Photo: U.S. Coast Guard
By Stas Margaronis
The U.S. Coast Guard warned of a “significant cyber incident” on one ship that “exposes potential vulnerabilities on board commercial vessels” and reported on a second incident in which “unknown interference” impacted a U.S. flag vessel. Both incidents occurred in 2019:
- A February “significant cyber incident” with a vessel bound for the Port of New York and New Jersey.
- A report of “unknown Interference” occurred on July 16th in which the Master of a U.S. flagged vessel entering the Port of Shanghai “suspects GPS signal jamming.”
At the same time, the U.S. Maritime Administration is warning about jamming of navigational systems for vessels accessing the Persian Gulf: “Heightened military activity and increased political tensions in this region continue to pose serious threats to commercial vessels…Vessels operating in the Persian Gulf, Strait of Hormuz, and Gulf of Oman may also encounter GPS interference, bridge-to-bridge communications spoofing, and/or other communications jamming with little to no warning.”[1]
Three experts said that the antidote to electronic jamming is to reduce dependency on electronics-based navigational aids and increase the use of more traditional methods including: 1) visual bearings 2) using sextants and clocks to determine latitude and longitude 3) dead-reckoning of positioning based on these traditional methods 4) increase traditional navigational education and training 5) enhance U.S. Coast Guard license requirements so that mariners demonstrate proficiency in plotting courses without electronic aids.
The two U.S. Coast Guard reports are summarized below:
- The July 8thS. Coast Guard issued a ‘Marine Safety Alert’ noting: “In February 2019, a deep draft vessel on an international voyage bound for the Port of New York and New Jersey reported that they were experiencing a significant cyber incident impacting their shipboard network. An interagency team of cyber experts, led by the Coast Guard, responded and conducted an analysis of the vessel’s network and essential control systems. The team concluded that although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted. Nevertheless, the interagency response found that the vessel was operating without effective cybersecurity measures in place, exposing critical vessel control systems to significant vulnerabilities.” [2]
- On July 16th, 2019 the U.S. Coast Guard reported that there was GPS interference with a U.S. flag vessel entering the Port of Shanghai: “Upon arriving to dock in Shanghai, a U.S. flagged MV master checked ECDIS (Electronic Chart Display and Information Systems) at the AIS (Automatic Identification Systems) to see if their berth was clear.[3] Another ship on the berth appeared to be in the channel making 7 knots (kts) speed over ground (SOG), but then disappeared from AIS. A few minutes later she was back and at the dock, then underway again, 5 kts , 2 kts, 0 kts, in the channel, then back at the dock, then gone. This pattern repeated multiple times. It turned out the other ship was actually all fast the entire time. Later, while the MV was turning in the river off the same berth, both GPS units lost their signals, no position, no SOG, multiple alarms on various integrated equipment. The GPS signal would come back for a minute and then be lost again. This continued to the dock and has continued. The GMDSS (Global Maritime Distress and Safety System) GPS is experiencing the same thing. Master suspects GPS signal jamming is occurring at this berth. Vessel checked all antennae connections – all connections are secured and dry. There have been no other issues with these units.” [4]
The U.S. Coast Guard Navigation Center (NAVCEN) noted: “The GPS Operations Center reviewed the GPS Constellation and Control Segment, there are no known anomalies that might affect GPS signal integrity at the time and vicinity of the reported problem. Space weather was reviewed and found unlikely to have impacted GPS performance. There were no authorized GPS tests in the area. No correlating reports from other users or interagency partners.”[5]
After listening to the Coast Guard report from the Master over the telephone, Captain Glenn Kovary, a retired captain with American President Lines, told AJOT that standard procedure would be for the Master to call the ship’s agent to see if the berth was free or have the Shanghai harbor pilot call to find out the status of the berth: “If you get too dependent on the electronics you forget that the best approach is to look out the window and make visual bearings of where you are, support it with radar if necessary and if you’re entering port and still need help, pick up the phone and ask for help. Shanghai is a very busy port and there may have been legitimate reasons for the interference or maybe not.”
In terms of cyber-attacks against vessels electronics systems, the U.S. Coast Guard recommends that vessel owners and operators take the following measures to improve cybersecurity:
- Segment Networks: “Segment your networks into ‘subnetworks’ to make it harder for an adversary to gain access to essential systems and equipment.
- Per-user Profiles & Passwords: “Eliminate the use of generic log-in credentials for multiple personnel. Create network profiles for each employee…”
- Be Wary of External Media: “This incident revealed that it is common practice for cargo data to be transferred at the pier, via USB drive. Those USB drives were routinely plugged directly into the ship’s computers without prior scanning for malware. It is critical that any external media is scanned for malware on a standalone system before being plugged into any shipboard network. Never run executable media from an untrusted source.”
- Install Basic Antivirus Software:” Basic cyber hygiene can stop incidents before they impact operations. Install and routinely update basic antivirus software.”
- Don’t Forget to Patch:” Vulnerabilities impacting operating systems and applications are constantly changing – patching is critical to effective cybersecurity.”[6]
In terms of possible GPS interference with the U.S. flag vessel in Shanghai, the U.S. Coast Guard concluded that there was: “Unknown Interference.”[7]
2017 Black Sea ‘Spoofing’ Impacts Over 20 Vessels
In 2017, the Norwegian broadcaster NPRK reported that “On 22 June, a ship in the Black Sea sent a report to the US Coast Guard indicating anomalies in the GPS system. The ship’s navigation system reported that it was on land, close to an airport in the Russian city of Gelendzhik. A couple of days later, over 20 ships gave similar reports in the same area.”
