Category Archives: Cyber War

Threats, risks, and players in the cyber realm.

Port Automation and Cyber Risk in the Shipping Industry

CIMSEC is committed to keeping our content FREE FOREVER. Please consider donating to our annual campaign now so we can continue to provide free content.

By Philipp Martin Dingeldey 


To stay ahead of competing ports and technological developments, automation has been heralded as inevitable. Major transshipment hubs and aspiring ports bet their future on automation, which raises the impact  cyber risks could have in the long-run.

Singapore’s Port Modernization

One example of port modernization is Singapore’s Tuas Port Project. To stay ahead of competing ports in Southeast Asia, PSA International and the city state have bet their future on the fully automated port on the western side of the island. The project is set to almost double the port’s current throughput capacity of twenty-foot equivalent units (TEUs) and consolidate all its container operations by 2040.

Singapore’s port is ranked second, behind Shanghai’s mega port, by total TEUs handled. Nevertheless, Singapore’s port is the world’s busiest transshipment hub, and therefore immensely important to global supply chains. The port’s volume growth of 6.4 percent for the first half of 2017 indicates that its investments in modernized berths and joint ventures with liners paid off.

While this is great news for the short term, container vessels on Asia-Europe trade routes will inevitably increase in size, requiring higher handling efficiency to achieve fast turn-around times. By the end of 2018, ultra large container vessels (ULCVs) are expected to gain a share of 61 percent of total capacity, pushing established hubs like Singapore to automate its terminals to stay relevant.

At the same time, next generation container vessels will not only be bigger, but also increasingly automated and even autonomous. As ports and the shipping industry are integral parts of global and regional supply chains, their automation and technological modernization raises the impact and potential of cyber risk.

How Good is Automation?

For Singapore’s port, automation is seen to not only strengthen its position as a transshipment hub well into the future, but also helps it keep up with technological developments and industry trends.

The shipping industry has generally been slow in adapting new technologies, due to its conservative nature and the large number of players involved. Currently, only a fraction of global container volume is handled by fully automated container terminals. In 2016, it was estimated that only 4-5 percent of container volume will be handled by fully automated terminals once ongoing projects were completed. Nonetheless, industry pressure and competition have heightened the need for ports to invest and automate, indicating that the number of automated terminals will increase.

Automated terminals allow ports to handle containers more efficiently by using operating systems to plan storage in accordance with collection and transshipment times. This reduces unnecessary box moves, shortens cycle times, and enables consistent and predictable throughput numbers.

Fully-automated terminals have the advantage of low operating costs and reliable operations, but require higher upfront costs, longer development, offer only low productivity increases at peak times, and have the general difficulty to fully automate a working terminal. On the other hand, semi-automated terminals offer the possibility for greater productivity increases at peak times, are generally understood to have the best overall productivity with less upfront costs, but require higher operating costs and are inconsistent when it comes to handling ULCVs.

While full automation gives large ports like Singapore’s the advantage of reliable, full-time operations at low operating costs, it requires long development times to fix bugs and offers only gradual productivity increases at peak times. On top of that, full automation also increases their vulnerability to cyber risks. This is due to the use of technologically advanced and networked systems.

The investment threshold to enter automation for ports is high, while not necessarily offering major increases in productivity. What automation does offer major port hubs is better predictability and consistency of container moves per hour. Additionally, automation reduces the room for human error, making operations safer. At the same time, automation reduces the environmental impact since terminals are mostly electrified, giving ports an additional competitive edge in an industry increasingly focused on sustainability.

Cyber Risks

The shipping industry and ports are seen by many insiders as underprepared for cyber threats. Even though major players in the shipping industry have recognized and acted on the risks posed by cyber threats, the majority have been slow to recognize potential business risks. Even though awareness has grown, the need for better information sharing persists. Automation further increases the exposure and impact of cyber threats for ports, highlighting the importance of data and system integrity.

The reality of cyber threats to automated terminals was demonstrated in the “NotPetya” cyber-attack in June 2017. The attack forced Maersk to interrupt operations at multiple terminals worldwide, causing logistical havoc for weeks after the attack. Overall, it cost Maersk roughly US$300 million, even though the attack was not specifically directed at the company. The “lucky hit” against one of the industry leaders showcases that even well-prepared firms can suffer financial losses due to cyber threats.

The difficulty with protecting automated terminals from cyber risks lies with their complexity. These terminals use industrial control systems that translate sensorial data and commands into mechanical actions. The network links between mechanical equipment and sensors are exposed to the same threats as data networks. The complexity is further increased by the months and years it can take to figure out and fix bugs and weaknesses in automated systems. In an automated system, different system components have to effectively work together as one, stretching the time needed to figure out and fix bugs. This involves mainly software issues that have to be fixed while also moving boxes of cargo at the terminal.

While ports have to secure themselves from a broad range of risks, cybercriminals can choose from a number of entry points. For example, external vendors, terminal operating systems, and unaware employees may be vulnerable to phishing attacks. Operational systems and data networks are not always up-to-date or properly secured, allowing criminals to gain comparatively easy access to information. To prevent the ports and shipping industry from most attacks, regular operating system updates, stronger passwords, secure satellite connections, resilience exercises, information sharing, and employee awareness campaigns should be practiced.

On top of that, modern ships bear the risk of spreading viruses onto port systems simply via Wi-Fi or other data networks. Industrial control systems are not designed with cyber risks or active network monitoring in mind. This is especially true for ships’ control systems, but can also affect the system components of ports.

Nevertheless, this is only addressing the technical side. The human factor still plays a major role in mitigating cyber risks. Personal details of ship crews can still be easily accessed, making them more vulnerable to social engineering via phishing or other techniques, unknowingly granting access to systems.

Human factors can take the form of criminals, terrorists, competitors, disgruntled employees, and more. Workers at mostly manual terminals, for example, generally do not like automation because it makes their jobs largely redundant. To reduce the chance for cyber threats stemming from or aided by disgruntled employees, ports can offer training and job guarantees to their workforce to make the transition to automation more incremental.

Port authorities, registries, and all major organizations in the shipping industry are increasingly aware of cyber threats and are responding through raising awareness or offering training courses. These are simple steps to better protect information and navigation systems on board ships. For example, BIMCO, the world’s largest international shipping association, made cyber security an important issue for the shipping industry three years ago via an awareness initiative. The association has further advocated the need for guidelines to evolve with the threats, launching the “Guidelines for Cyber Security Onboard Ships” in July 2017, which was endorsed and supported across the industry.

In addition, the Liberian ship registry started a computer-based two-hour cybersecurity training program in October 2017, offering a comprehensive overview of cybersecurity issues aboard ships. Nevertheless, it is unlikely that these courses and campaigns are enough to protect the industry. While it is a step in the right direction, more needs to be done through regulations.

Conclusion and Policy Recommendations

Since 2016, the International Maritime Organization (IMO) has put forward voluntary guidelines regarding cyber risks. Only after 2021 does the IMO plan to enforce a set of binding regulations on cybersecurity. This might be too late for many companies in the industry. Shipping companies should not wait until 2021, but should begin now to implement simple measures, like using firewalls and stronger passwords, to deter criminals from trying to exploit current weaknesses.

Further, even though the IMO adopted guidelines on maritime cyber risk management into the International Safety Management Code this year, ports and the shipping industry still need to establish a stronger culture on cybersecurity.

Major shipping hubs are part of large and less resilient supply chains, which are essential for regional and international trade. These supply chains depend on a small number of key ports, which are vulnerable to shocks from other ports. To make supply chains and port hubs more resilient to cyber risks, the shipping industry as a whole will have to adjust and prepare.

Companies will have to work together and share information on previous or ongoing attacks, so that experiences and best practices can be shared directly. Unfortunately, this has been difficult to achieve due to worries about how competitors may use the shared information. Singapore has set up the Port Authorities Focal Point Correspondence Network to further the exchange of information on past and current incidents. It remains to be seen if this network has worked to encourage the sharing of information.

Ports are logistical hubs where many companies compete for business, making information sharing naturally difficult. Currently, port security is based on the International Ship and Port Facility Security (ISPS) Code, which is heavily focused on the physical aspects of security. In order to make cyber risks a much more important issue for port security, the whole sector needs to step up and make it a priority.

Cyber risks are not just a technological matter, but require adequate awareness and planning to strengthen a port’s resilience. Training employees actively in security protocols and procedures with information systems is one way of achieving this. At the same time, ports need to engage in contingency and scenario planning to be better prepared should an attack occur. On top of all this, national bodies (e.g. institutes of standards) need to give better guidance on security testing and planning for ports, which should be supplemented by binding guidelines on reporting and information sharing mandated by global bodies like the IMO.

Philipp Martin Dingeldey is a Research Analyst with the Maritime Security Programme at the Institute of Defence and Strategic Studies (IDSS), S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. For questions and follow-ups he can be reached at

Featured Image: Port of Singapore (XPacifica/Gettyimages)

To Rule the (Air)Waves

By Tim McGeehan and Douglas Wahl

A new domain of conflict emerges as America transitions onto a wartime footing. Military, commercial, and private interests debate how to balance security, privacy, and utility for new technology that unleashes the free-flow of information. The President issues Executive Orders to seize and defend the associated critical infrastructure for exclusive government use for the duration of the conflict.

This is not the plot for a movie about a future cyber war, nor is it a forecast of headlines for late 2017; rather, the year was 1917 and the “new” technology was wireless telegraphy.

Long before anyone imagined WiFi, there was wireless telegraphy or simply “wireless.” This revolutionary technology ultimately changed the conduct of war at sea, making the story of its adoption and wartime employment timely and worthy of re-examination. While these events took place last century, they inform today’s discussion as the U.S. Navy grapples with similar issues regarding its growing cyber capabilities.

