Diane M. Zorri and Gary C. Kessler
Deception, confusion, and targeting of weak points in modern warfare is as ubiquitous now as it was in the wars of antiquity.1 Likewise, the incongruity between perception and reality has been explored for centuries. Understanding what is real is still a challenge for humankind. How does the human learn to “see” through the fog of deception? With the mind’s ability to emphatically alter perceptions, modern society has become increasingly reliant on technology. Yet even technology can be deceptive, and, as Sun Tzu observed, “all warfare is based on deception.”2
Strategists have long recognized that naval superiority and control of maritime assets are paramount in establishing global influence.3 Alfred Thayer Mahan noted that although navies have an essential utility in safeguarding global trade and communications, a small naval force could overwhelm a much larger one by concentrating efforts on its adversary’s key vulnerabilities. Consequently, when a country’s maritime assets come under attack, it may have far-reaching geopolitical, military, and economic implications. The sinking of the USS Maine (1898) and RMS Lusitania (1915), as well as the attacks on the USS Maddox and USS Turner Joy (1964), precipitated major conflicts and sustained military campaigns. While the U.S. Navy remains the largest and most expeditionary force in the world, smaller forces, malign powers, and irregular adversaries are disrupting maritime transit and naval assets using new and innovative techniques. These techniques often involve a “system of systems” approach, where malign actors confront adversaries through critical components of operational systems.4 Two of the most persistent threats to maritime security and superiority in the great systems conflicts of the 21stcentury stem from vulnerabilities in two of the technologies that enable position information, navigation, timing, and situational awareness: the Global Positioning System (GPS) and the Automatic Identification System (AIS).5
The maritime domain is often overlooked in its criticality to U.S. national security. Ninety percent of U.S. import and export trade is via ship, and the Maritime Transportation System (MTS) contributes $5.4 trillion to the national economy, representing about 25 percent of the U.S. national gross domestic product (GDP). The MTS is an expansive network of navigable channels, ports, locks, marine terminals, marinas, and seaways that facilitates this trade. Like the MTS but on a global scale, the global maritime transportation network (GMTN)—an arrangement of seaports, waterways, ports, and terminals that accounts for over 70 percent of the value of global trade and nearly 90 percent of its volume—facilitates the global economy. These systems are complex and interdependent, and much like other facets of critical infrastructure, their constituent parts are often undervalued in terms of being integral components of the global economy and strategic security.6 It is no exaggeration to suggest that the MTS is integral to our food, energy, financial, and national security, as well as our projection of military power around the globe.7
GPS
The world’s MTS relies on the four major global navigation satellite systems (GNSS)—BeiDou (China), Galileo (European Union), GLONASS (Russia), and GPS (United States)—for navigation, routing, and situational awareness at sea. A GNSS provides position, navigation, and timing (PNT) services that are used not only for land-, sea-, and air-based navigation but also for the precision timing necessary for critical infrastructures. The importance of timing cannot be overemphasized; if GPS timing signals fail or are severely impaired, there will be widespread failure of telecommunications, financial services, transportation, and power distribution networks, to name just a few.
GPS can offer positioning information accurate to within 3 feet of a receiver’s actual location.8 While such precision might not be necessary on the high seas (so-called blue water), accurate PNT is essential in littoral zones (brown water) and while traversing narrow chokepoints and critical nodes such as the Strait of Hormuz, Strait of Malacca, Panama Canal, Bosporus Strait, and Suez Canal.9 GPS is widely recognized as the best GNSS in the world in terms of accuracy, precision, and reliability and, for this reason, is the most widely used system in the world.10 GPS, however, suffers from three vulnerabilities: jamming, spoofing, and total system failure.
