned officers?

The answer to the first question is easy in that we do use civilians and contractors across the military, extensively. The reason this is a problem is that we also need the expertise in uniform, for the same legal and authorities reasons we don’t use civilians or contractors to drive ships, lead troops, launch missiles, fly planes, and conduct raids.

As for making them Staff Corps officers or equivalent in the other services, the Navy, for instance, has been talking about going the other direction: making officers in the Navy Information Warfare community designators (18XX) unrestricted line, instead of restricted line, like their warfare counterparts, or doing away with the unrestricted line vs. restricted line distinction altogether. This is a matter of protracted debate, but the reality is that some activities, like offensive cyberspace operations (OCO) and electronic attack (EA), are already considered forms of fires under Title 10 right now — thus requiring the requisite presence of commissioned officers responsible and accountable for the employment of these capabilities. The employment of OCO creates military effects for the commander, and may someday be not just a supporting effort, or even a main effort, but the only effort, in a military operation.  

Under the Navy’s Information Warfare Commander Afloat Concept, for the first time the Information Warfare Commander of a Carrier Strike Group, the Navy’s chief mechanism for projecting power, can be a 18XX Officer instead of a URL Officer. If anything, we’re shifting more toward URL, or “URL-like”, and the reality of the information realm as a warfighting domain is only becoming more true as time goes on, if not already true as it stands today.

So what about our enlisted members? They’re doing the work. Right now. And the brightest among them are often leaving for greener pastures. But still for reasons of authorities, we still need commissioned officers who are themselves cyber leaders, subject matter experts, and practitioners.

None of this is to say that direct commissioning of individuals with no prior service as officers up to O-6 is the only solution, or that it would not create new problems as it solves others. But these problems and all of the concerns about culture shock and discord in the ranks can also be solved with a distinct U.S. Cyber Force which accesses, promotes, and creates career paths for its officers as needed to carry out its missions, using the full scope of flexibility and personnel authority now granted in the FY19 NDAA.

Another major challenge is the lack of utilization of our reserve components. Many members of our reserve force have multiple graduate degrees and 10-15 years or more of experience, usually in management and leadership roles, in information technology and cybersecurity. We have individuals in GS/GG-14/15 or equivalent contractor and other positions, who are doing this work, every day, across the Department of Defense (DOD), the Intelligence Community (IC), academia, and industry.

Yet reservists are currently accessed at O-1 (O-2 under a new ARCYBER program), need to spend 3-5 years in training before they are even qualified to mobilize, or for the active components to use in virtually any operational or active duty capacity. And that’s after doing usually a year or more of non-mobilization active duty, for which nearly all employers don’t give differential pay because of existing employment policies, including in federal GS/GG positions.

We have very limited mechanisms and funding sources to even put reservists on active duty at NSA or USCYBERCOM, where our service cyber leadership repeatedly states we need people the most. And in the rare instances we manage to put people on some type of active duty in a cyber role in their area of expertise, it often is not a “mobilization” under the law — which means a person is now an O-2 or O-3, and with that “level” of perceived authority and experience to those around them. And they often just left their civilian job where they are recognized as a leader and expert — and easily make $200k a year.

National Security Operations Center (NSOC) c. 1985 — National Cryptologic Museum

Most people appreciate that you can’t just magically appear as an O-6, and have the same depth, breadth, and subtlety of experience and knowledge as a O-6 with 25 years in uniform. Yet these O-6s, as well as general and flag officers, routinely retire and assume senior leadership positions in all manner of public and private civilian organizations where “they don’t know the culture” — because they’re leaders.

So while a person off the street doesn’t have the same level of understanding of the military culture, it’s incorrect to say they can’t innovate and lead on cyber matters — to include in uniform as a commissioned officer. We’re not so special to imply that you can’t lead people and do the critical work of our nation, in uniform, unless you’ve “put in your time” in a rigid career path. It’s time to change our thinking, and to establish a military service to support the realities of that shift.

Recommendations

The call for a dedicated cyber branch of the U.S. Armed Forces is not new. Admiral (ret.) Jim Stavridis and Mr. David Weinstein argued for it quite passionately in 2014, calling on national leaders to embrace cyber innovation and imploring us to “not wait 20 years to realize it.” Great strides have been made in the four years since that argument was made, and we are closer than ever to realizing this vision. It will take a focused effort by Congress and the president to make this happen, as it did with the U.S. Army Air Forces becoming the U.S. Air Force in 1947. A tall order, perhaps, in today’s political environment, but not impossible, especially given the desire to compromise on issues of national defense and when both Republicans and Democrats alike are seeking wins in this column.

To summarize: the threat is eating our lunch, USCYBERCOM and the CMF are nearly ready to transition to their own service branch, and the benefits of doing so are numerous:

  • Sensible use of resources spent on cyberspace operations
  • An incubator of disruptive and rapid innovation in the cyber domain
  • Improved oversight and accountability by policy and under U.S. Code
  • More efficient and sustainable force generation and talent retention
  • Better alignment of service-specific core competencies across all warfighting domains
  • Synergy with a unified space commander (such as cyber protection of satellite constellations)

The United States House of Representatives recently ordered the Government Accountability Office (GAO) to begin an assessment on DoD cyberspace operations as part of the FY19 NDAA. This study, due to Congress in 2019, should prove enlightening and may become a foundational effort that could be built upon to explore the feasibility of establishing the U.S. Cyber Force as a new branch of the Armed Forces. Congress could order this as soon as FY21, with the Cyber Force fully established by the mid-2020s (blazingly fast by federal government standards, but no faster than the proposed Space Force).