Wireless Unveiled

In 1896, Guglielmo Marconi filed the first patent for wireless telegraphy, redefining the limits of long range communication.1 Wireless quickly grew into a means of mass dissemination of information with applications across government, commerce, and recreation. The Russo-Japanese War of 1904-5 provided a venue to demonstrate its wartime utility, when Japanese naval scouts used their wireless to report critical intelligence concerning the Russian Fleet as it sailed for Tsushima Strait. This information allowed the Japanese Fleet to prepare a crippling attack on the Russians and secure victory at sea.2 

People came to believe that wireless communication was not only invaluable, but invulnerable, as described in 1915 by Popular Mechanics: “interference with wireless messages… is practically impossible. Telegraph wires and [submarine] cables may be cut, but a wireless wave cannot be stopped.”3

Naval Implications

Command and Control

Wireless profoundly impacted command and control (C2) at sea. Traditionally, on-scene commanders exercised C2 over ships in company via visual signals; once over the horizon, units relied on commander’s intent. Wireless changed this paradigm. By enabling the long-distance flow of information, wireless allowed a distant commander to receive reports from and issue orders to deployed units in real time, increasing a commander’s situational awareness (SA) and extending their reach. A 1908 newspaper article even referred to the Royal Navy’s wireless antenna at the Admiralty building as the “Conning Tower of the British Empire,” and that the First Sea Lord, “as he sits in his chair at Whitehall,” can “survey the whole area of possible conflict and direct the movements of all the fleets with as much ease as if they were maneuvering beneath his office windows.”4

While wireless did improve communication, it did not achieve harmony between the Fleet and its headquarters. A second 1908 article appeared with a self-explanatory title: “Fleet Commanders Fear Armchair Control During War by Means of Wireless.”5 Much as today, officers considered increased connectivity a mixed blessing; they appreciated the information flow but feared interference with their ability to command.6

Vulnerabilities and Opportunities

While wireless increased SA, it introduced new vulnerabilities. The discipline of Signals Intelligence grew with the ability to intercept communications from adversary ships. While Marconi claimed to have a secure means of transmission, this was quickly disproven in the 1903 “Maskelyne Affair,” when a wireless competitor hijacked Marconi’s public demonstration and transmitted an obscene Morse code message that was received in front of Marconi’s audience.7  This “spoofing” foreshadowed similar episodes in World War I (WWI) where false messages were sent by adversary operators impersonating friendly ones.8

Militaries understood the vulnerabilities of wireless even before the outbreak of WWI. The day after declaring war on Germany, the British cut five German undersea telegraph cables. This action degraded the Germans’ long-distance communications capability and forced them to rely on less secure wireless transmissions, which were vulnerable to interception.9

While the “internals” (content) of these signals held strategic value by revealing an adversary’s plans and intentions, the “externals” (emission characteristics) held tactical value. With the advent of direction finding (DF) capabilities, friendly units could locate transmitting adversary platforms (to include a new menace, the submarine). When combined with known locations of friendly units (self-reported by wireless), these positions provided a near-real time common operating picture (COP).

Mitigations and Countermeasures

Ships could mitigate some vulnerability by maintaining radio silence to deny adversary DF capabilities. A complementary tactic was the adoption of Fleet broadcasts, with headquarters transmitting to all units on a fixed schedule (analogous to today’s Global Broadcast System).10 This “push” paradigm allowed ships to passively receive information, vice having to transmit requests for it (and risk disclosing their location to adversary DF).

In 1906, The Journal of Electricity, Power, and Gas described early countermeasures, specifically jamming techniques, where in “war games one Fleet has kept plying its wireless apparatus incessantly thereby blocking the signals of its opponents until it has passed clear.”11 It analyzed the ‘recent’ Russo-Japanese War, noting that while Russian ships sortied from Port Arthur, “the powerful station on shore began to grind out the Russian alphabet, thus paralyzing the weaker [wireless] outfits of the Japanese pickets.”12 It criticized the Russians for not continually transmitting on their wireless to interfere with the Japanese scouts reporting on their position in the run up to Tsushima Strait.13 In 1915, Popular Mechanics even described how to counter jamming, by “making frequent changes of wave length at known intervals,” a practice known today as “frequency hopping.”14

Wireless, WWI, and the U.S. Navy

On the day America entered WWI, President Wilson issued Executive Order (EO)-2585, which directed “radio stations within the jurisdiction of the United States as are required for Naval communications shall be taken over by the Government…and furthermore that all radio stations not necessary to the Government of the United States for Naval communications, may be closed.”15 The New York Times ran the headline “GOVERNMENT SEIZES WHOLE RADIO SYSTEM; Navy Takes Over All Wireless Plants It Needs and Closes All Others.”16 Weeks later EO-2605A went further and directed the removal “all radio apparatus” from stations not required by the Navy.17 In addition, EO-2604 titled “Censorship of Submarine Cables, Telegraph, and Telephone Lines” gave the Navy additional authority over all submarine cables and the Army authority over all telegraph and telephone lines.”18 Thereafter, the military controlled all means of telecommunication in the United States.

Secretary of the Navy (SECNAV) Daniels had provided rationale for wireless seizure in 1916, when he explained that “control of the Fleet requires a complete and effective Naval radio system on our coasts” and instances of “mutual interference between the Government and commercial stations, ship, and shore, are increasing.”19 He saw no way to resolve the issue “except by the operation of all radio stations on the coast under one control” (the Navy).20

Class in session, at the Wireless School at the Washington Navy Yard, D.C. December 1904. Note schematic diagram on blackboard, and apparatus in use. (Naval History and Heritage Command)

Officials prohibited foreign ships in U.S. ports from using their wireless, sealed their transmitters, and sometimes even removed their antennae. The government shut down amateur operators altogether. Two years earlier, The Journal of Electricity, Power, and Gas opined the “Government would have a tremendous task on its hands if an attempt should be made to dismantle all privately-owned stations, as more than 100,000 of them exist.”21 Nonetheless, that is exactly what happened.

Federal agents worked to track down and secure unauthorized wireless sets and their rogue operators. The Navy assigned operators at newly commissioned “listening-in stations” to monitor signals in specific frequency bands for their geographic area.22 When a suspicious signal was detected, multiple stations triangulated the transmitter and “Naval investigators would immediately [be dispatched to] reach the spot in fast automobiles.”23 The Electrical Experimenter featured a series about a “radio detective” who worked tirelessly to hunt down wireless operators. The detective described false alarms, but also the genuine discovery of hidden antennae disguised as clotheslines, tracing wires to buildings, and catching rogue operators and foreign agents.24

It is worthy to note that even after seizing control of the wireless enterprise, the government recognized the economic impact of wireless and therefore directed the Navy to continue passing commercial traffic. In 1917, SECNAV Daniels reported that the Navy made a profit providing this service and submitted $74,852.59 to the Treasury.25


The wireless actions of 1917 projected into cyber actions of 2017 would be analogous to the Navy seizing control of the Internet, passing traffic on behalf of commercial entities (for profit), censoring all email, and establishing domestic monitoring stations with deployable teams to round up hackers. The backlash would be epic.

However, rebranding the story with different terminology makes it palatable. In 1917, the Navy “seized control of the spectrum” by operating all wireless infrastructure as a “warfighting platform,” thus ensuring it was “available, defendable, and ready to deliver effects.” Censoring traffic and closing unnecessary stations (and private sets) was “reducing the attack surface.”  Navy listening stations “conducted tailored Signals Intelligence” to detect enemy activity. This language should all sound familiar to Navy cyber personnel today, as “Operate the Network as a Warfighting Platform,” “Deliver Warfighting Effects through Cyberspace,” and “Conduct Tailored Signals Intelligence” are all goals extracted from the U.S. Fleet Cyber Command/TENTH Fleet (FCC/C10F) Strategic Plan.26 Like wireless, cyber capabilities are key to ensuring the flow of information, building a COP (associated FCC/C10F goal: “Create Shared Cyber Situational Awareness”), and enabling C2. While a crack team of Sailors might not jump into a “fast automobile” to hunt down an unauthorized Internet hotspot, the function is analogous to Cyber Protection Teams (CPTs) responding to intrusions on the DoD’s network.27 

While security partnerships between government and industry still exist, there are significant differences from 1917’s arrangements. The Navy could not seize control of the entire Internet as it did with all wireless capability in 1917. Wireless was in an “early adopter” phase and did not impact daily life and commerce to the extent of today’s Internet. Likewise, given the volume of email and internet traffic, censorship on the scale of 1917 is not feasible – even  if it was legal. Finally, while the Navy passing commercial traffic during WWI seems unusual now, the Navy actually had been routinely handling commercial traffic since 1912, when the Act to Regulate Radio Communication required that it “open Naval radio stations to the general public business” in places not fully served by commercial stations.28 That act effectively required the Navy to establish a commercial entity (complete with accounting) to oversee all duties of a commercial communication company; today this would essentially mean operating as an Internet Service Provider.29 In 1913, Department of the Navy General Order #10 opened all Naval ship communications to public business while in port; today’s Navy will most likely not turn its shipboard communications systems into public WiFi hotspots.30

Information Systems Technician 3rd Class John Erskine, Chief Information Systems Technician Jennifer Williams, Cryptologic Technician (Networks) 2nd Class Tyrone Fuller, and Information Systems Technician 2nd Class Amanda Kisner work together to assess the security of the computer networks aboard the aircraft carrier USS George H.W. Bush (CVN 77). (U.S. Navy photo)

The wireless story is also a cautionary tale. Even after the war was over, the Government did not want to relinquish control of the airwaves. Among multiple Executive Branch witnesses, SECNAV Daniels testified to Congress that “radio communications stands apart because the air cannot be controlled and the safe thing is that only one concern should control and own it” (the Navy).31 The President voiced his support, spurring headlines like “Wilson Approves Making Wireless a Navy Monopoly.” However, industry applied political pressure and successfully lobbied to restore wireless to commercial and private use in 1919.32 


It is tempting to think that this story is about technology. However, the most important lessons are about people. The final goal in today’s FCC/C10F Strategic Plan is to “Establish and Mature Navy’s Cyber Mission Forces”; the Navy of 1917 had similar challenges developing a workforce to exploit a new domain. Some of their approaches are applicable today (indeed, the Navy is already pursuing some of them):