Jamming refers to a receiver being unable to detect a legitimate GPS signal due to interference from nearby radio transmissions. A GPS signal is transmitted from a satellite—at an altitude of 12,550 miles—at approximately 50 watts of power. The signal arrives at the Earth’s surface, however, at a fraction of a milliwatt. Thus, a malign actor may broadcast signals on the GPS frequencies at even a few watts of power and overwhelm the ability of a receiver to acquire necessary PNT information from the GPS signal.11
GPS jamming is not a new phenomenon. While initially developed for the military, inexpensive GPS jammers have been available to the public—albeit illegal to use—for well over a decade. One of the earliest widely publicized examples of this activity involved a person fined in 2013 for using a GPS jammer in the proximity of Newark Liberty International Airport and interfering with flight operations. Rampant GPS jamming activities are taking place around the world, most notably at airports, with Norway being particularly affected. Moreover, China, North Korea, and Russia each have long histories of efforts to jam or otherwise neutralize the GNSS of other countries.12
GPS spoofing causes a receiver to report its location at one place when it is in another place. In 2012, a team from the University of Texas at Austin first demonstrated spoofing to the Department of Homeland Security by spoofing GPS signals to a drone, causing it to lose awareness of its proper altitude. In June 2013, the same team was able to spoof the location of the White Rose of Drachs, an $80 million, 213-foot superyacht, causing it to change course in the middle of the Mediterranean Sea.13 GPS spoofing is not limited to laboratory conditions. The first large-scale public case of GPS spoofing in the MTS was in June 2017. M/V Atria was anchored in the Black Sea off the Russian port of Novorossiysk, but its GPS reported its location as Gelendzhik Airport, 20 nautical miles away. The 37.5-ton tanker was not alone; the receivers on at least two dozen other vessels placed them in the same location.14
The Atria incident was neither an isolated event nor even the first such spoofing incident.15 In 2019, the Center for Advanced Defense Studies released a report describing nearly 9,900 incidents of GPS spoofing incidents in the Black Sea, Crimea, the Russian Federation, Syria, and other locations as far back as 2016, all linked to the Russian military.16 In 2020, investigative journalists reported that a German research vessel detected GPS spoofing and jamming events in many sites on its worldwide voyage in 2017 and 2018.17
Destruction of the entire GPS system is, of course, the ultimate vulnerability. GPS employs a constellation of more than 32 satellites, 29 of which are in use at any one time—a minimum of 24 are required for the system to operate. By design, GPS is resilient to “natural” failures; if one satellite suffers a failure, it is moved out of position and a replacement takes over. Yet Russia and China have both demonstrated “satellite killer” capability, and, since the spring of 2021, Russian President Vladimir Putin has repeatedly threatened to shoot down many, or all, GPS satellites.18 GPS has no resiliency against such a systemic failure.
The vulnerabilities of and threats to GPS are not merely issues for the maritime community but affect all aspects of modern society. There is not a concentrated effort to supplement or augment GPS in the near term. While GPS is managed by the U.S. Space Force, it is both a military and a civilian asset, so something bigger than a military solution is required.19 The Russian invasion of Ukraine in February 2022 highlighted both the necessity of an assured PNT system and the requirement for augmentation.20
AIS
GPS and other GNSS facilitate the Automatic Identification System, the global system used by ships and maritime authorities to maintain situational awareness of local vessel traffic. AIS data, as aggregated by several sites worldwide, has evolved to provide a historical log of a ship’s movement over time. AIS is important for tracking shipping routes, basic industry intelligence, and awareness about shipping in general. AIS was designed in the 1990s, primarily in response to the oil spill that followed the grounding of Exxon Valdez in 1989. Required in the 2002 Safety of Life at Sea (SOLAS) Convention, AIS has several well-known security vulnerabilities, including the lack of sender authentication, message timestamps, data validity verification, and data content integrity. Although all large U.S. military vessels have AIS transceivers, most transceivers are not broadcasting most of the time because of the warship exemption in the SOLAS requirements.21
One early example of a combination of GPS and AIS spoofing is the Iranian seizure of the United Kingdom (UK)–flagged tanker Stena Impero. Steaming through the Strait of Hormuz in international waters in July 2019, Stena Impero suddenly turned north and entered Iranian territorial waters, where it was promptly seized by patrol boats of the Iranian navy. This incident was likely in retaliation for the British seizure of an Iranian vessel earlier in the year due to suspected violations of European Union sanctions.22
The episodes of spoofing continued and morphed into more powerful displays of disruption. In July 2019, the U.S.-flagged M/V Manukai reported a series of false GPS and AIS readings at the Port of Shanghai.23 Unlike previous spoofing events that made a vessel believe that it was in the wrong place, the Manukai saw target vessels that appeared to be jumping around. Further analysis of many events that occurred in the area made it appear that the spoofed locations appeared in circles.24 Dubbed “crop circles,” similar spoofing was found in other locations, including Tehran. In all these cases, the vessels were in the proximity of the spoofing. Later analysis showed circle spoofing occurring around Point Reyes (just north of San Francisco), where the spoofed vessels were as far as 10,000 miles away from the area.25
The Port of Shanghai and subsequent circle spoofing incidents have escalated from spoofing vessels within the proximity of the spoofer to where ships can be anywhere on the globe relative to the spoofed location. China is one of the chief suspects in these circle spoofing events. They have long been suspected of AIS spoofing to hide their fishing fleets that are involved in illegal, unreported, or unregulated (IUU) fishing by showing them to be hundreds or thousands of miles away from their actual locations.