Conclusion

The President has also now relaxed rules around offensive cyberspace operations, perceiving the urgent need to respond more quickly to cyber threats and cyber warfare directed at the United States. We have a great stepping stone in USCYBERCOM, but with no plans to take it to the next step, even a dedicated combatant commander for the cyber domain will face challenges with the above issues for the duration of its lifespan. Similar to how we are just becoming aware of space as a distinct warfighting domain, cyber has already been a warfighting domain since the beginning of the 21st century. The time for a U.S. Cyber Force is now. The threat in cyberspace, and our underwhelming response to it thus far, cannot wait.

Travis Howard is an active duty Navy Information Professional Officer. He holds advanced degrees and certifications in cybersecurity policy and business administration, and has over 18 years of enlisted and commissioned experience in surface and information warfare, information systems, and cybersecurity. Connect with him on LinkedIn.

Dave Schroeder served as a Navy Cryptologic Warfare Officer and Navy Space Cadre, and is Program Manager for IWCsync. He serves as a senior strategist and cyber subject matter expert at the University of Wisconsin–Madison. He holds master’s degrees in cybersecurity policy and information warfare, and is a graduate of the Naval War College and Naval Postgraduate School. Find him on Twitter or LinkedIn.

The views expressed here are solely those of the author and do not necessarily reflect those of the Department of the Navy, Department of Defense, the United States Government, or the University of Wisconsin–Madison.

Featured Image:  National Security Operations Center floor at the National Security Agency in 2012 (Wikimedia Commons)

Protecting the Maritime Shipping Industry from Cybercrime

By Nicholas A. Glavin

Introduction

The American maritime shipping industry is one of the most vulnerable critical infrastructures (CI) to ransomware and other forms of cybercrime. Maritime shipping accounts for 90-94 percent of world trade; any disruption to this sector will adversely affect the American economy and international trade more broadly. The July 2017 NotPetya ransomware attack that affected Maersk, a Dutch maritime shipping company, prompts timely action to protect American maritime infrastructure as the industry is ill-prepared to prevent and respond to attacks of this sophistication and scale. The recommended course of action encourages the U.S. Government to subsidize cybersecurity and training horizontally and vertically across the maritime shipping industry through the U.S. Coast Guard (USCG).

Cyber Assaulting Maritime Commerce

Any disruptions to global shipping companies, sea lanes of communication, or maritime chokepoints will have potentially disastrous implications for the economies and the supply chains of the U.S. and the global community. The economic impacts of cyber disruptions and damage to ships, ports, refineries, terminals, and support systems is estimated to be in the hundreds of billions of dollars. Moreover, the second- and third-order effects of a cyber attack are not limited to the maritime sector of CI; if more than one port is disrupted at the same time, a greater impact is “likely to occur” for the Critical Manufacturing, Commercial Facilities, Food and Agriculture, Energy, Chemical, and Transportation Systems of the nation’s CI.

Ransomware attacks eclipsed most other cybercrime threats in 2017.  The July 2017 NotPeyta ransomware attack highlighted the vulnerabilities of the maritime shipping industry to cyber disruptions. One of the most high-profile victims of this ransomware attack included the Dutch maritime shipping company Maersk. The company estimates upwards of $300 million in losses from the attack, the majority of which relates to lost revenue. Maersk continued operating for ten days without information technology (IT) until its networks were back online, despite ships with 10,000 to 20,000 containers entering a port every fifteen minutes. NotPetya shut down several ports worldwide, reduced Maersk’s volume by 20 percent, and forced the company to handle the remaining 80 percent of its operations manually. Maersk was forced to replace 45,000 PCs, 4,000 servers and install 2,500 applications.

The maritime shipping industry is highly vulnerable to cybercrime – in particular, ransomware – because of its lack of encryption, increased use of computer services, a lack of standardized training in and awareness of cybersecurity among crew, the sheer cost of defending the maritime IT enterprise, and industry-wide complacence towards cybersecurity. Several navigation systems such as the Global Positioning System (GPS) and the Automatic Identification System (AIS) are neither encrypted nor authenticated, thus being a soft target for cyber criminals. Jamming or spoofing of these systems can ground ships or make two collide, which can close a port or shipping channel for days or weeks depending on the severity of the incident. Disruptions to Industrial Control Systems (ICS) can lead to injury or death, release harmful pollutants, and lead to extensive economic damage across the maritime shipping industry.

Course of Action A: Federal Subsidies for Mandated Cybersecurity Awareness and Training

A Federal Government-enabled focus on prevention and response would proliferate horizontally and vertically across the maritime shipping community. This approach subsidizes the buy-in for industry to approach cybersecurity as a cost-effective asset. Simultaneously, this educates lower echelons of the workforce on digital hygiene to understand the transmission of ransomware and other forms of cybercrime. A positive consequence is the mitigation of industry lacking robust cybersecurity capabilities due to complacence and overhead costs. This is highly probable due to NotPetya’s wake-up call to industry and the existing public-private cybersecurity partnerships.

As the lead agency responsible for maritime cybersecurity in the U.S., the USCG issued a cybersecurity strategy in 2015 to identify best practices and voluntary measures. However, others may argue it is not the place of the U.S. government to subsidize cybersecurity best practices, facilitate compliance, and serve as the arbiter of how industry should train and defend against ransomware and other forms of cybercrime, thus opting instead for only industry-led approaches.