  • The Navy of 1917 leveraged outside experience by strategically partnering with industry and amateur organizations to recruit wireless operators. In 1915, with war looming, the Superintendent of the Naval Radio Service foresaw a dramatic increase in the requirement for radio operators. He contacted wireless companies to request that they steer their employees towards obligating themselves to Government service in the event of war – the companies enthusiastically complied. He also contacted the National Amateur Wireless Association, which shared its membership rosters. By 1916, it had chapters organized to support their local Naval Districts and helped form the Naval Communication Reserve the following year.33 Patriotic amateurs even petitioned Congress to allow them to operate as “a thousand pair of listening ears” to monitor wireless transmissions from Germany.34  Today the opposite of 1917 happens, where the Navy loses trained, experienced personnel to contractors and commercial enterprise. While the Navy creates its own cyber warriors, it should continue tapping into patriotic pools of outside talent. Deepening relationships with companies by expansion of programs like “Tours With Industry” could help attract, train, and retain cyber talent.
  • The Navy established a variety of demanding training courses for wireless operators. One of the Navy’s earliest courses had non-trivial prerequisites (candidates had to be “electricians by trade” or have similar experience), lasted five months, and was not an introductory but rather a “post-graduate” course.35 Later, a growing Fleet and requirements for trained radiomen necessitated multi-level training. The Navy established radio schools in each Naval District to provide preliminary training and screen candidates for additional service. In 1917, it established a training program at Harvard. These programs provided the Navy over 100 radio operators per week in 1917 and over 400 per week by 1918.36  Today’s Navy should continue expanding its portfolio of cyber training courses to more fully leverage academia’s facilities and expertise.
Recruiting Poster: “What the Navy is Doing: Live and Learn” Showing students in the Navy radio wireless school, at Great Lakes Illinois, circa 1919. (Naval History and Heritage Command)
  • During the war, the Navy looked past cultural differences (and indiscretions) when drawing personnel from non-traditional backgrounds. The “wireless detective” described rogue wireless operators as “being of a perverse turn of mind,”37 and “a reckless lot – at times criminally mischievous.”38 However, the Navy leveraged these tendencies and employed former amateurs “who were familiar with the various tricks anyone might resort to in order to keep their receiving station open” to hunt secret wireless apparatus.39 Today’s cyber talent pool may not look or act like traditional recruits; however, they possess skills, experience, and mindsets critical to innovation. The Navy should weigh traditionally disqualifying enlistment criteria against talent, capability, and insight into adversarial tactics.
  • The Navy of 1917 offered flexible career paths to recruit skilled operators. Membership in the Naval Communication Reserve only required citizenship, ability to send/receive ten words per minute, and passing a physical exam.40 New members received a retainer fee until they qualified as “regular Naval radio operators” when their salary increased. There was no active duty requirement (except during war) and a member could request a discharge at any time.41 Today’s Navy should continue expanding flexible career paths allowing skilled cyber professionals to enter and exit active duty laterally (vice entering at the bottom and advancing traditionally).


There are several parallels between the advent of “wireless” warfare last century and today’s cyber warfare. In modern warfare, cyber capabilities are potential game changers, but many questions remain unanswered on how to best recruit, employ, and integrate cyber warriors into naval operations. Like wireless in 1917, it is easy to become focused on the technical aspects of a new capability and new domain. However, to fully wield cyber capabilities, the Navy needs to focus on the people and not the technology.

Tim McGeehan is a U.S. Navy Officer currently serving in Washington.  

Douglas T. Wahl is the METOC Pillar Lead and a Systems Engineer at Science Applications International Corporation.

The ideas presented are those of the authors alone and do not reflect the views of the Department of the Navy, Department of Defense, or Science Applications International Corporation.


[1] Tesla- Life and Legacy, 2004,

[2] Steel Ships at Tsushima – Five Amazing Facts About History’s First Modern Sea Battle, June 9, 2015,

[3]  G. F. Worts, Directing the War by Wireless, Popular Mechanics, May 1915, p. 650

[4] W. T. Stead, Wireless Wonders at the Admiralty, Dawson Daily News, September 13, 1908

[5] Fleet Commanders Fear Armchair Control During War by Means of Wireless, Boston Evening Transcript, May 2, 1908

[6] B. Scott, Restore the Culture of Command, USNI Proceedings, August 1915, ; D.A. Picinich, Mission Command in the Information Age: Leadership Traits for the Operational Commander, Naval War College, May 2013,

[7] Lulz, Dot-dash-diss: The gentleman hacker’s 1903, New Scientist,

[8] H. J. B. Ward, Wireless Waves in the World’s War, The Yearbook of Wireless Telegraphy and Telephony, 1916, pp. 625-644,

[9] Porthcurno, Cornwall: Cable Wars, May 2014,

[10] Navy’s Control of Radio a Big Factor in War, New York Herald, December 12, 1918,

[11] H.C. Gearing, Naval Wireless Telegraphy on the Pacific Coast, Journal of Electricity, Power, and Gas, June 9, 1906, p. 309

[12] H.C. Gearing, Naval Wireless Telegraphy on the Pacific Coast, Journal of Electricity, Power, and Gas, June 9, 1906, p. 309

[13] H.C. Gearing, Naval Wireless Telegraphy on the Pacific Coast, Journal of Electricity, Power, and Gas, June 9, 1906, p. 309

[14] G. F. Worts, Directing the War by Wireless, Popular Mechanics, May 1915, p. 650

[15] Executive Order 2585, April 6, 1917,

[16] Government Seizes Whole Radio System; Navy Takes Over All Wireless Plants It Needs and Closes All Others, The New York Times, April 8, 1917

[17] Executive Order 2605A, April 30, 1917,

[18] Executive Order 2604, April 28, 1917,

[19] 1916 Annual Reports of the Department of the Navy, pp. 27-30

[20] 1916 Annual Reports of the Department of the Navy, pp. 27-30

[21] G. F. Worts, Directing the War by Wireless, Popular Mechanics, May 1915, p. 650

[22] P.H. Boucheron, Guarding the Ether During the War, Radio Amateur News, September, 1919, pp. 104, 141,

[23] P.H. Boucheron, Guarding the Ether During the War, Radio Amateur News, September, 1919, pp. 104, 141,

[24] P.H. Boucheron, A War-Time Radio Detective, lectrical Experimenter, May, 1920, pages 55, 102-106,

[25] 1917 Annual Reports of the Navy Department, p. 45

[26] U.S. Fleet Cyber Command/TENTH Fleet Strategic Plan 2015-2020,

[27] P.H. Boucheron, Guarding the Ether During the War, Radio Amateur News, September, 1919, pp. 104, 141,

[28] An Act to Regulate Radio Communication, SIXTY-SECOND CONGRESS. Session II, Chapter 287, August 13, 1912, pp. 302-308,

[29] An Act to Regulate Radio Communication, SIXTY-SECOND CONGRESS. Session II, Chapter 287, August 13, 1912, pp. 302-308,

[30] 1914 Annual Reports of the Navy Department, p. 219

[31] P. Novotny, The Press in American Politics, 1787-2012, 2014, p. 82

[32] P. Novotny, The Press in American Politics, 1787-2012, 2014, p. 83

[33] L.S. Howeth, Operations  and  Organization  of  United  States  Naval  Radio  Service  During  Neutrality  Period, History of Communications-Electronics in the United States Navy, 1963, pp. 227-235,

[34] P. Novotny, The Press in American Politics, 1787-2012, 2014, p. 79

[35] H.C. Gearing, The Electrical School, Navy Yard, Mare Island, Journal of Electricity, Power, and Gas, May 25, 1907, p. 395

[36] G. B. Todd, Early Radio Communications in the Twelfth Naval District, San Francisco, California,

[37] P.H. Boucheron, Guarding the Ether During the War, Radio Amateur News, September, 1919, pp. 104, 141,

[38] J. Keeley, 20,000 American “Watchdogs”, San Francisco Chronicle, January 30, 1916,

[39] P.H. Boucheron, Guarding the Ether During the War, Radio Amateur News, September, 1919, pp. 104, 141,

[40] L.S. Howeth, Operations  and  Organization  of  United  States  Naval  Radio  Service  During  Neutrality  Period, History of Communications-Electronics in the United States Navy, 1963, pp. 227-235,

[41] L.S. Howeth, Operations  and  Organization  of  United  States  Naval  Radio  Service  During  Neutrality  Period, History of Communications-Electronics in the United States Navy, 1963, pp. 227-235,

Featured Image: Soviet tracking ship Kosmonavt Yuri Gagarin.

Sea Control 143 – Cyber Threats to Navies with Dr. Alison Russell

By Matthew Merighi 

Join us for the latest episode of Sea Control for a conversation with Dr. Alison Russell of Merrimack College about navies and their relationship with cyber. It’s about the distinct layers of cybersecurity, how navies use them to enhance their capabilities, and the challenges in securing and maintaining that domain.

Download Sea Control 143 – Cyber Threats to Navies with Alison Russell 

This interview was conducted by the Institute for Security Policy at Kiel University. A transcript of the interview between Alison Russell (AR) and Roger Hilton (RH) is below. The transcript has been edited for clarity. Special thanks to Associate Producer Cris Lee for producing this episode.

RH: Hello and Moin Moin, Center for International Maritime Security listeners. I am Roger Hilton, a nonresident academic fellow at the Institute for Security Policy at Kiel University, welcoming you back for another edition of the Sea Control series podcast. Did any listeners read the news on twitter, message your friend on Facebook, or even do some mobile banking? Are you streaming this podcast for your enjoyment? If you did any of the above, like myself, you are dependent on the internet. So logically, based on this fact, it should come as no surprise that contemporary navies are as well. Naval technological capabilities and strategies have exponentially evolved from the nascent beginnings. Steam ships have been replaced by nuclear powered carriers while cannons have been substituted for intercontinental ballistic missiles. No doubt the power of modern navies is awesome, and as a result, their dependency and reliance on the cyber realm must not be overlooked.

Consequently, does this interconnectedness between hardware and software in fact leave 21st century navies more exposed to attacks from invisible torpedoes than actual physical ones? Here to help us navigate the minefield of the cyber threats facing both naval strategy and security is Dr. Allison Russell, she’s a professor of political science and international relations at Merrimack College in Massachusetts and a nonresident researcher at the Center for Naval Analyses. In addition, she’s the author of two books, Cyber Blockade and more recently, Strategic A2AD in Cyberspace. Dr. Russell, thanks for coming aboard today.

AR: It is great to be speaking with you Roger. Thank you for having me in your program today.

RH: Well, let’s get right into it. There’s no doubt that cyberspace and threats associated with it are hot topics today. While much of the news coverage on cyber threats is focused on hackers spreading disinformation, or even potentially gaining access to critical infrastructure, can you provide an initial overview of the role cyber plays in the contemporary maritime environment and as well as some of the menaces targeting the Navy?

