Tag: Malware

The collision of the USS John McCain (naval destroyer) and an oil tanker near Singapore is the recent incident in a series of four naval mishaps in 2017 alone that have plagued the U.S. Navy.  Ten U.S. sailors were initially lost at sea, some whose bodies have since been recovered.

USS_John_S._McCain_(DDG-56) after the collision

 

Are all incidents connected?

There has been much speculation as the cause of the latest accident, with some believing more than “human error” to be the root of the issue.  The other three incidents included the USS Antietam (guided missile cruiser) running aground of the coast of Japan in January, the collision of the USS Champlain (cruiser) and a South Korean fishing vessel, and the crash between the USS Fitzgerald (destroyer) and a container ship in June.  All of the vessels are part of the U.S. Pacific Fleet, and three of them are part of the U.S. 7th Fleet, the largest of the U.S. Navy’s forward-deployed fleets.  Cruisers and destroyers carry theater ballistic missile interceptors, long-range Tomahawk land attack missiles, and anti-aircraft missiles.

Could Cyber be the cause?

While the cause remains unknown at this time, there is strong speculation that cyber malfeasance may have been the catalyst.  One top U.S. Navy admiral tweeted that the Navy will conduct a thorough investigation, including a review into the possibility of “cyber intrusion or sabotage.”  Indeed in the USS Fitzgerald incident, there is strong suspicion that hostile cyber attack may have prevented the radars and systems in place from identifying the other ship.  As one news source pointed out, under standard protocol, the Fitzgerald’s captain should have been awakened and summoned to the bridge to assure a safe passage long before the ships could come near each other.

Maritime cyber security concerns have garnered attention as of late. In June 2016

 

Cyber threats to Global Shipping

Danish shipping giant Maersk was victimized by the global Petya cyberattack outages, which impacted container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers.  Damage estimates have ranged from USD $200-$300 million to the company. The Maritime Safety Committee of the International Maritime Organization adopted a resolution that established guidelines for cyber risk management for commercial shipping sector.   In another incident, pirates broke into a shipping firms computer systems, allowing them to see which vessels were transporting the cargo they wanted to seize.

Are military vessels at risk too?

While this issue has mostly focused on civilian vessels, the events plaguing the U.S. Navy demonstrate how military naval assets can potentially be targeted by malfeasant actors, particularly those supporting a nation state’s interests.  Stealthy espionage operations have been traditionally leveraged by these actors seeking to steal information, maintain access, and generally monitor target systems.  However, the 2010 Stuxnet and a series of wiper malware incidents have revealed how suspected state actors can become more destructive in cyberspace if their intent changes from spying to punishing.

 

There is some evidence that some nation-states have been experimenting with the targeting of naval vessels via the digital domain.  According to a June 2017 report from a security company, 20 ships near the Russian Black Sea coast indicated that their Global Positioning System (GPS) location to be inland at Gelendzhyk Airport.  Such GPS anomalies can certainly be interpreted as Russia testing security measures and its capabilities by spoofing GPS that could be leveraged against opposing targets in the event of a military conflict (It should be noted that the U.S. military uses encrypted signals for geolocation of vessels, rather than commercial GPS).

Conclusion

Regardless if these series of incidents were coincidences or the result of purposeful targeting, it potentially demonstrates how valuable military assets can be targeted in the cyber domain.  Effective cyber attacks do not necessarily have to be ones that seek to destroy or even disrupt the function of information systems.  Disinformation and deception are useful tools that when operationalized properly can create specific effects. If surreptitious access can be obtained, manipulating data rather than erasing it can prove more advantageous.  The clandestine nature of such attacks and the timing of their execution not only accomplish intended objectives, but provide a level of obfuscation and plausible deniability for the attackers.

 

A more thorough investigation of the USS John McCain will hopefully yield findings that will determine the cause of the tragedy.  But the fact that maritime vessels – including those of the U.S. Navy – are on hostile actors’ target lists cannot be understated.  With 320,000 active duty personnel and 274 ships (of which more than 20 percent are deployed across the world at one time), ensuring the integrity of systems and logistics is crucial to the success of its mission.  Acknowledging its security situation and where there needs to be improvements is a step in the right direction but there needs to be a comprehensive strategy from the top down to start to address these existing shortcomings before they become a real problem.  If they haven’t already.

 

This is a guest post written by Emilio Iasiello.