Course of Action B: Leverage Manual Operations and Dated Communications Technologies

This no- and low-tech approach encourages the use of manual navigations operations and older long-range navigation (LORAN) systems to circumvent disruptions to navigational and operational systems. A positive consequence of this approach is the standardization of backup operations for seamless continuity of operations on land, while also mitigating the overreliance on technology at sea. This is a probable course of action given the existing LORAN infrastructure and Maersk operating at 80 percent capacity during the NotPetya attack. A negative consequence is a proliferation in ransomware attacks deliberately targeting this industry since the approach would be passive in nature. This is also probable in occurring given the interconnectedness of the maritime sector to other CIs. However, others may argue that manual training and a functional secondary means of communication mitigates adverse costs from future ransomware attacks.

Conclusion

Course of Action A provides the highest return on investment to address the ransomware threat to the American maritime shipping industry. This prevention-focused and proactive approach will induce a top-down, lateral, and public-private approach to address maritime cybersecurity. While Course of Action B identifies the existence and use of alternative approaches to circumvent – or, at worst, mitigate the consequences of – a ransomware attack, it fails to place a premium on industry-wide digital hygiene  which is arguably the most cost-effective, scalable, and fastest approach to ransomware prevention.

Nicholas A. Glavin is a candidate for a Master of Arts in Law and Diplomacy (MALD) from The Fletcher School at Tufts University. He previously worked as a researcher at the U.S. Naval War College’s Center on Irregular Warfare and Armed Groups (CIWAG). The views expressed are the author’s own and do not represent those of the U.S. Government. Follow him on Twitter @nickglavin.

Featured Image: Albert Mærsk in the 70s (Wikimedia Commons)

Port Automation and Cyber Risk in the Shipping Industry

CIMSEC is committed to keeping our content FREE FOREVER. Please consider donating to our annual campaign now so we can continue to provide free content.

By Philipp Martin Dingeldey 

Introduction

To stay ahead of competing ports and technological developments, automation has been heralded as inevitable. Major transshipment hubs and aspiring ports bet their future on automation, which raises the impact  cyber risks could have in the long-run.

Singapore’s Port Modernization

One example of port modernization is Singapore’s Tuas Port Project. To stay ahead of competing ports in Southeast Asia, PSA International and the city state have bet their future on the fully automated port on the western side of the island. The project is set to almost double the port’s current throughput capacity of twenty-foot equivalent units (TEUs) and consolidate all its container operations by 2040.

Singapore’s port is ranked second, behind Shanghai’s mega port, by total TEUs handled. Nevertheless, Singapore’s port is the world’s busiest transshipment hub, and therefore immensely important to global supply chains. The port’s volume growth of 6.4 percent for the first half of 2017 indicates that its investments in modernized berths and joint ventures with liners paid off.

While this is great news for the short term, container vessels on Asia-Europe trade routes will inevitably increase in size, requiring higher handling efficiency to achieve fast turn-around times. By the end of 2018, ultra large container vessels (ULCVs) are expected to gain a share of 61 percent of total capacity, pushing established hubs like Singapore to automate its terminals to stay relevant.

At the same time, next generation container vessels will not only be bigger, but also increasingly automated and even autonomous. As ports and the shipping industry are integral parts of global and regional supply chains, their automation and technological modernization raises the impact and potential of cyber risk.

How Good is Automation?

For Singapore’s port, automation is seen to not only strengthen its position as a transshipment hub well into the future, but also helps it keep up with technological developments and industry trends.

The shipping industry has generally been slow in adapting new technologies, due to its conservative nature and the large number of players involved. Currently, only a fraction of global container volume is handled by fully automated container terminals. In 2016, it was estimated that only 4-5 percent of container volume will be handled by fully automated terminals once ongoing projects were completed. Nonetheless, industry pressure and competition have heightened the need for ports to invest and automate, indicating that the number of automated terminals will increase.

Automated terminals allow ports to handle containers more efficiently by using operating systems to plan storage in accordance with collection and transshipment times. This reduces unnecessary box moves, shortens cycle times, and enables consistent and predictable throughput numbers.

Fully-automated terminals have the advantage of low operating costs and reliable operations, but require higher upfront costs, longer development, offer only low productivity increases at peak times, and have the general difficulty to fully automate a working terminal. On the other hand, semi-automated terminals offer the possibility for greater productivity increases at peak times, are generally understood to have the best overall productivity with less upfront costs, but require higher operating costs and are inconsistent when it comes to handling ULCVs.

While full automation gives large ports like Singapore’s the advantage of reliable, full-time operations at low operating costs, it requires long development times to fix bugs and offers only gradual productivity increases at peak times. On top of that, full automation also increases their vulnerability to cyber risks. This is due to the use of technologically advanced and networked systems.

The investment threshold to enter automation for ports is high, while not necessarily offering major increases in productivity. What automation does offer major port hubs is better predictability and consistency of container moves per hour. Additionally, automation reduces the room for human error, making operations safer. At the same time, automation reduces the environmental impact since terminals are mostly electrified, giving ports an additional competitive edge in an industry increasingly focused on sustainability.

Cyber Risks

The shipping industry and ports are seen by many insiders as underprepared for cyber threats. Even though major players in the shipping industry have recognized and acted on the risks posed by cyber threats, the majority have been slow to recognize potential business risks. Even though awareness has grown, the need for better information sharing persists. Automation further increases the exposure and impact of cyber threats for ports, highlighting the importance of data and system integrity.