AR: I would be glad to. As you pointed out, much of the attention on cyber threats focuses on hackers, data thefts, cyber espionage, and information or influence campaigns. And those are important. But these really are not the biggest threats in the maritime environment. The threats naval forces face in a maritime environment vary depending upon the part of cyberspace we’re talking about.

See, there are four levels in cyberspace: the physical, the logic, the information, and the user layers. The physical layer is the physical infrastructure, the hardware that underpins the global grid that is the basis of cyberspace. Although we tend to think of the internet and cyberspace as wireless or in the cloud, it is very much reliant upon physical infrastructure at its most basic level. Fiber optic cables including undersea cables, and satellites comprise some of the more prominent features of the physical layers of cyberspace.

The second layer is the logic layer. This is the central nervous system of cyberspace. This is where the decision-making and routing occurs to send and receive messages to retrieve files, really to do anything in cyberspace. The request must be processed through the logic layer. The key element of the logic layer are things such as DNS, the Domain Name Servers, and internet protocols.

The third level is the information level. This is what we see when we go on the internet: Websites, chats, emails, photos, documents, apps. All of that is the information posted at this level. But it is reliant on the previous two levels in order to function.

Lastly, the fourth level is the user level: the humans who are using the devices and are interacting with cyberspace. They matter because cyberspace is a man-made entity and its topography can be changed by people. Cyberspace is critical to modern naval strategy and security because it underpins the essential communications networks and capabilities of naval forces. And adversaries will seek to destroy or degrade those capabilities in the event of a conflict. Cyberspace enables robust command and control, battlespace awareness, intelligence gathering, and precision targeting, which are at the core of mission success. These days navies must defend and maintain their freedom to operate within cyberspace in order to be effective forces at sea.

RH: Thanks for the brief outline. As I mentioned earlier the identity of the navy has changed greatly since its original inception into conflict theaters. Accordingly, the advent of cyberspace has added an entirely different dynamic to the field. And you mention some of them as well. Consequently, what are some of the new responsibilities that have arrived with the integration of cyber to navies? And in general, what is the role the navy plays within a larger national security architecture?

AR: The cyber capabilities are really integrated at all levels at the naval mission. So, the core capabilities navies seek to provide are the blue-water capabilities of forward presence, deterrence, control, sea control, and power projection, as well as maritime security and humanitarian assistance or disaster response. All of these core capabilities are supported and enhanced by cyber capabilities. Thus, the full spectrum of naval operations and the corresponding naval strategy involve cyber capabilities today.

For more technologically advanced navies, these cyber capabilities are so integrated into weapon systems and platforms, that they’ve become essential to full spectrum warfighting operations. For the less technologically advanced navies, cyber capabilities can still play an important role in augmenting other capabilities by providing command and control and acting as a force multiplier in certain situations. In addition to their blue water role, naval forces are responsible for providing cyber capabilities to support combatant commanders’ objectives in defense of national information networks and for fleet deployment. They are force providers to joint and interagency operations. They are supporters of the national mission and blue-water warriors all at the same time. As a result, they must have a holistic, full spectrum understanding of the role cyberspace plays from tactics to operations to grand strategy.

RH: That was a great encompassing of it. As you can see it comes full circle when you compare conflict theatres to human assistance missions which is great you mentioned. At the same time Dr. Russell, you cite out naval strategies are in a period of transition at the moment. Could you elaborate on these implications with regard to how cyberspace is impacting the current formation of national naval strategies?

AR: Yes, naval strategies are in a period of transition with regards to cyberspace. Most navies acknowledge the importance of cyberspace as a critical enabler, but there’s emerging recognition that cyberspace is also much more than that. Ultimately, cyberspace is a game changer for naval forces and security forces in general. All phases of conflict now have a cyber dimension. From phase zero planning to phase five stabilization and reconstruction, cyberspace affects all levels of war, from strategic to the operational to the tactical. All types of conflict are affected by cyberspace including conflicts in the other four domains. For naval forces in particular, cyberspace enables new kinds of fires: Cyber-fires. It improves situational awareness and enhances command and control.

It has also opened the door to new threats. Anti-access and area denial operations, improved targeting capabilities by adversaries, and presenting more targets for attack in the form of cyber-attacks. As naval forces adopt next technologies to leverage the unique capabilities of cyberspace, reliable access to cyberspace is a necessity. Assuring access to cyberspace and confident C2 for deployed forces regardless of the threat environment is a top priority for the U.S. Navy as well as for many others.

RH: There’s no doubt based on your texts and some of the other content out there that reliable access seems to be driving naval strategy and security, especially among the technically advanced navies. So thank you for mentioning that to the listeners.

We spoke about technologically advanced navies and less technologically advanced navies. To demonstrate some of the diversity in strategy, can you provide a quick comparison about how some of the national strategies have integrated cyberspace in their doctrine?

AR: Yes, I think a comparison of the U.S. and Russia helps to illustrates this.

RH: You couldn’t have picked two better countries to compare at the moment, so thank you for that selection, Dr. Russell.

AR: (Laughs) Well, there’s a lot of interesting things happening there. The current U.S. maritime strategy, the 2015 Cooperative Strategy for 21st Century Seapower, has incorporated cyberspace and cyber power into that strategy in a very robust way. The strategy talks exclusively about all domain access and cross-domain synergy. By which it means, synchronizing battlespace awareness with all the layers and sensors and intelligence within that, and synchronizing that with the short access to networks. Offensive and defensive cyber operations, electromagnetic maneuver warfare, and integrated kinetic and non-kinetic fires. All of this is apparent in U.S. maritime strategy as essential elements in supporting the naval mission. And it’s all spelled out.

In contrast, there is very little information that is publicly available about how cyberspace effects the Russian maritime strategy. At last check, Russian maritime strategy does not directly address cyberspace and cyber security as a maritime or naval responsibility. But it does recognize the importance of what it calls information support of maritime activities for the maintenance and development of global information systems, including systems for navigation, hydrographic, and other forms of security. Most of the publicly available Russian cyber strategy in general focuses on information operations and disinformation campaigns. Despite having advanced cyber-capabilities, there’s not much information available on how that is being integrated into the Russian naval strategy.

RH: You know, it’s very unfortunate that there was no release of any new information recently in St. Petersburg, they celebrated national Navy day with President Putin visiting. But I guess we’ll have to stay on the lookout for any new information.

Before we even go up into the highly integrated platforms of navies in cyber, you reference very acutely the Kremlin’s use of synchronized fires. Can you briefly elaborate on what this concept is and if we can expect to see a similar pattern in future conflict theaters?

AR: Yes, without a doubt I think we can expect to see a similar pattern in the future. For those who don’t know, during the Russia-Georgia War of 2008, Russian forces assaulted Georgia on land, in the air, and from the sea, while at the same time Georgia was subjected to destructive distributed denial of service or DDOS attacks on the websites of Georgian government offices, financial services, and in news agencies. So, this was a synchronized attack in multiple domains on Georgia from Russia simultaneously.

In the Russia-Ukraine conflict, similarly Ukraine suffered multiple cyber attacks in conjunction with that conflict, including cyber attacks targeting infrastructure. I think that these synchronized integrated fires will likely continue and eventually become the norm in conventional conflict unless some action is taken, diplomatically or otherwise, to limit the use of cyber fires or restrict the number of quote unquote “legitimate” cyber targets.

RH: Again, that’s Russia picking on countries that are less developed, but it would be interesting to see moving forward against another more developed or modern adversary if it would be as effective a concept. When assessing operational level warfare, as well as tactical level warfare, how does cyberspace enhance their application?

AR: Starting with the operational level, cyberspace operations can be categorized in three ways: Offensive action, defensive action, and network operations.

Offensive cyberspace operations are designed to project power through the application of force in or through cyberspace. They’re cyber attacks. Defensive cyberspace operations are intended to defend national or allied cyberspace systems or infrastructure. Network operations design, build, configure, secure, operate, and maintain information networks and the communications systems themselves to ensure the availability of data, the integrity of the system, and confidentiality. So those all work together on operational level.

So, to give an example, we already talked about how cyberspace enables assured command and control, integrated fires, battlespace awareness, intelligence, as well as protection and sustainment. It also enables naval maneuvers, with positioning, navigation, and timing support. For sea-based power projection, in a landscape that is very often devoid of signposts and landmarks, the ability to have precise navigational information and over-the-horizon situational awareness is particularly critical. Cyber and satellite-based global positioning and navigational systems provide this capability. Beyond the navy itself, commercial and academic institutions that provide support to the fleet or the military in the form of design, manufacturing, research, and other products and services, are also part of the broader environment for naval security.

So, naval security and warfighting advantage depends in part upon thwarting attacks on military or government sites, as well as securing sensitive information from cyber theft or cyber espionage. Sensitive information in the wrong hands can of course undermine the operational effectiveness of the fleet by improving targeting of naval forces by adversaries and increasing the adversary’s knowledge of how forces man, train, and equip for warfighting.

Moving to the tactical level, naval commanders must incorporate the use of cyber technologies into their battlefield tactics. In practical terms, this means that defensive and offensive cyber capabilities will be integrated alongside kinetic action. This is the integrated fires. Cyberspace can increase the effectiveness of traditional kinetic fires through improved intelligence and targeting. But it also presents new challenges for defensive operations to protect these systems from cyberattack as well as kinetic fires.

Cyberspace and cyber capabilities play a particularly important role in supporting network-centric weapon systems, such as the tactical Tomahawk missile, which the U.S. launched into Syria in April. Tactical Tomahawks receive in-flight targeting data from operational command centers. Similarly, carrier aviation maintenance programs rely on cyberspace to enable them to provide mission ready aircraft.

There are alternatives and workarounds to overcome system failures, but the point is that reliable access to cyberspace is critical to the successful employment of these systems. Naval security also depends upon the protection of access and critical information whether it is classified or not. For naval forces, this process of protecting critical information means educating and training sailors in good cyber hygiene habits and having cyber security integrated into the life cycles of systems.


RH: Moving on, we’ve discussed how naval strategies revolve around the four key layers. It is clear that the structure of cyberspace begins with the physical layer. Sometimes users forget how hardware like fiber optic cables and satellites are hidden from view in our daily use of cyberspace. It looks to be a frightening future as you provided a few examples that confirm how vulnerable these physical elements are to tampering.