These episodes of AIS spoofing have been perpetrated for many purposes, including demonstrations of capability; masking IUU fishing, smuggling, and other illegal activities; and identity laundering to avoid detection, sanctions, or inspections.26 Widespread spoofing of warships, however, represents an even more dangerous level of escalation, exacerbated by the fact that warships do not always routinely broadcast AIS information. As an example, AIS data showed the HMS Queen Elizabeth and five escort vessels steaming toward the Irish Sea in September 2020, while contemporaneous satellite imagery showed an empty ocean in their supposed location. In fact, not only were the six vessels not where their AIS track put them, but they were not even together at the time—and likely not even actually broadcasting AIS messages.27
In this context—and that of subsequent events in the area—the AIS spoofing of North Atlantic Treaty Organization (NATO) vessels in the Black Sea in June 2021 takes on an entirely different significance. Prior to a scheduled exercise late that month, two NATO warships, HMS Defender (UK) and HNLMS Evertsen (the Netherlands), arrived in Odesa (Ukraine) on the afternoon of June 18. AIS tracking data showed both ships traveling directly to Sevastopol (Crimea) later that night, positioned within 2 nautical miles of the port housing the Russian Black Sea fleet command. YouTube video, live webcam, and other evidence, however, showed that neither vessel left its dock. Because of the contested sovereignty of Crimea and the presence of the headquarters of the Russian Black Sea Fleet in Sevastopol, the unannounced approach of NATO vessels into what Russia claims are its territorial waters could well be described as an act of provocation.28 Indeed, AIS tracks showed the USS Ross near Crimea about 10 days later, although live webcams showed it at dock in Odesa.29
The 2021 Black Sea incident was part of a much larger pattern of the spoofing of AIS tracks of warships from many nations over the last several years.30(As a demonstration of the ease with which AIS spoofing can be accomplished, one of the authors of this article showed the spoofed track of Russian guided-missile cruiser Moskva entering Port Canaveral on the east coast of Florida [see figure 1] at DEFCON’s Hack the Ship Village in August 2021.31)
Geopolitical Risks and Implications
Historical Parallels. The 2021 Black Sea incident appears to be the pre-staging of history. The most likely source of the spoofing of NATO vessels is Russia, which was able to engage in saber-rattling rhetoric in the aftermath of the events. Although most of the world understood that the tracks were bogus, the Russian people likely believed the evidence of NATO aggression. From Putin’s standpoint, his domestic audience—not the rest of the world—is the only audience that needs to be convinced of anything.