The reality of cyber threats to automated terminals was demonstrated in the “NotPetya” cyber-attack in June 2017. The attack forced Maersk to interrupt operations at multiple terminals worldwide, causing logistical havoc for weeks after the attack. Overall, it cost Maersk roughly US$300 million, even though the attack was not specifically directed at the company. The “lucky hit” against one of the industry leaders showcases that even well-prepared firms can suffer financial losses due to cyber threats.

The difficulty with protecting automated terminals from cyber risks lies with their complexity. These terminals use industrial control systems that translate sensorial data and commands into mechanical actions. The network links between mechanical equipment and sensors are exposed to the same threats as data networks. The complexity is further increased by the months and years it can take to figure out and fix bugs and weaknesses in automated systems. In an automated system, different system components have to effectively work together as one, stretching the time needed to figure out and fix bugs. This involves mainly software issues that have to be fixed while also moving boxes of cargo at the terminal.

While ports have to secure themselves from a broad range of risks, cybercriminals can choose from a number of entry points. For example, external vendors, terminal operating systems, and unaware employees may be vulnerable to phishing attacks. Operational systems and data networks are not always up-to-date or properly secured, allowing criminals to gain comparatively easy access to information. To prevent the ports and shipping industry from most attacks, regular operating system updates, stronger passwords, secure satellite connections, resilience exercises, information sharing, and employee awareness campaigns should be practiced.

On top of that, modern ships bear the risk of spreading viruses onto port systems simply via Wi-Fi or other data networks. Industrial control systems are not designed with cyber risks or active network monitoring in mind. This is especially true for ships’ control systems, but can also affect the system components of ports.

Nevertheless, this is only addressing the technical side. The human factor still plays a major role in mitigating cyber risks. Personal details of ship crews can still be easily accessed, making them more vulnerable to social engineering via phishing or other techniques, unknowingly granting access to systems.

Human factors can take the form of criminals, terrorists, competitors, disgruntled employees, and more. Workers at mostly manual terminals, for example, generally do not like automation because it makes their jobs largely redundant. To reduce the chance for cyber threats stemming from or aided by disgruntled employees, ports can offer training and job guarantees to their workforce to make the transition to automation more incremental.

Port authorities, registries, and all major organizations in the shipping industry are increasingly aware of cyber threats and are responding through raising awareness or offering training courses. These are simple steps to better protect information and navigation systems on board ships. For example, BIMCO, the world’s largest international shipping association, made cyber security an important issue for the shipping industry three years ago via an awareness initiative. The association has further advocated the need for guidelines to evolve with the threats, launching the “Guidelines for Cyber Security Onboard Ships” in July 2017, which was endorsed and supported across the industry.

In addition, the Liberian ship registry started a computer-based two-hour cybersecurity training program in October 2017, offering a comprehensive overview of cybersecurity issues aboard ships. Nevertheless, it is unlikely that these courses and campaigns are enough to protect the industry. While it is a step in the right direction, more needs to be done through regulations.

Conclusion and Policy Recommendations

Since 2016, the International Maritime Organization (IMO) has put forward voluntary guidelines regarding cyber risks. Only after 2021 does the IMO plan to enforce a set of binding regulations on cybersecurity. This might be too late for many companies in the industry. Shipping companies should not wait until 2021, but should begin now to implement simple measures, like using firewalls and stronger passwords, to deter criminals from trying to exploit current weaknesses.

Further, even though the IMO adopted guidelines on maritime cyber risk management into the International Safety Management Code this year, ports and the shipping industry still need to establish a stronger culture on cybersecurity.

Major shipping hubs are part of large and less resilient supply chains, which are essential for regional and international trade. These supply chains depend on a small number of key ports, which are vulnerable to shocks from other ports. To make supply chains and port hubs more resilient to cyber risks, the shipping industry as a whole will have to adjust and prepare.

Companies will have to work together and share information on previous or ongoing attacks, so that experiences and best practices can be shared directly. Unfortunately, this has been difficult to achieve due to worries about how competitors may use the shared information. Singapore has set up the Port Authorities Focal Point Correspondence Network to further the exchange of information on past and current incidents. It remains to be seen if this network has worked to encourage the sharing of information.

Ports are logistical hubs where many companies compete for business, making information sharing naturally difficult. Currently, port security is based on the International Ship and Port Facility Security (ISPS) Code, which is heavily focused on the physical aspects of security. In order to make cyber risks a much more important issue for port security, the whole sector needs to step up and make it a priority.

Cyber risks are not just a technological matter, but require adequate awareness and planning to strengthen a port’s resilience. Training employees actively in security protocols and procedures with information systems is one way of achieving this. At the same time, ports need to engage in contingency and scenario planning to be better prepared should an attack occur. On top of all this, national bodies (e.g. institutes of standards) need to give better guidance on security testing and planning for ports, which should be supplemented by binding guidelines on reporting and information sharing mandated by global bodies like the IMO.

Philipp Martin Dingeldey is a Research Analyst with the Maritime Security Programme at the Institute of Defence and Strategic Studies (IDSS), S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. For questions and follow-ups he can be reached at research.pmdingeldey@gmail.com.