An appropriate contextualization for the listeners of this threat was on display in a 2015 New York Times article that describes increased Russian submarine activity and how the construction of unmanned, undersea drones related to fiber optic cables is rattling the Pentagon. According to Rear Admiral Fredrick Roegge, commander of the Navy Submarine fleet Pacific (COMSUBPAC) he was quoted as saying, “I’m worried everyday about what the Russians could be doing.” What is your take on the threat to the physical layer and is this threat explicitly exaggerated? Or is it a feature that national security policy makers should be more concerned with?

AR: That’s a great question, I don’t believe that it’s exaggerated. The cables carrying global business for more than $10 trillion per day and 95 percent of daily communications. They are very important to our global economic and political structure.

Back in the 70s before there was a system as robust and widespread as it is today, the U.S. was willing to take great risks to tap into the cables in Soviet waters to gain intelligence. Now these cables carry much more information and have much more value in the present context. The Russians are seeking to identify and potentially exploit infrastructure weaknesses of the US and the West. So, I think it is absolutely worth being concerned about.

RH: Can you comment a little bit on what would happen in the event of tampering and what the process of repair might look like moving forward?

 AR: Well, it’s a little hard to speculate on exactly what would happen, but somethings that could happen is, cables could be severed, they could be cut, which would cause a slowdown in the system, and it would be difficult to repair them, particularly because these cables lie along the ocean bed, the floor of the ocean. And so, there are a certain number of ships in the world that can go to these places and fix the cables and that can be a process that is expensive and is time consuming. That’s just one scenario where the cables are cut.

Another scenario is that they can be potentially tapped into somehow. That is, of course, what the U.S. did to the Soviet Union in Operation Ivy Bells in the 1970s, and that was used for espionage purposes. So, something along those lines could be done with these cables with information being stolen or simply recorded and copied, but then passed along so that nobody knows that someone else was listening in. So, there are a variety of different things and they would require different responses, but some of them would be difficult to detect and to identify that there was a problem, while others like a cut in the cable would be immediately apparent.

RH: In terms of the logic layer, do you think it’s conceivable that a Stuxnet-like attack could seriously damage naval operations? It is worth noting to our audience that even in the case of air-gapped networks, which is what Iran was using, infections from viruses are still possible.

AR: I think it is entirely possible that a cyber-attack could manipulate the logic layer of cyberspace in a number of ways which could cause it to malfunction or shut down completely in order to inhibit the flow of data, which could directly affect naval operations. You make a very good point that even air-gap networks are still at risk. The Stuxnet attack happened 10 years ago, but it successfully targeted highly sensitive protected air-gap systems. And the technology and cyberweapons have advanced quite a lot in the decade since then.

RH: It seems like a bit of an antiquated question, but in the event, that a Stuxnet attack hit a naval operation, what would the response of the Navy be? I mean, do they still know how to use compasses and work like they did back in the day?

AR: (Laughs) This is a good question. But there are workarounds. There are capabilities that are redundant that have resiliency built in. Things would not function perfectly, but most things would still continue to function, so they would still be able to get to where they were going, but they wouldn’t be as effective as they’re intended to be. And so, it would be problematic. Absolutely.

RH: Just as an example for listeners though, but again theoretically, if there was a Stuxnet attack on an operation, it could kill the ability of network-centric weapons to function, correct?


AR: It has that potential, or could cause them to malfunction. So, an object could appear to go on course  go off course, or not be able to function entirely or, if it’s ordnance, explode too early, something along those lines.

It can cause a variety of effects, depending on exactly what type of attack it is and what it’s designed to do. Because these attacks – we say attacks in cyberspace happen very quickly because they do in cyberspace – but they also typically take a very long time to develop.

So, that’s another thing where we can develop the cyberweapons and keep them until you’re ready to use them, they do take a while to actually develop. But once you deploy them they happen almost immediately.

RH: A lot of those symptoms you just mentioned earlier about, sort of, missiles veering off course or exploding too early, that’s also a good way to look at the early stages of the North Korean missile program, which unfortunately has evolved to a dangerous point right now. But that’s also maybe a good example if you would agree about the various difficulties that come with a Stuxnet like attack on any sort of cyber infrastructure.

AR: I think that’s an excellent sample.

RH: Drives people crazy in Pyongyang. We have an established the crucial role of cyber for naval strategies, and touched on the composition and structure. Against this backdrop, what are the main opportunities for naval forces and policy makers moving forward with cyber?

AR: Well, there are many potential opportunities but there are three that I think are the most important and exciting.

The first is improved battlespace awareness. Cyber capabilities allow naval forces to have a better understanding of the environment in which they are operating and that is very very good for them.

The second is that cyberspace presents new opportunities for modelling and simulation to help naval forces prepare and train for warfighting.

And then third, as a new domain, cyberspace presents opportunities for cooperation with partner nations for developing, maintaining, and protecting a domain to ensure things like reliable access for allies and partners. And limiting the adversary’s maneuverability within the domain.

So, the domain is essentially a blank slate for cooperation within the international community. That provides some really exciting and interesting opportunities.

RH: Despite these improvements in the maritime domain, it is safe to say that you still remain skeptical of the numerous challenges that threaten naval security. Can you identify and describe some of the major threats? To either advanced technological navies or less advanced navies.

AR: Yes, and there are many challenges, but again I’ll pick the top three that I consider to be the most dangerous or the most important:

First, anti-access and area denial operations in cyberspace are the most significant challenge to the basic goals of naval forces: To retain freedom of maneuvering in cyberspace and deny freedom of action to the adversaries. Cyberspace is essential to naval operations so therefore; the protection of cyberspace is also essential. It doesn’t matter how new or fancy your ships are, if they don’t have the capabilities you need because you can’t access cyberspace. So, I think the most important challenge is, maintaining access to the domain.

The second is significant challenge for naval forces is that offense has the advantage. Threats in cyberspace develop faster than forces can protect against in many cases. The domain is constantly evolving, and innovation is happening so quickly that creating new systems, platforms, and tools occurs at a rapid pace. With the creation of new applications comes the opportunity for new vulnerabilities within the systems. Adversaries are constantly seeking new ways of attack or penetration of networks.

While defensive cyber operations have to work very hard to keep up with the constant onslaught of attacks, there are things like advanced persistent threats, APTs, that are these stealthy persistent attacks on a targeted computer system in order to continuously monitor and extract data. These are particularly problematic because they are so difficult to detect and could render significant damage. We just saw recently that a very prominent cyber security firm was actually targeted with the use APTs, which is very worrying given that they are a prominent cyber security firm. And in addition, the speed at which some cyber attacks can take place, the relatively low barriers on entry to cyberspace, and the potentially big impact of an attack provides a lot of incentive for attackers to keep trying. So, it’s difficult for defensive operations to keep up with them and innovate to protect against future attacks.

RH: I have to be honest Dr. Russell, based on our discussion and the litany of challenges, I’m more inclined to believe that navies will remain exposed to invisible torpedoes more so than physical ones. But hopefully the offensive actions and the various layers will become more resilient in defending and fighting them off. Undoubtedly, it has been an eye-opening podcast that has served to expand our collective assessment on the role of cyberspace and the implications for both naval strategy and security. As we sail off on another sea control series podcast Dr. Russell, do you have any operational takeaways for the listeners or the issues they should pay special attention to?

AR: Well, the rise of cyber capabilities of allies and adversaries such as precision targeting and long-range attacks on systems mean that navies will be simultaneously more connected and more vulnerable at sea than ever before. The modern Navy has so many capabilities that rely on cyberspace that it must not take access to cyberspace for granted. As our ships grow smarter and we invest more and more in the high-end capabilities that allow this unprecedented array of actions, let us not forget to simultaneously ensure that the cyber-connected systems are protected so that our new technology can be used effectively when it’s called upon.

Sun Tzu observed that it is best to win a war without fighting. If modern navies did not have access to cyberspace, it would be very difficult for them to fight. The goal of the navies in the future will be to retain freedom of maneuver and deny freedom of action to adversaries at sea. As well as in cyberspace.

RH: Dr. Russell, thank you again for taking the time to enlighten us on such a relevant and complicated issue.

If our listeners want to follow up in more detail on cyberspace and maritime strategy, or gain a better outlook on the general maritime domain, The Routledge Handbook of Naval Strategy and Security, edited by Sebastian Bruns and Joachim Krause, published in 2016 is an indispensable resource to have. Please check for more info on the book and other podcasts derived from the book.

With no shortage of maritime issues within the greater geopolitical landscape, I promise I will be back to keep CIMSEC listeners well-informed. From the Institute for Security Policy at Kiel University and its adjunct, the Center for Maritime Strategy and Security, I’m Roger Hilton saying farewell and auf wiedersehen.

Dr. Alison Russell is an Assistant Professor of Political Science and International Studies at Merrimack College.  The author of Cyber Blockades (Georgetown University Press, 2014), she worked for six years as a security analyst at the Center for Naval Analyses where she specialized in naval strategic planning. She holds a Ph.D. from the Fletcher School of Law and Diplomacy, an M.A. in International Relations from American University in Washington, D.C., and a B.A. in Political Science and French Literature from Boston College.

Roger Hilton is a nonresident academic fellow for the Institute for Security Policy at the University of Kiel.

Matthew Merighi is the Senior Producer for Sea Control. 

Why Are Our Ships Crashing? Competence, Overload, and Cyber Considerations

By Chris Demchak, Keith Patton, and Sam J. Tangredi

These are exclusively the personal views of the authors and do not necessarily reflect the views of the U.S. Naval War College or the Department of Defense.

Security researchers do not believe in coincidences. In the past few weeks, a very rare event – a U.S. Navy destroyer colliding fatally with a huge commercial vessel – happened twice in a short period of time. These incidents followed a collision involving a cruiser off Korea and the grounding of a minesweeper off the Philippines, and have now resulted in the relief of a senior Seventh Fleet admiral. Surface warfare officers (SWOs) look to weather, sensors, watchstanders, training requirements, leadership and regulations (COLREGS) as possible contributing factors to the collisions.  

Cyber security scholars, in contrast, first look to the underlying complex technologies trusted by the crew to determine the proper course of action. With the advancements in navigational technology, computer-aided decision making and digital connectivity, it is human nature that seafarers become more dependent on, as well as electronic aids for navigation and trusting the data the systems provide. While the U.S. Navy emphasizes verification of this data by visual and traditional navigation means, the reality is the social acceptance of the validity of electronic data is a feature of modern culture. The U.S. Navy, with an average age in the early 20s for sea-going sailors, is not immune from this effect. But what if the data is invalid or, as an extreme possibility, subject to outside manipulation?