The broadcaster said it “has gotten access to all marine traffic in this area between 22 and 24 June (2017) ….and we’ve identified 24 vessels who were affected by the spoofing attack. We have contacted several of the vessels. Two of them told us they know about the incident but did not want to comment further. Both of these ships are owned by Russian entities.”[8]
University of Texas Team ‘Spoofs’ A Yacht
In 2013, a University of Texas at Austin team reported it: “Successfully Spoofed an $80 million Yacht at Sea.” The report noted:
“Led by assistant professor Todd Humphreys of the Department of Aerospace Engineering… the team was able to successfully spoof an $80 million private yacht using the world’s first openly acknowledged GPS spoofing device. Spoofing is a technique that creates false civil GPS signals to gain control of a vessel’s GPS receivers. The purpose of the experiment was to measure the difficulty of carrying out a spoofing attack at sea and to determine how easily sensors in the ship’s command room could identify the threat…
‘With 90 percent of the world’s freight moving across the seas and a great deal of the world’s human transportation going across the skies, we have to gain a better understanding of the broader implications of GPS spoofing,’ Humphreys said. ‘I didn’t know, until we performed this experiment, just how possible it is to spoof a marine vessel and how difficult it is to detect this attack.’”[9]
Back To Navigational Basics?
Dr. Isidore Margaronis, a retired London-based ship manager, believes that the best antidote to cyber-attacks and attacks on ship’s navigational systems is more emphasis on traditional navigation methods including the use of sextants, visual fixes, and being more aware of the vessel’s exterior surroundings: “There is a tendency to be overly reliant on GPS and on screens when for centuries mariners navigated around the world using chronometers, sextants, and dead reckoning.”
He noted that: “Technology such as GPS is extremely helpful but as we have seen in some recent incidents there can be interference problems. There needs to be more emphasis on applying the traditional methods on a regular basis, both to double check and to maintain proficiency. Dead reckoning has been used for centuries and it continues to be a viable navigational method. When a vessel is entering port there are a number of visual fixes that can be deployed to determine position. This is more complicated at night or during bad weather when there is a need to use radar to supplement position.”
Captain Laura Kovary, a retired mariner, former instructor at the California Maritime Academy, Vallejo, CA and an instructor at the Maritime & Environmental Training Institute in San Pedro, CA also believes there is too much reliance on electronics: “I am concerned that younger people have been encouraged to rely too much on electronics and these interference incidents are a wake-up call for why that’s not always a good idea.”
She warns her students that: “whenever they are within sight of land, visual bearings should be taken to check their position. Visual bearings are more accurate than electronic bearings and a prudent mariner should never rely solely on radar and GPS, unless visibility or distance from land preclude a crosscheck. We have seen in recent incidents of interference that electronic systems can be hacked, which makes it imperative for bridge officers to utilize whatever means available to confirm the ship’s position.”
Captain Glenn Kovary, Captain Laura Kovary’s brother, echoed these concerns: “The best way of fixing your position entering and leaving port is making visual bearings. However, you need to be able to have the mathematics capabilities to make the necessary calculations. Unfortunately, we are not getting the caliber of mariner who can always be relied upon to do the job right. We are losing the mentors who would train the younger people going out to sea. I suspect this is one reason for the growing number of collisions at sea…. The Coast Guard could help here by requiring better math and navigational skills before you get your license…Part of the problem is due to the outsourcing of more and more ships and jobs to foreign flags and the move by carriers to pay their crews less which doesn’t attract the high caliber person to go to sea… The result is that companies are moving toward the development of autonomous ships to the eliminate human factor.”
Captain Laura Kovary worries about prospect of autonomous ships. She has serious concerns regarding electronic hijacking of autonomous ships: “Without human decision-making abilities on the bridge of a ship, the potential for electronic interference becomes even more of a danger to global shipping with regard to navigation, collision avoidance, and piracy.”
[2] https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/INV/Alerts/0619.pdf
[3] Automatic Identification System. The automatic identification system (AIS) is an automatic tracking system that uses transponders on ships and is used by vessel traffic services (VTS).
[4] The Global Maritime Distress and Safety System (GMDSS) is an international system which uses improved terrestrial and satellite technology and ship-board radio systems. It ensures rapid alerting of shore-based rescue and communications authorities in the event of an emergency.
[5] https://navcen.uscg.gov/?Do=gpsreportstatus 07/16/2019 0001 China Taiwan Time
[6] https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/INV/Alerts/0619.pdf
[7] https://navcen.uscg.gov/?Do=gpsreportstatus
[8] https://nrkbeta.no/2017/09/18/gps-freaking-out-maybe-youre-too-close-to-putin/
[1] https://www.maritime.dot.gov/content/2019-012-persian-gulf-strait-hormuz-gulf-oman-arabian-sea-red-sea-threats-commercial-vessels
[2] https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/INV/Alerts/0619.pdf
[3] Automatic Identification System. The automatic identification system (AIS) is an automatic tracking system that uses transponders on ships and is used by vessel traffic services (VTS).
[4] The Global Maritime Distress and Safety System (GMDSS) is an international system which uses improved terrestrial and satellite technology and ship-board radio systems. It ensures rapid alerting of shore-based rescue and communications authorities in the event of an emergency.
[5] https://navcen.uscg.gov/?Do=gpsreportstatus 07/16/2019 0001 China Taiwan Time
[6] https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/INV/Alerts/0619.pdf
[7] https://navcen.uscg.gov/?Do=gpsreportstatus
[8] https://nrkbeta.no/2017/09/18/gps-freaking-out-maybe-youre-too-close-to-putin/
[9] https://news.utexas.edu/2013/07/29/ut-austin-researchers-successfully-spoof-an-80-million-yacht-at-sea/