Featured Image: Port of Singapore (XPacifica/Gettyimages)

To Rule the (Air)Waves

By Tim McGeehan and Douglas Wahl

A new domain of conflict emerges as America transitions onto a wartime footing. Military, commercial, and private interests debate how to balance security, privacy, and utility for new technology that unleashes the free-flow of information. The President issues Executive Orders to seize and defend the associated critical infrastructure for exclusive government use for the duration of the conflict.

This is not the plot for a movie about a future cyber war, nor is it a forecast of headlines for late 2017; rather, the year was 1917 and the “new” technology was wireless telegraphy.

Long before anyone imagined WiFi, there was wireless telegraphy or simply “wireless.” This revolutionary technology ultimately changed the conduct of war at sea, making the story of its adoption and wartime employment timely and worthy of re-examination. While these events took place last century, they inform today’s discussion as the U.S. Navy grapples with similar issues regarding its growing cyber capabilities.

Wireless Unveiled

In 1896, Guglielmo Marconi filed the first patent for wireless telegraphy, redefining the limits of long range communication.1 Wireless quickly grew into a means of mass dissemination of information with applications across government, commerce, and recreation. The Russo-Japanese War of 1904-5 provided a venue to demonstrate its wartime utility, when Japanese naval scouts used their wireless to report critical intelligence concerning the Russian Fleet as it sailed for Tsushima Strait. This information allowed the Japanese Fleet to prepare a crippling attack on the Russians and secure victory at sea.2 

People came to believe that wireless communication was not only invaluable, but invulnerable, as described in 1915 by Popular Mechanics: “interference with wireless messages… is practically impossible. Telegraph wires and [submarine] cables may be cut, but a wireless wave cannot be stopped.”3

Naval Implications

Command and Control

Wireless profoundly impacted command and control (C2) at sea. Traditionally, on-scene commanders exercised C2 over ships in company via visual signals; once over the horizon, units relied on commander’s intent. Wireless changed this paradigm. By enabling the long-distance flow of information, wireless allowed a distant commander to receive reports from and issue orders to deployed units in real time, increasing a commander’s situational awareness (SA) and extending their reach. A 1908 newspaper article even referred to the Royal Navy’s wireless antenna at the Admiralty building as the “Conning Tower of the British Empire,” and that the First Sea Lord, “as he sits in his chair at Whitehall,” can “survey the whole area of possible conflict and direct the movements of all the fleets with as much ease as if they were maneuvering beneath his office windows.”4

While wireless did improve communication, it did not achieve harmony between the Fleet and its headquarters. A second 1908 article appeared with a self-explanatory title: “Fleet Commanders Fear Armchair Control During War by Means of Wireless.”5 Much as today, officers considered increased connectivity a mixed blessing; they appreciated the information flow but feared interference with their ability to command.6

Vulnerabilities and Opportunities

While wireless increased SA, it introduced new vulnerabilities. The discipline of Signals Intelligence grew with the ability to intercept communications from adversary ships. While Marconi claimed to have a secure means of transmission, this was quickly disproven in the 1903 “Maskelyne Affair,” when a wireless competitor hijacked Marconi’s public demonstration and transmitted an obscene Morse code message that was received in front of Marconi’s audience.7  This “spoofing” foreshadowed similar episodes in World War I (WWI) where false messages were sent by adversary operators impersonating friendly ones.8

Militaries understood the vulnerabilities of wireless even before the outbreak of WWI. The day after declaring war on Germany, the British cut five German undersea telegraph cables. This action degraded the Germans’ long-distance communications capability and forced them to rely on less secure wireless transmissions, which were vulnerable to interception.9

While the “internals” (content) of these signals held strategic value by revealing an adversary’s plans and intentions, the “externals” (emission characteristics) held tactical value. With the advent of direction finding (DF) capabilities, friendly units could locate transmitting adversary platforms (to include a new menace, the submarine). When combined with known locations of friendly units (self-reported by wireless), these positions provided a near-real time common operating picture (COP).

Mitigations and Countermeasures

Ships could mitigate some vulnerability by maintaining radio silence to deny adversary DF capabilities. A complementary tactic was the adoption of Fleet broadcasts, with headquarters transmitting to all units on a fixed schedule (analogous to today’s Global Broadcast System).10 This “push” paradigm allowed ships to passively receive information, vice having to transmit requests for it (and risk disclosing their location to adversary DF).

In 1906, The Journal of Electricity, Power, and Gas described early countermeasures, specifically jamming techniques, where in “war games one Fleet has kept plying its wireless apparatus incessantly thereby blocking the signals of its opponents until it has passed clear.”11 It analyzed the ‘recent’ Russo-Japanese War, noting that while Russian ships sortied from Port Arthur, “the powerful station on shore began to grind out the Russian alphabet, thus paralyzing the weaker [wireless] outfits of the Japanese pickets.”12 It criticized the Russians for not continually transmitting on their wireless to interfere with the Japanese scouts reporting on their position in the run up to Tsushima Strait.13 In 1915, Popular Mechanics even described how to counter jamming, by “making frequent changes of wave length at known intervals,” a practice known today as “frequency hopping.”14

Wireless, WWI, and the U.S. Navy

On the day America entered WWI, President Wilson issued Executive Order (EO)-2585, which directed “radio stations within the jurisdiction of the United States as are required for Naval communications shall be taken over by the Government…and furthermore that all radio stations not necessary to the Government of the United States for Naval communications, may be closed.”15 The New York Times ran the headline “GOVERNMENT SEIZES WHOLE RADIO SYSTEM; Navy Takes Over All Wireless Plants It Needs and Closes All Others.”16 Weeks later EO-2605A went further and directed the removal “all radio apparatus” from stations not required by the Navy.17 In addition, EO-2604 titled “Censorship of Submarine Cables, Telegraph, and Telephone Lines” gave the Navy additional authority over all submarine cables and the Army authority over all telegraph and telephone lines.”18 Thereafter, the military controlled all means of telecommunication in the United States.