In directing a pause for all warship crews (not currently conducting vital missions) during which to conduct assessments and additional training, the Chief of Naval Operations – Admiral John Richardson – was asked whether the Navy was considering cyber intrusion as a possible cause. The CNO responded that concerning cyberattack or intrusion, “the review will consider all possibilities.”

The truth could be that only mundane factors contributed to the accident, but as an intellectual thought experiment, what follows are explanations following the logic of open-source information. The first set of explanations will focus on the human in the loop to argue that the fundamental cause is likely human miscalculation rather than intentional distortion of data. The second explanation will focus on the criticality of accurate data provided to humans or their technologies. The pattern suggests a lack of ‘normalness’ as the ‘normal accidents’ of complex systems deeply integrated with cyber technologies – in frequency, locations, and effects. In the case of the destroyers, a credible case—based on analysis of land-based systems–could be made for a witting or unwitting insider introduction of malicious software into critical military navigation and steering systems. The conclusion will offer motivations for timing and targets, and some recommendations for the future.

Similarities in the Scenarios      

There are similarities in recent collisions. Both happened in darkness or semi-darkness. Both happened in shipping lanes in which literally hundreds of major ships pass per day, to say nothing of smaller ships and fishing vessels. Crew manning of both vessels approach 300 sailors, with approximately one-eighth of the crew on watch involved in controlling/steering, navigating, as lookouts, and operating propulsion machinery when the ship is at its lowest states of alertness, known as peacetime steaming. It is logical that both ships were at peacetime steaming at the time since they were not conducting military exercises. In contrast, when USS JOHN S. McCAIN conducted a freedom of navigation operation (FONOP) in the vicinity of the artificial islands China has created to buttress its territorial claims to the South China Sea on August 9, her crew was likely at high alert.

In looking for possible explanations, we have downloaded and examined readily available open-source data concerning the two recent collisions, including identified locations of the incidents, vessel characteristics, crew manning, weather, proximity to land, automatic identification system (AIS) ship tracks, and shipping density data. We have consulted with naval experts on ship handling and on the Sea of Japan and Strait of Malacca.

Collision avoidance on Navy vessels can be roughly cast into four elements, three technical and one human. On the bridge, the watchstanders have (1) the AIS system which relies on tracking ships that broadcast their identities, (2) the military radar systems linked into the ships combat systems, (3)the civilian radar and contact management systems, and (4) the eyes of sailors standing watch on lookout normally posted port, starboard, and aft on the vessel. All these systems are complementary and overlapping, but not exactly delivering the same information.  

The AIS system – in which merchant vessels transmit their identities and location data – is an open and voluntary system relying on GPS. In principle, keeping the AIS on is required for the 50 thousand plus commercial vessels over 500 GRT (gross registered tons). As of 2016, 87 percent of merchant shipping uses satellite navigation and 90 percent of the world’s trade is carried by sea. Nonetheless, ship captains can turn it off and travel without identifying themselves (at least until detected by other means). U.S. Navy vessels do not routinely transmit AIS but each bridge monitors the AIS of ships around them in addition to the military and civilian radar systems and the eyes of the sailors.

In quiet or tense times, the bridge watch and the Combat Information Center (CIC) teams of naval warships must synthesize this information and make sound decisions to avoid putting the ship into extremis. This is a continuous, round-the-clock requirement and a tough task for even the most skilled.

In this photo released by Japan’s 3rd Regional Coast Guard Headquarters, the damage of Philippine-registered container ship ACX Crystal is seen in the waters off Izu Peninsula, southwest of Tokyo, on June 17, 2017 after it had collided with the USS Fitzgerald. (Japan’s 3rd Regional Coast Guard Headquarters/AP)

In contrast, merchant ships such as the Alnic MC, a chemical tanker (which hit JOHN S. McCAIN) have tiny crews with great reliance on autopilot. Depending on the circumstances, possibly only three people would be on the watch as the ship’s commercial navigation autonomously follows the route that the captain set initially. One of the indications that the ACX Crystal, the cargo vessel colliding with the USS FITZGERALD, was on autopilot was its behavior after the collision. Having been temporarily bumped off its course by the collision, it corrected and resumed steaming on the original course for about 15 minutes before stopping and turning to return to the collision location. While nothing is yet published about what was happening on either bridge in the June FITZGERALD collision, one can surmise that it took 15 minutes for the small crew to realize what had happened, to wrest control back of the behemoth, and turn it around.    

Possible “Normal” Explanations

Flawed human decision-making

U.S. Navy warships maintain teams of watchstanders in order to mitigate the effects of a flawed decision being made by any one individual. Ultimately, one individual makes the final decision on what actions to take in an emergency—the Officer of the Deck (OOD) if the Commanding Officer is not available—but recommendations from the others are assumed to help in identifying flaws in precipitous decisions before they are actually made.

In contrast, in merchant ships with only two or three deck watchstanders, there is less of a possibility that flawed decision-making is identified before incorrect actions are taken. These actions can also be influenced by unrelated disorienting activities. Alcohol is not permitted on U.S. warships, abuse of drugs at any time is not countenanced, and U.S. naval personnel are subjected to random urinalysis as a means of enforcement. On a merchant ship these policies vary from owner to owner, and inebriation or decision-making under-the-influence has contributed to many past collisions.   

Common tragedy from fatigue in an inherently dangerous environment

Collisions at sea happen. U.S. warships have collided with other warships, including aircraft carriers and with civilian vessels. USS FRANK EVANS was cut in half and sunk in 1969 when it turned the wrong way and crossed the bow of an Australian aircraft carrier. In 2012 the USS PORTER, a destroyer of the same class as the FITZGERALD and McCAIN, was transiting the Strait of Hormuz. The PORTER maneuvered to port (left) to attempt to get around contacts ahead of it, passing the bow of one freighter astern and then was hit by a supertanker it had not seen because it was screened behind the first freighter. Many of the previous collisions involved a loss of situational awareness by an at-least-partly fatigued crew. It is hard to avoid such conditions in an inherently dangerous, around-the-clock operating environment.

Mechanical Failure

There has been no report of a problem with the FITZGERALD prior to her collision. The Navy, however, has acknowledged the MCCAIN suffered a steering casualty prior to the collision. While backup steering exists in the form of manual controls in aft steering or using differential propulsion to twist the ship in the absence of rudder control, such control methods are not as efficient as the normal controls. Additionally, there would be a brief delay in switching control unexpectedly or transmitting orders to aft steering. In normal conditions, this would not be serious. In a busy shipping lane, with the least hesitation due to shock at the unexpected requirement, the brief delay could be catastrophic.

Quality of training for ship handling by young Surface Warfare Officers (SWOs)

One can look at the U.S. Navy Institute Proceedings (the premier independent naval journal) and other literature to see signs these incidents may be symptoms of a larger issue involving the training of watchstanders. In March 2017, LT Brendan Cordial had a Proceedings article entitled “Too Many SWOs per Ship” that questioned both the quality and quantity of the ship handling experience that surface warfare officers (SWOs) received during their first tours. Later in a SWO’s career track, the focus of new department heads (DH) is tactical and technical knowledge of the ship’s weapons systems and ship’s combat capabilities, not necessarily basic ship handling. Ship handling skill are assumed. But such skills can atrophy while these officers are deployed on land or elsewhere, and individual ships have unique handling characteristics that must be learned anew.

In January 2017, CAPT John Cordle (ret.) wrote an article for Proceedings titled “We Can Prevent Surface Mishaps” and called into question the modern SWO culture. Peacetime accident investigations rarely produce dramatic new lessons. They simply highlight past lessons. Errors in judgment, lapses in coordination, task saturation, fatigue, a small error cascading into a tragedy. Those who have stood the watch on the bridge or in the CIC read them, and frequently think, “There, but for the grace of God, go I.” However, unlike in the aviation community, near misses and accidents that almost happened were not publicly dissected and disseminated to other commands. Officers have always known how easy it is to be relieved for minor mishaps, but they do not have the community discussion of all those that nearly happened to learn vicariously from the experiences.

Pace of forward operations – especially for the MCCAIN after the FITZGERALD event

Both destroyers are homeported in Yokosuka, Japan, the headquarters of the U.S. Seventh Fleet. While only the line of duty investigation has been released for the FITZGERALD collision, one can assume that the officers and crew of the McCAIN would have heard some of the inside details from their squadron mate. Logically the CO of McCAIN would be doubly focused on the safe operation of his ship as he approached the highly congested traffic separation scheme (TSS) in the straits of Malacca and approach to Singapore harbor. But the loss of one of only seven similar and critical ships in a highly contested environment would almost certainly increased the tempo and demands on the MCCAIN as it attempted to move into the Singapore harbor just before sunrise.

In this case, tempo should have been accommodated adequately. While technology is a key component of U.S. warships, it is only one of many tools. Lookouts scan the horizon and report contacts to the bridge and CIC watch teams. The officer of the deck (OOD) uses their professional skills and seaman’s eye to judge the situation. If in doubt, they can, and should, call the Captain. Indeed, close contacts are required to be reported to the Captain. The bridge and CIC have redundant feeds to display contacts detected by radar, sonar, or AIS. The computer can perform target motion analysis, but crews are still trained to manually calculate closest points of approach and recommend courses to avoid contacts via maneuvering boards (MOBOARDs). This is done both on the bridge and in the CIC so even if one watch misses something critical, the other can catch it. When ships enter densely trafficked areas, additional specially qualified watchstanders are called up to augment the standard watch teams. Yet, it is possible that—under the theory of “normal” accidents—somewhere in this multiply redundant sensor system, misread or misheard information led to the human equivalent of the “telephone game” and the wrong choice was dictated to the helm.

But along with the “normal” explanations, the possibility of cyber or other intentional distortion of critical data does remain a possibility.