It is uncertain whether the spoof of the NATO vessels was a test of capability or if it was intended as a pretext to war. If it was the latter, it would not be the first time that false electronic signals at sea have provided a rationale for armed conflict. Consider the object lesson of the Gulf of Tonkin incidents. On August 2, 1964, the USS Maddox came under attack by three North Vietnamese patrol boats. At the end of the skirmish, all the attacking patrol boats had been damaged, 10 North Vietnamese sailors were killed or wounded, and one bullet hole was found in the Maddox. This was the first Gulf of Tonkin incident. Two days later, the Maddox and USS Turner Joy detected approaching North Vietnamese patrol boats on radar. Seeing what they thought were torpedo tracks on radar and sonar, the vessels fired on the patrol boats, even though neither ship nor any U.S. naval aircraft made visual contact with the attackers.32 This was the second Gulf of Tonkin incident, and the precipitating rationale for Congress to pass the Gulf of Tonkin Resolution, escalating the mission of U.S. forces in Vietnam.33
The second Gulf of Tonkin incident, however, never occurred. While there might well have been vessels around the radar’s report, there were no attacking patrol boats, and there were no torpedoes. Misinterpreted and conflicting signals intelligence from both radar and sonar caused a response when there was, in fact, no stimulus. Yet in a rush to judgment—one that was politically popular and seemed to be consistent with enemy actions of just 2 days earlier—the signals intelligence (SIGINT) was not scrutinized, and contradictions that were known at the time were not investigated.34 An attack—whether real or imagined—was consistent with the narrative and political winds of the day.
Implications and Countermeasures. There is great danger when the warships of rival nations come into proximity to one another. When operators can deliberately alter SIGINT and navigation signals to skew the truth—or the perception of the truth—the space is even more dangerous; intentional disruptions to these systems are provocative and have far-reaching consequences. Disrupting GPS and other GNSS creates navigational uncertainty, delays, and inefficiency in the supply chain. The disruptions can also cause accidents in littoral and near-coastal waters, narrow straits, and international chokepoints where ships operate with a small margin for error. False AIS tracks can support virulent narratives, countering the interests of U.S. allies and partners. Moreover, adversaries can spoof AIS to masquerade as a much larger force or change a ship’s navigation history. While cyber attacks have not yet invoked a collective defense response or triggered Article 5 of the NATO treaty, the second- and third-order effects of these disturbances are incalculable.35 Moreover, during each incident the U.S. Navy must quickly recognize the threats, orient its decisionmaking, and decide a response.
Given the ease of spoofing GPS and AIS signals, we are in a particularly dangerous environment. Any adversary government—whether China, Iran, North Korea, Russia, or others—could easily enter entirely fake tracks of vessel movements into the historical record, in real time. Although some might debate whether attacks on GPS and AIS are cyber in their nature, those arguments miss the point. The term cybersecurity is a misnomer; what we must focus on is protecting the confidentiality, integrity, availability, authenticity, utility, and possession of information and other necessary data.36 From that perspective, attacks on GPS and AIS clearly affect multiple characteristics of navigational and situational awareness information.
Maritime cybersecurity is particularly pertinent today given Russia’s invasion of Ukraine. Ostensibly, one of Russia’s pretexts for the war is the encroachment of NATO on Russia’s borders.37 Part of the demonstration of Alliance aggression could well be the spoofing of NATO vessels in June 2021. There is also significant evidence that Russia is using attacks on GPS in the war against Ukraine, targeting aerial, artillery, and other military systems, as well as communications systems (many of which rely on GNSS for timing).38 Reportedly, Russian jamming has at times been so intense that it has interfered with Russia’s own systems. When it comes to navigation, Russia has access to the Chayka terrestrial electronic navigation system as a backup to GLONASS and other GNSS.39
Now, most of the GPS jamming/spoofing mitigation strategies are short-term improvisations. Many commercial GNSS receivers, for example, can detect when an incoming signal on the primary constellation appears to be bogus. In some cases, the receiver can switch to an alternate GNSS constellation. There is, however, no backup available or augmentation capability in place for GPS. Prior to the widespread availability and use of GPS, the United States and international maritime community relied on the Long-Range Navigation (LORAN) terrestrial-based navigation system. The Department of Homeland Security decommissioned LORAN in 2010, leaving no maritime backup to GPS.40 Indeed, today many mariners do not know how to use LORAN devices or understand LORAN markings on a chart. In 2018, the Trump administration mandated that the Secretary of Transportation establish a backup to GPS via a terrestrial-based timing system,41 yet no work has commenced on the proposed replacement system, enhanced LORAN (known as eLORAN).42 Another potential alternative to satellite-based position, navigation, and timing is the use of quantum sensors for positioning, yet researchers have not fully realized this capability. Likewise, while there have been several proposals to secure AIS, the international standards bodies have not been consistent in their planning or execution.43