Secretary of the Navy (SECNAV) Daniels had provided rationale for wireless seizure in 1916, when he explained that “control of the Fleet requires a complete and effective Naval radio system on our coasts” and instances of “mutual interference between the Government and commercial stations, ship, and shore, are increasing.”19 He saw no way to resolve the issue “except by the operation of all radio stations on the coast under one control” (the Navy).20

Class in session, at the Wireless School at the Washington Navy Yard, D.C. December 1904. Note schematic diagram on blackboard, and apparatus in use. (Naval History and Heritage Command)

Officials prohibited foreign ships in U.S. ports from using their wireless, sealed their transmitters, and sometimes even removed their antennae. The government shut down amateur operators altogether. Two years earlier, The Journal of Electricity, Power, and Gas opined the “Government would have a tremendous task on its hands if an attempt should be made to dismantle all privately-owned stations, as more than 100,000 of them exist.”21 Nonetheless, that is exactly what happened.

Federal agents worked to track down and secure unauthorized wireless sets and their rogue operators. The Navy assigned operators at newly commissioned “listening-in stations” to monitor signals in specific frequency bands for their geographic area.22 When a suspicious signal was detected, multiple stations triangulated the transmitter and “Naval investigators would immediately [be dispatched to] reach the spot in fast automobiles.”23 The Electrical Experimenter featured a series about a “radio detective” who worked tirelessly to hunt down wireless operators. The detective described false alarms, but also the genuine discovery of hidden antennae disguised as clotheslines, tracing wires to buildings, and catching rogue operators and foreign agents.24

It is worthy to note that even after seizing control of the wireless enterprise, the government recognized the economic impact of wireless and therefore directed the Navy to continue passing commercial traffic. In 1917, SECNAV Daniels reported that the Navy made a profit providing this service and submitted $74,852.59 to the Treasury.25

Comparisons

The wireless actions of 1917 projected into cyber actions of 2017 would be analogous to the Navy seizing control of the Internet, passing traffic on behalf of commercial entities (for profit), censoring all email, and establishing domestic monitoring stations with deployable teams to round up hackers. The backlash would be epic.

However, rebranding the story with different terminology makes it palatable. In 1917, the Navy “seized control of the spectrum” by operating all wireless infrastructure as a “warfighting platform,” thus ensuring it was “available, defendable, and ready to deliver effects.” Censoring traffic and closing unnecessary stations (and private sets) was “reducing the attack surface.”  Navy listening stations “conducted tailored Signals Intelligence” to detect enemy activity. This language should all sound familiar to Navy cyber personnel today, as “Operate the Network as a Warfighting Platform,” “Deliver Warfighting Effects through Cyberspace,” and “Conduct Tailored Signals Intelligence” are all goals extracted from the U.S. Fleet Cyber Command/TENTH Fleet (FCC/C10F) Strategic Plan.26 Like wireless, cyber capabilities are key to ensuring the flow of information, building a COP (associated FCC/C10F goal: “Create Shared Cyber Situational Awareness”), and enabling C2. While a crack team of Sailors might not jump into a “fast automobile” to hunt down an unauthorized Internet hotspot, the function is analogous to Cyber Protection Teams (CPTs) responding to intrusions on the DoD’s network.27 

While security partnerships between government and industry still exist, there are significant differences from 1917’s arrangements. The Navy could not seize control of the entire Internet as it did with all wireless capability in 1917. Wireless was in an “early adopter” phase and did not impact daily life and commerce to the extent of today’s Internet. Likewise, given the volume of email and internet traffic, censorship on the scale of 1917 is not feasible – even  if it was legal. Finally, while the Navy passing commercial traffic during WWI seems unusual now, the Navy actually had been routinely handling commercial traffic since 1912, when the Act to Regulate Radio Communication required that it “open Naval radio stations to the general public business” in places not fully served by commercial stations.28 That act effectively required the Navy to establish a commercial entity (complete with accounting) to oversee all duties of a commercial communication company; today this would essentially mean operating as an Internet Service Provider.29 In 1913, Department of the Navy General Order #10 opened all Naval ship communications to public business while in port; today’s Navy will most likely not turn its shipboard communications systems into public WiFi hotspots.30

Information Systems Technician 3rd Class John Erskine, Chief Information Systems Technician Jennifer Williams, Cryptologic Technician (Networks) 2nd Class Tyrone Fuller, and Information Systems Technician 2nd Class Amanda Kisner work together to assess the security of the computer networks aboard the aircraft carrier USS George H.W. Bush (CVN 77). (U.S. Navy photo)

The wireless story is also a cautionary tale. Even after the war was over, the Government did not want to relinquish control of the airwaves. Among multiple Executive Branch witnesses, SECNAV Daniels testified to Congress that “radio communications stands apart because the air cannot be controlled and the safe thing is that only one concern should control and own it” (the Navy).31 The President voiced his support, spurring headlines like “Wilson Approves Making Wireless a Navy Monopoly.” However, industry applied political pressure and successfully lobbied to restore wireless to commercial and private use in 1919.32 