Cyber Misleads and Mis-function

If one argues that neither the Navy nor commercial crews were inebriated or otherwise neglectful, accepts that the weather and visibility were good for the time of day with crew in less stressful routine sailing postures, finds serendipitous mechanical failure of severe navigational significance on both ships difficult to accept as merely normal accidents, and questions if tempo distraction alone could explain both events, then – as Sherlock would say – the impossible could be possible. It is worth laying out using unclassified knowledge how cyber intrusions could have been used to cause warships to have collisions. This is not to say the collisions could not have multiple sources. But for the purposes of this thought experiment, however, this section will focus on cyber explanations.

Cyber affects outcomes because it is now a near universal substrate to all key societal and shipboard functions. Either cyber errors mislead humans, or its digitized operations malfunction in process, action, or effect, or both while buried inside the complex systems. To make this point, one of the two major classes of cyber assaults – the distributed denial of service (DDOS) – works by using what the computer wants to do anyway – answer queries – and simply massively overloads it into paralysis. It has been shown in a number of experiments that large mechanical systems integrated with electronics can be remotely made to overload, overheat, or vibrate erratically into breakdown by hackers or embedded malware. In several reports, the McCAIN may have suffered failures in both its main steering system (highly digitized) and its backup systems (more mechanical). Less information has been released on the earlier collision between the FITZGERALD and the ACX Crystal cargo ship so steering issues there cannot be known at this time.

However, that the two collisions involved large commercial ships with similar crews and technologies, and that two U.S. Navy vessels were sister ships close in age and technologies suggests commonalities that could be more easily exploited by adversaries using cyber means rather than humans. In particular, commonly shared logistics or non-weapon systems such as navigation are more likely to have vulnerabilities in their life cycles or embedded, routinized processes that are less sought by – or discernible to – the standard security reviews.

In a complex socio-technical-economic system like that involved in both circumstances, the one-off rogue event is likely the normal accident – i.e., the FITZGERALD incident. But too many common elements are present in the McCAIN event to suggest a second, simply rogue outcome. Hence, it is necessary to explore the three possible avenues by which the navigation could have been hacked without it being obvious to the U.S. Navy commander or crew in advance.

First, external signals (GPS, AIS) can be spoofed to feed both navigation systems with erroneous information for any number of reasons including adversary experimentation. Second, the civilian contact management systems on the civilian or military bridge (or both) could be hacked in ways either serendipitously or remotely engineered to feed erroneous data. Third, insider-enabled hacks of one or both of the destroyer’s combat systems could have occurred in the shared home port of Yokosuka to enable distortion of sensors or responses under a range of possible circumstances.

Spoofing GPS inputs to navigation

It does not take much technical expertise to spoof or distort GPS signals because the GPS system itself is sensitive to disruptions. The 2016 removal of one old satellite from service caused a 13.7 microsecond timing error that occurred across half of the 30-odd GPS satellites, causing failures and faults around the world in various industries. Anything that can be coded can be corrupted, even inadvertently. Anything so critical globally which does not have enforced, routine, and rigorous external validity tests, defenses, and corrective actions, however, is even more likely to attract the hacks from both state and nonstate actors.

Major national adversaries today have indicated interest in having the capability to arrange GPS distortions. With their already large domestic units of state-sponsored hackers, the Chinese, Russians, and North Koreans have already sought such capabilities as protections against the accuracy of largely U.S. missile guidance systems. Hacking GPS has been reported for some years, and while some efforts to harden the system have been pursued, spoofing mechanisms located on land in tight transit areas or even on other complicit or compromised vessels could mislead the autopilot. The website Maritime Executive reported mass GPS spoofing in June 2017 in the Black Sea, impacting a score of civilian vessels and putatively emanating from Russian sources most likely on land nearby.

However, it does not have to be a matter of state decision to go to war to have this kind of meddling with key navigation systems, especially if land or many other vessels are nearby. In a cybered conflict world, state-sponsored or freelance hackers would be interested in trying to see what happens just because they can. Not quite a perfect murder because of the external sources of data, however, the spoofed or spoiled data would provide misleading locations in real time to autopilot software. Vessels and their bridge would operate normally in their steering functions with bad data. They go aground or collide. So might airplanes. And the distorted signals could then stop, allowing normal GPS signals to resume and indicate that something went wrong in navigation choices but not in time to stop the collision or with the attribution trace necessary to know by whose hand.

In these two cases, the DDG FITZGERALD looks like it failed to give way to the ACX Crystal which appears by the tracking data to have been on autopilot. If the ACX Crystal’s navigation was operating on false data, and the equivalent civilian system on the U.S. ship was as well, then the watch team of the FITZGERALD would have had at least two other sources conflicting with the spoofed information – the military systems and the eyes of the sailors on watch. For the moment assume no deliberate hack of the military systems, its radars are correctly functioning, and the alert sailors have 20-20 vision, then the watch team of the FITZGERALD clearly miscalculated by believing the civilian system. Or, the overlap in relying on GPS is so profound that the military system was also fooled and the human eyes overruled. In that case, the FITZGERALD watch team trusted the civilian system over other inputs.

AIS data map of course of container ship MV ACX Crystal around the time of collision with USS Fitzgerald near Japan on June 16, 2017. (Wikimedia Commons/

In the McCAIN case, if one assumes all the same conditions, the Navy ship had the right of way and the oil tanker plowed into it. Presumably the tanker autopilot – if it was on as one could reasonably assume – was coded to stop, divert, warn, and otherwise sound the alarm if it sees another ship in its path. Presumably, its code also embeds the right of way rules in the autopilot’s decision-making. A convincing GPS spoof could, of course, persuade the autopilot navigation that it is not where it was, thereby seeing more time and space between it and the Navy ship.  

Hacking civilian navigation radars shared by all vessels

According to experts, commercial navigation systems are remarkably easy to hack quite apart from GPS spoofing. The cybersecurity of these bridge systems against deliberate manipulation has long been neglected. In the same unenforced vein as the voluntary identification requirement of AIS, the global maritime shipping industry has relied on requirements by maritime insurance companies and specific port regulations to control individual shipping firms’ choices in vessels technologies (and level of compliance). Myriad reports in recent years discuss the increasing sophistication of sea pirates in hacking commercial shipping systems to locate ships, cherry pick what cargo to go acquire, show up, take it, and vanish before anything can be done. That is more efficient than the old brute force taking of random ships for ransom.

In addition, shipping systems tend to be older and receive less maintenance – including time-critical patches – more likely to be scheduled with infrequent overall ship maintenance in port. In the recent “Wannacry” ransom-ware global event, the major shipping company Maersk – profoundly and expensively hit – reported its key systems used WIN XP unpatched and unsupported by Microsoft. Hacking groups are also targeting ports and their systems as well.

If systems are compromised, hacks could have opened back doors to external controllers or at least inputs when the commercial ship crossed into locations close enough to land or adversary-compromised surface or submerged vessels. Then the misleading inputs could be more closely controlled to be present when U.S. vessels have been observed to be traveling nearby or are in a particular position. Navy vessels may not transmit AIS, but they are detectable on radar as ships. A radar contact without an AIS identity could be a trigger for the malware to at least become interested in the unidentified vessel, perhaps sending pre-arranged signals to remote controllers to track and then wait for instructions or updates. The autopilot would then act on the inputs unaware of the distortion.

An interesting aspect of corrupting code is that exchanging data across commercial systems alone can provide a path for corrupted code to attempt to install itself on both ends of the data exchange. Stuxnet traveled through printer connections to systems otherwise not on any internet-enabled networks. If the civilian navigation systems are proprietary – and that is likely the case on commercial ships – then it is likely that the U.S. vessels’ bridges also have ‘hardened’ COTS civilian systems whose internal software and hardware are proprietary. That means a hack successful on the commercial side could open an opportunity to hack a similar or targeted civilian system that happens to be found on a U.S. Navy vessel. Furthermore, it is possible the two systems share vulnerabilities and/or have exchanges that are not visible to external observers.

Navy IT security on vessels might also regard the civilian proprietary systems as less a threat because they are not connected to internal military systems. They presumably are standalone and considered merely an additional navigation input along more trusted and hardened military systems. The commercial systems are (ironically) also less likely to be closely scrutinized internally, because that would mean the U.S. Navy is violating contractual rules regarding proprietary commercial equipment. Outside of war – in which such holds are likely to be ignored in crises – there is little incentive to violate those proprietary rules.

One can conceive of a Navy bridge hosting a commercial navigation system that at some point along its journey is compromised with nothing to indicate that compromise or the triggering of the software now interwoven with the legitimate firmware inside the equipment. By happenstance, the Navy vessel comes in to the vicinity of an appropriately compromised large commercial vessel. At that point, the adversary hackers might receive a message from the commercial vessel to indicate the contact and have the option to distort the navigation inputs to help the commercial vessel’s autopilot plow into the warship.

Of course the adversary is helped if the Navy equipment is also hacked and, perhaps, the vessel loses its digitized steering right before the impact.

Hacking U.S. Navy military navigation systems

Remotely accessing and then changing the triggers and sensors of military systems – if possible – would be very hard given the Navy’s efforts in recent years. That possibility is tough to evaluate because the open source knowledge regarding such systems is likely to be third party information on proprietary subordinate systems at least five or six years old – or much more. Both major U.S. adversaries in Asia – North Korea and China – already show propensities for long-term cyber campaigns to remotely gain access and infiltrate or exfiltrate data over time from all military systems, including shipborne navigation. We deem this less likely simply because this is where the cybersecurity focus of the Navy and DOD already is.

However, the history of poorly-coded embedded systems, lightweight or incompetent maintenance, and deep cyber security insensitivity of third party IT capital goods corporations is appalling across a myriad of industry supply chains, even without the national security implications well-known today. While commercial vessels could be hacked remotely, a more likely avenue for entry in Navy systems would be through these corrupted supply chains of third parties, shoddily constructed software, or compromised contractors creating or maintaining the ship’s navigation and related systems. Using insiders would be especially easier than remotely hacking inside when the vessels were in a trusted harbor nestled inside a long-term ally such as Japan. Using insiders to access the systems during routine activities would be less likely to be detected quickly, especially if the effects would not be triggered or felt until particular circumstances far from port and underway.

An especially oblivious contractor engaged in using specialized and proprietary software to patch, check, or upgrade equipment could inadvertently use compromised testing or patching tools to compromise the vessel’s equipment. For example, a Russian engineer carrying in a compromised USB stick was reportedly the originating source of the Stuxnet malware in Iran – whether he was witting or unwitting is unknown. The actions would have been the same. Furthermore, Navy systems are built by contractors with clearances of course, but the systems would have deeply buried and often proprietary inner operating code. Corrupted lines of code could rest inactive for some time, or be installed in the last minute, to lie dormant during most of the deployment until triggered. None would visibly display any corruption until the programmed conditions or triggers are present.