Conclusion
The jamming and spoofing of GPS and AIS information has escalated in the last half-dozen years from simple demonstrations of capability to truly dangerous situations where misperceptions could ignite a major conflict. The attack surface is becoming increasingly ubiquitous and strikes on military assets can be staged via nonmilitary vectors.44 The U.S. defense community can mitigate the vulnerabilities in its systems in several ways. First, training and awareness can make both military and commercial mariners aware of the frailties of the systems. Maritime operators and bridge officers should have knowledge of the information and operational technology systems aboard their ships and the myriad ways in which they are interconnected and how they interact. Information security–aware officers as well as shipboard detection systems should be integrated into maritime personnel and management systems. Navigation and bridge personnel must be able to determine when the information displayed by the automated systems is suspect and must have independent means of validating those systems. In addition, celestial navigation techniques and the science of inertial and hyperbolic systems need to be integrated into the curricula of maritime practitioners. Furthermore, maritime naval exercises need to include scenarios where GNSS and AIS have been disrupted by enemy forces and test how practitioners would respond without current technology. Exercises should also integrate opportunities that test the innovative capacity of cyber defenders as well as their ability to proactively target the enemy.
Next, lawmakers and funding agencies must be convinced that if the vulnerabilities in GPS and AIS are not addressed in the near term, the threat to national security is plausible and potentially cataclysmic. This onus lies on all PNT stakeholders, whether they are in the military, government, or commercial sector. Both the Chinese and the Russians use a terrestrial-based PNT system to augment their GNSS systems, giving them a significant strategic advantage over the United States.45 Instead of recommending the short-term revival of LORAN as reserve capability, the National Space–based PNT Advisory Board has developed a strategy of toughening and modernizing the current GPS systems until non–GNSS PNT systems, like those that use quantum sensing, are widely available.46 Another solution would be to integrate the National Aeronautics and Space Administration’s Jet Propulsion Laboratory’s Global Differential GPS (GDGPS) across the national security entities and critical infrastructure of the United States. GDGPS tracks data from all GNSS constellations and offers corrections and real-time accuracy for positioning applications.47 Yet no single entity within the U.S. Government has been given the authority to fully implement a PNT augmentation capability or oversee an integrated PNT strategy. The full integration of the GDGPS system across the national security architecture would require strategic guidance and funding. Moreover, to compete with China, which many experts have begun to recognize as a global leader in comprehensive PNT capability, the United States needs to adopt a long-range strategic plan for PNT at the national level.48 This plan should recognize the criticality of PNT to national security and holistically work to improve all PNT capabilities (that is, low-orbit satellites, space-based satellites, terrestrial navigation, inertial navigation, quantum sensing, LORAN, and celestial navigation) as an integral system of systems.
Alternatively, AIS security solutions are highly likely to yield positive gains to commercial industries. Competitive bids for AIS systems should integrate security measures, such as public-key or asymmetric cryptography, digital signatures, or a combination of the identity-based authentication that is commonplace in commercial applications, computers, and on mobile phones.49 Yet securing AIS might be an even harder problem to solve because it demands international agreement within two United Nations organizations—the International Maritime Organization is responsible for SOLAS and the International Telecommunication Union for the AIS over-the-air protocol.50 Mitigating this challenge will require a clear vision and proactive leadership.
Because of the grave danger that GPS and AIS weaponization entails, it is essential that policymakers and maritime operators understand not only the risks and implications of these threats, but also the mitigation techniques and countermeasures that add resilience to the warfighter. Moreover, the U.S. Government needs to address the significant advantage that our adversaries have developed in PNT resilience and augmentation. The redundancies and security initiatives may be costly, yet both PNT resilience and augmentation and AIS security measures are vital for protecting our nation’s critical assets and mitigating a future conflict.
No comments:
Post a Comment