Takeaways

It is tempting to think that this story is about technology. However, the most important lessons are about people. The final goal in today’s FCC/C10F Strategic Plan is to “Establish and Mature Navy’s Cyber Mission Forces”; the Navy of 1917 had similar challenges developing a workforce to exploit a new domain. Some of their approaches are applicable today (indeed, the Navy is already pursuing some of them):

  • The Navy of 1917 leveraged outside experience by strategically partnering with industry and amateur organizations to recruit wireless operators. In 1915, with war looming, the Superintendent of the Naval Radio Service foresaw a dramatic increase in the requirement for radio operators. He contacted wireless companies to request that they steer their employees towards obligating themselves to Government service in the event of war – the companies enthusiastically complied. He also contacted the National Amateur Wireless Association, which shared its membership rosters. By 1916, it had chapters organized to support their local Naval Districts and helped form the Naval Communication Reserve the following year.33 Patriotic amateurs even petitioned Congress to allow them to operate as “a thousand pair of listening ears” to monitor wireless transmissions from Germany.34  Today the opposite of 1917 happens, where the Navy loses trained, experienced personnel to contractors and commercial enterprise. While the Navy creates its own cyber warriors, it should continue tapping into patriotic pools of outside talent. Deepening relationships with companies by expansion of programs like “Tours With Industry” could help attract, train, and retain cyber talent.
  • The Navy established a variety of demanding training courses for wireless operators. One of the Navy’s earliest courses had non-trivial prerequisites (candidates had to be “electricians by trade” or have similar experience), lasted five months, and was not an introductory but rather a “post-graduate” course.35 Later, a growing Fleet and requirements for trained radiomen necessitated multi-level training. The Navy established radio schools in each Naval District to provide preliminary training and screen candidates for additional service. In 1917, it established a training program at Harvard. These programs provided the Navy over 100 radio operators per week in 1917 and over 400 per week by 1918.36  Today’s Navy should continue expanding its portfolio of cyber training courses to more fully leverage academia’s facilities and expertise.
Recruiting Poster: “What the Navy is Doing: Live and Learn” Showing students in the Navy radio wireless school, at Great Lakes Illinois, circa 1919. (Naval History and Heritage Command)
  • During the war, the Navy looked past cultural differences (and indiscretions) when drawing personnel from non-traditional backgrounds. The “wireless detective” described rogue wireless operators as “being of a perverse turn of mind,”37 and “a reckless lot – at times criminally mischievous.”38 However, the Navy leveraged these tendencies and employed former amateurs “who were familiar with the various tricks anyone might resort to in order to keep their receiving station open” to hunt secret wireless apparatus.39 Today’s cyber talent pool may not look or act like traditional recruits; however, they possess skills, experience, and mindsets critical to innovation. The Navy should weigh traditionally disqualifying enlistment criteria against talent, capability, and insight into adversarial tactics.
  • The Navy of 1917 offered flexible career paths to recruit skilled operators. Membership in the Naval Communication Reserve only required citizenship, ability to send/receive ten words per minute, and passing a physical exam.40 New members received a retainer fee until they qualified as “regular Naval radio operators” when their salary increased. There was no active duty requirement (except during war) and a member could request a discharge at any time.41 Today’s Navy should continue expanding flexible career paths allowing skilled cyber professionals to enter and exit active duty laterally (vice entering at the bottom and advancing traditionally).

Conclusion

There are several parallels between the advent of “wireless” warfare last century and today’s cyber warfare. In modern warfare, cyber capabilities are potential game changers, but many questions remain unanswered on how to best recruit, employ, and integrate cyber warriors into naval operations. Like wireless in 1917, it is easy to become focused on the technical aspects of a new capability and new domain. However, to fully wield cyber capabilities, the Navy needs to focus on the people and not the technology.

Tim McGeehan is a U.S. Navy Officer currently serving in Washington.  

Douglas T. Wahl is the METOC Pillar Lead and a Systems Engineer at Science Applications International Corporation.

The ideas presented are those of the authors alone and do not reflect the views of the Department of the Navy, Department of Defense, or Science Applications International Corporation.

References

[1] Tesla- Life and Legacy, 2004, http://www.pbs.org/tesla/ll/ll_whoradio.html

[2] Steel Ships at Tsushima – Five Amazing Facts About History’s First Modern Sea Battle, June 9, 2015, http://militaryhistorynow.com/2015/06/09/the-battleships-of-tsushima-five-amazing-facts-about-historys-first-modern-sea-battle/

[3]  G. F. Worts, Directing the War by Wireless, Popular Mechanics, May 1915, p. 650

[4] W. T. Stead, Wireless Wonders at the Admiralty, Dawson Daily News, September 13, 1908

[5] Fleet Commanders Fear Armchair Control During War by Means of Wireless, Boston Evening Transcript, May 2, 1908

[6] B. Scott, Restore the Culture of Command, USNI Proceedings, August 1915, https://www.usni.org/magazines/proceedings/2015-08/restore-culture-command ; D.A. Picinich, Mission Command in the Information Age: Leadership Traits for the Operational Commander, Naval War College, May 2013, http://www.dtic.mil/dtic/tr/fulltext/u2/a583531.pdf

[7] Lulz, Dot-dash-diss: The gentleman hacker’s 1903, New Scientist, https://www.newscientist.com/article/mg21228440-700-dot-dash-diss-the-gentleman-hackers-1903-lulz/