In hacked systems, triggers are really hard to discern in advance. In part, the skill of the adversary deftly obscures them, but also the objectives of adversaries can vary from the classic “act on command of national superiors,” to “see how far we can get and how,” to pure whimsy. With no real personal costs likely for any of these motives, the game is defined by the skill, patience, and will of the adversary, especially when proprietary commercial code is involved. While it is safer in terms of attribution for hackers to have more automatic triggers such as those used in the Stuxnet software, the action triggers do not have to be automatic. In navigation systems, data is exchanged constantly. Conceivably there can be a call out and return buried in massive flows of data.

Without extensive AI and rather advanced systems management, how massive data flows are monitored can vary widely. While it is more and more common to secure a system’s outgoing as well as incoming communication, a multitude of systems that are not particularly dated have been shown to allow rather subtle communications to go on for some time without any event or external revelation. One can imagine code calling home or acting autonomously when triggered by something as mundane as a sensor noting the presence of a large commercial cargo ship within X nautical miles, moving in Y direction, and responding to encrypted queries from its own navigation system. Highly skilled botnet masters are able to detect anomalies across thousands of infected computers and, in a pinch, de-install huge botnets in minutes. It is not difficult to imagine something buried in these otherwise secured systems, especially if the adversary is willing to wait and see when it would be useful. For North Korea, the latest ratcheting of tensions between the Hermit dictatorship and the U.S. could easily provide a reason.

Hacking seems more of a possibility when considering how both destroyers failed to navigate under circumstances that were, to most accounts, not that challenging. It is possible that the first such event – the FITZGERALD collision – was a rogue event, the kind of complex system surprise that routinely but rarely emerges. What is less likely is that a similar ship in broadly similar circumstances shortly thereafter proceeds to have a similar event. Exquisitely suspicious are the reports of the failure of the steering system and possibly its backups on McCAIN, though not on the FITZGERALD. That effect is not spoofed GPS or hacked civilian systems, and it would take much more reach of the malware to achieve. In keeping with the presumption here that a successful insider hack occurred on both ships and the malware was waiting for a trigger, the lack of steering failure (at least no reports of it) on the FITZGERALD could also mean the malware or external controller was smart enough to know collision did not need additional failures to ensure damage. The ship was already in the wrong place having failed to cede right of way. Holding fire like that would be desired and expresses sophistication. Typical technique in cybered conflict is deception in tools; adversaries do not burn their embedded hacks unless necessary. Once shown, the cyber mis-function becomes unusable again against an alert and skilled opponent such as the U.S. Navy.

Furthermore, the Aegis destroyers – of which both Navy vessels are – suffer from a rather massive knowledge asymmetry with a major adversary. At some point in the early to mid 2000s, the Chinese stole the entire design of the AEGIS systems on which the Navy spent billions across contractors and subcontractors. While built to roughly the same specifications as a class of ships, each vessel reflects the upgrades and systemic changes of its particular era, with the older 1990s ships like the FITZGERALD and McCAIN having more patches and bolt-ons than the newer versions of the ship. Fundamental ship elements are hardwired into the vessel and hard to upgrade, while more modular and likely proprietary modern systems are plugged in and pulled out as time goes on. The adversary who stole those comprehensive plans would know more about the older AEGIS ships than they would about the ships completed after the plans were stolen and newer systems used in the installs. Anyone who has ever faced the daunting prospect of rewiring a large house knows by ugly personal experience that the new wiring is forced to work around the existing layout and limitations. Ships are even more rigid and, quite often, the more critical the system, the less flexibly it can be changed.

Thus, vulnerabilities built into the highly complex earlier AEGIS systems would be both known to the thieves after some years of study and perhaps covert testing on other nations’ AEGIS systems, and be very hard to definitively fix by the Navy itself, especially if the service is not looking for the vulnerabilities. Unnerving, but not inconceivable, is the failure of the digitized steering system on the McCAIN – if it happened. Exceptionally telling, however, is the presumably near-simultaneously loss of backup systems. If the steering and contact management systems were compromised, steering could be made to fail at just the right time to force a collision. A good insider would be needed to ensure both, but only an adversary with considerable engineering design knowledge could reliably hazard a successful guess about how to disable the more likely mechanical backup systems. The adversary to whom the original AEGIS theft is attributed – China – is known to be very patient before using the material it has acquired.

Both Civilian and Military Systems

Why not put hacks on both systems? Commercial vessels are easier and could be left in place for some time pending being used and, in the meantime, slowly embedding Trojans via maintenance in port or third party access to remove and replace proprietary boxes or upgrades in software. Preparation of the cyber battlefield occurs – as does the ‘battle’ – in peacetime well before anything or anyone is blown up. China and North Korea have thousands of personnel on the offensive and value extraction cyber payroll. Careers could easily be made by such coups of installing such software as potential tools and have them still in place ready to be used months or years later.

Furthermore, Westerners are routinely afflicted with the rationality disease of believing that all actions – especially if adversaries are suspected – must be intentionally strategic and logically justifiable. Otherwise, why would the adversary bother? There is also a tendency to underestimate the comprehensive approach of most adversaries working against the U.S. Silence does not mean compliance or concession on the part of adversaries, especially not China or North Korea. Installing access points or triggers on all possible systems within one’s grasp is a basic long-term campaign strategy. Even now, when a major hack of a large corporation or agency is found, it has often been in place for years.

Motives for the Collisions

Timing may be serendipitous, but at least one adversary – North Korea – has already sunk a naval vessel of a U.S. ally, South Korea, with no public punishment. Certainly, North Korea has been loudly threatening the U.S. in the region and has cyber assets capable of what has been described above. However, one difficulty in determining culpability is that, while China is an ally of North Korea, neither will readily share information so valuable as the AEGIS design plans or even what each other may have hacked. One can readily ascribe eagerness to hurt the U.S. physically to North Korea, but attributing the same motivation to China at this point is problematic.  

There are other possibilities, however. Both nations – like most nations – are led by individuals with little technical comprehension. In particular and most unfortunately, in a world of ubiquitous cybered conflict where ‘just because one can’ or ‘just to see what could happen’ operates equally well as a motivation, adversary states with a large army of hackers and technically ignorant superiors could easily have their own cyber wizards working in ways their superiors can neither discern nor realistically curtail. In this vein the McCAIN case (and possible FITZGERALD), these over eager technically skilled subordinates could have gotten quite lucky.

Why a DDG that happens to be sailing around Japan? Why one near Singapore? Why now? Well, “why not” is as good a reason, especially if the U.S. Navy publicly fires the ships’ leadership and declares the incidents over. In that case there are no consequences for adversaries. Perhaps the FITZGERALD was the rogue event, but—following that—the N.K. leaders then asked their wizards to take out another as signaling or retribution for recent U.S. “insults.” That motivation has some persuasive aspects: no publically apparent risks; a nifty experiment to see what can be done if needed in larger scale; and the public turmoil alone puts North Korea with a smug secret while the U.S. twists trying to figure it out. Cyber offensive capabilities in the hands of technically incompetent leaders have serious implications for misuse and, critically, inadvertent outcomes that are strategically more comprehensive and potentially destabilizing than ever intended.

Implications for the Navy

If it is leadership that failed in both cases, the Navy has a long history of responding and clearing out the incompetence. If it is cyber that undercut that leadership and killed sailors, the Navy has an uphill battle to definitively establish all the avenues by which it could have and did occur, including fully recognizing the multiple sources of such deliberately induced failure. The literature on complex large-scale system surprise and resilience offers means of preventing multisource failures in socio-technical systems. However, these means may not be compatible with current Naval thought and organization. The literature recommends parsing larger systems into self-sufficient and varying wholes that are embedded with redundancy in knowledge (not replication or standardization), slack in time (ability to buffer from inputs routinely), and constant trial and error learning. Trial and error learning is particularly hard because it routinely involves violations of current practices.

The current organization of the U.S. military seems incompatible with the concept of easily decomposable units engaging and disengaging as needed in collective sense-making. Neither can it accept constant systems adjustments, pre-coordinated but dynamically flexed rapid mitigation and innovation, and whole systems discovery trial and error learning. The truth is that in the cybered world, nothing can be trusted if it is not reliably verified by multiple, independent, and alternative sources of expertise. USS FITZGERALD did not discern its error and correct fast enough to avoid being in the wrong place at the wrong time. The McCAIN may have trusted its right of way entitlement too long, or made a traffic avoidance maneuver and suffered a steering casualty at the worst possible moment. Or perhaps both ships encountered something unexpected: a commercial ship operating on corrupted code. In the future, we should expect that any merchant ship controlled by digital information technology can be hacked.

This is a new idea for the Navy, that merchant shipping can be used as proxies for adversary intentions. With over 50,000 of such large vessels sailing around and next to U.S. ships all over the world, the adversary’s tools of coercion would be both effective and effectively obscured to visual or other indicators of malice. The world of cybered conflict is deeply riven with deception in tools and opaqueness in origins, and now it is clearly on the seas as well. Even if the Navy rules that both incidents were simply bad shiphandling, adversaries have already seen the great impact that can be had by making relatively fewer Navy ships collide with big, dumb, large commercial vessels. Even if cyber did not play the deciding role in these events, there is every reason to assume it will in the future. Just because they can try, they will.

Dr. Chris C. Demchak is the Rear Admiral Grace Murray Hopper Professor of Cybersecurity and Director of the Center for Cyber Conflict Studies, Strategic and Operational Research Department, Center for Naval Warfare Studies, U.S. Naval War College.

Commander Keith “Powder” Patton, USN, is a naval aviator and the former Deputy Director of the Strategic and Operational Research Department, Center for Naval Warfare Studies, U.S. Naval War College.

Dr. Sam J. Tangredi is professor of national, naval and maritime strategy and director of the Institute for Future Warfare Studies, Strategic and Operational Research Department, Center for Naval Warfare Studies, U.S. Naval War College.

Featured Image: Damage is seen on the guided missile destroyer USS Fitzgerald off Japan’s coast, after it collided with a Philippine-flagged container ship, on June 17, 2017 (AFP)