[8] H. J. B. Ward, Wireless Waves in the World’s War, The Yearbook of Wireless Telegraphy and Telephony, 1916, pp. 625-644, http://earlyradiohistory.us/1916war.htm

[9] Porthcurno, Cornwall: Cable Wars, May 2014, http://www.bbc.co.uk/programmes/p01wsdlh

[10] Navy’s Control of Radio a Big Factor in War, New York Herald, December 12, 1918,  http://earlyradiohistory.us/1918navy.htm

[11] H.C. Gearing, Naval Wireless Telegraphy on the Pacific Coast, Journal of Electricity, Power, and Gas, June 9, 1906, p. 309

[12] H.C. Gearing, Naval Wireless Telegraphy on the Pacific Coast, Journal of Electricity, Power, and Gas, June 9, 1906, p. 309

[13] H.C. Gearing, Naval Wireless Telegraphy on the Pacific Coast, Journal of Electricity, Power, and Gas, June 9, 1906, p. 309

[14] G. F. Worts, Directing the War by Wireless, Popular Mechanics, May 1915, p. 650

[15] Executive Order 2585, April 6, 1917,  http://www.presidency.ucsb.edu/ws/index.php?pid=75407

[16] Government Seizes Whole Radio System; Navy Takes Over All Wireless Plants It Needs and Closes All Others, The New York Times, April 8, 1917

[17] Executive Order 2605A, April 30, 1917, http://www.presidency.ucsb.edu/ws/index.php?pid=75415

[18] Executive Order 2604, April 28, 1917, http://www.presidency.ucsb.edu/ws/?pid=75413

[19] 1916 Annual Reports of the Department of the Navy, pp. 27-30

[20] 1916 Annual Reports of the Department of the Navy, pp. 27-30

[21] G. F. Worts, Directing the War by Wireless, Popular Mechanics, May 1915, p. 650

[22] P.H. Boucheron, Guarding the Ether During the War, Radio Amateur News, September, 1919, pp. 104, 141, http://earlyradiohistory.us/1919spy.htm

[23] P.H. Boucheron, Guarding the Ether During the War, Radio Amateur News, September, 1919, pp. 104, 141, http://earlyradiohistory.us/1919spy.htm

[24] P.H. Boucheron, A War-Time Radio Detective, lectrical Experimenter, May, 1920, pages 55, 102-106, http://earlyradiohistory.us/1920spy.htm

[25] 1917 Annual Reports of the Navy Department, p. 45

[26] U.S. Fleet Cyber Command/TENTH Fleet Strategic Plan 2015-2020, http://www.navy.mil/strategic/FCC-C10F%20Strategic%20Plan%202015-2020.pdf

[27] P.H. Boucheron, Guarding the Ether During the War, Radio Amateur News, September, 1919, pp. 104, 141, http://earlyradiohistory.us/1919spy.htm

[28] An Act to Regulate Radio Communication, SIXTY-SECOND CONGRESS. Session II, Chapter 287, August 13, 1912, pp. 302-308, https://www.loc.gov/law/help/statutes-at-large/62nd-congress/session-2/c62s2ch287.pdf

[29] An Act to Regulate Radio Communication, SIXTY-SECOND CONGRESS. Session II, Chapter 287, August 13, 1912, pp. 302-308, https://www.loc.gov/law/help/statutes-at-large/62nd-congress/session-2/c62s2ch287.pdf

[30] 1914 Annual Reports of the Navy Department, p. 219

[31] P. Novotny, The Press in American Politics, 1787-2012, 2014, p. 82

[32] P. Novotny, The Press in American Politics, 1787-2012, 2014, p. 83

[33] L.S. Howeth, Operations  and  Organization  of  United  States  Naval  Radio  Service  During  Neutrality  Period, History of Communications-Electronics in the United States Navy, 1963, pp. 227-235,  http://earlyradiohistory.us/1963hw19.htm

[34] P. Novotny, The Press in American Politics, 1787-2012, 2014, p. 79

[35] H.C. Gearing, The Electrical School, Navy Yard, Mare Island, Journal of Electricity, Power, and Gas, May 25, 1907, p. 395

[36] G. B. Todd, Early Radio Communications in the Twelfth Naval District, San Francisco, California, http://www.navy-radio.com/commsta/todd-sfo-01.pdf

[37] P.H. Boucheron, Guarding the Ether During the War, Radio Amateur News, September, 1919, pp. 104, 141, http://earlyradiohistory.us/1919spy.htm

[38] J. Keeley, 20,000 American “Watchdogs”, San Francisco Chronicle, January 30, 1916, http://earlyradiohistory.us/1916wat.htm

[39] P.H. Boucheron, Guarding the Ether During the War, Radio Amateur News, September, 1919, pp. 104, 141, http://earlyradiohistory.us/1919spy.htm

[40] L.S. Howeth, Operations  and  Organization  of  United  States  Naval  Radio  Service  During  Neutrality  Period, History of Communications-Electronics in the United States Navy, 1963, pp. 227-235,  http://earlyradiohistory.us/1963hw19.htm

[41] L.S. Howeth, Operations  and  Organization  of  United  States  Naval  Radio  Service  During  Neutrality  Period, History of Communications-Electronics in the United States Navy, 1963, pp. 227-235,  http://earlyradiohistory.us/1963hw19.htm

Featured Image: Soviet tracking ship Kosmonavt Yuri Gagarin.