Editor’s note: This article is part of the contribution made by the Cyber & Innovation Policy Institute at the US Naval War College to the series “Compete and Win: Envisioning a Competitive Strategy for the Twenty-First Century.” The series endeavors to present expert commentary on diverse issues surrounding US competitive strategy and irregular warfare with peer and near-peer competitors in the physical, cyber, and information spaces. The series is part of the Competition in Cyberspace Project (C2P), a joint initiative by the Army Cyber Institute and the Modern War Institute. Read all articles in the series here.
Special thanks to series editors Capt. Maggie Smith, PhD, C2P director, and Dr. Barnett S. Koven.
Months before the shooting started in the Russo-Ukrainian War, the US intelligence community warned of Russian troop movements amassing at Ukraine’s border. The gradual buildup, which included transportation of equipment from as far away as Siberia to Ukraine’s doorstep via railcars, showcases the arduous and logistically complex process of mobilizing for war. Things are even more complex when transportation involves a significant maritime component, which is precisely the situation the United States would find itself in should conflict with China break out.
To make matters worse, this process is vulnerable to disruption. The credibility of Russia’s fighting effectiveness was put into question in the first month of its invasion of Ukraine following cracks in its logistical network. Russian ships providing replenishment of tanks were damaged off the coast of Berdyansk and the Saratov was sunk. But ships are vulnerable to more than missile attacks. The maritime transportation industry, like any global network, is vulnerable to cyberattacks and disruptions. What effects on mobility could a cyberattack have and what can be done to make sealift vessels more resilient?
These questions are of paramount importance. Besides being prepared for an actual conflict, strategic sealift plays a role in deterrence. Having a credible combat force capable of retaliation factors into the cost calculation of potential aggressors. In the event of a protracted conflict, one essential capability the United States military must maintain is overseas force projection. While air mobility can quickly send limited forces anywhere in the world, the bulk of ground combat forces would be transported on a fleet of strategic sealift vessels. Having a clear understanding of what some of the main vulnerabilities are and how to fix them is essential.
What is Sealift?
Naval Doctrine Publication 1, Naval Warfare defines sealift as “the afloat pre-positioning and ocean movement of military materiel in support of United States and multinational forces,” and as one of the enduring functions of the naval service. Indeed, sealift delivers 90 to 95 percent of all military cargo in wartime. The US Navy’s Military Sealift Command (MSC) manages a portfolio of vessels that perform the strategic sealift mission—mass movement of military cargo during wartime—and other associated vessels. These other vessels include pre-positioning ships, which are loaded with military equipment and staged in strategic locations, awaiting activation during a contingency. MSC also operates a combat logistics force of fleet oilers and dry cargo/ammunition ships that replenish Navy operating forces during day-to-day operations, and other ships for fleet support and special missions.
During the first Persian Gulf War, over 230 ships delivered twelve million tons of ground vehicles, helicopters, cargo, fuel, and ammunition by sea. Some of the ships used during Desert Storm performed the same sealift missions during the wars in Afghanistan and Iraq and continue to serve in the fleet today. In the summer of 2021, US Transportation Command completed a study that found that the United States currently has enough sealift ships to “satisfy the demands of the National Defense Strategy and project and sustain the Joint Force on a global scale.”
What would happen if the number of ships was affected due to a cyberattack? One possibility is that the amount of ground forces able to flow into theater would be reduced. This, in turn, would extend the time it would take to enter different phases of a campaign. By understanding the methods of attack that malicious actors could enact on ships and the companies that operate them, policies can be implemented to promulgate best practices.
Methods of Attack
Malicious actors can use cyberattacks to disrupt the flow of forces into theater in multiple ways. From the point of origin, cyberattacks against rail networks can force DoD to engage in suboptimal means of moving cargo to a port. Once at the port, cyberattacks on port facilities can slow the loading of cargo onboard ships causing bottlenecks. This article will focus on vulnerabilities during the final leg of the journey of military cargo into theater. These include attacking the operating companies that manage sealift vessels, disrupting systems that ships rely on for positioning and navigation, or infiltrating critical systems onboard ships.
Operating Companies
Consider first the prospect of malicious actors targeting operating companies. Maersk, the world’s largest global shipping company, which owns and operates many ships enrolled in the Maritime Security Program (MSP), is a telling example. The MSP, run by the US Department of Transportation’s Maritime Administration, subsidizes the operations of commercially owned and commercially operated US-flagged ships. These ships must be considered commercially viable and militarily useful and are active in international trade. In return for this subsidy, these ships must make themselves available for DoD to use during a national emergency to move combat forces.
In June 2017, Maersk fell victim to a cyberattack when its systems were infected by NotPetya. Maersk was not alone—this malware destroyed data belonging to senior government officials, as well as other institutions such as energy firms and the banking sector. According to the Washington Post, the CIA attributes NotPetya to Russia’s Main Intelligence Directorate and assessed that Ukrainian companies were its primary target. The United Kingdom’s National Cyber Security Centre also determined that the Russian military aimed to disrupt Ukraine’s government, financial, and energy sectors.
While Ukraine may have been the target, NotPetya had spillover effects and found its way into Maersk’s systems. Around 3,500 of 6,200 servers were destroyed along with 49,000 laptops and 1,000 applications. Phone lines were inoperable. Cloud services were affected. Maersk’s operations ground to a halt. In the aftermath, Maersk reported financial losses of up to $300 million.
Based on the international havoc NotPetya caused, it is easy to imagine a state actor intentionally launching a cyberattack against ships enrolled in the MSP. If successful, an attack could significantly delay the movement of military materiel into a theater—something that would be particularly problematic prior to the onset of a conflict. In a race to bring combat power across the ocean, even a short delay can impact strategic mobility. Finding quick workarounds to mitigate delays, such as using airlift, are akin to using a soda straw to move a barrel’s worth of cargo. Military planners transition between campaign phases only after certain conditions are met. Mobilization delays that impact the aggregation of combat power are likely to shift any phase transition points to the right, perhaps dramatically so.
Positioning and Navigation
Another possible attack is the targeting of a ship’s navigation systems by misdirecting GPS signals or spoofing Automatic Identification Systems (AIS) and Electronic Chart Display and Information Systems.
Russia recently demonstrated its GPS-jamming capabilities during its invasion of Ukraine but has used these tactics for years. Russia also practiced how it would operate its military forces in the event it’s GLONASS satellite navigation system was degraded by jamming during its quadrennial Zapad exercise with Belarus in 2017. Operating in the high north, Zapad focused on insulating the area of war and preventing enemy reinforcements from entering the area. A component of Russia’s antiaccess and area-denial strategy was the employment of electronic warfare. However, the jamming of GPS signals spilled over to areas outside the exercise zone, namely into Norway and Latvia.
Russia has also used GPS jamming offensively. NATO conducted Exercise Trident Juncture in 2018, and brought all NATO allies to Norway for a major operation and to assess NATO’s ability to evaluate the information environment. During the exercise, NATO allies experienced GPS signals jamming and suspected Russia. Again, the effects spilled over to areas outside the exercise bounds. Besides areas within Norway near the Russian border, signals were interrupted in Lapland, the northernmost area of Finland. While these examples occurred over land, GPS jamming could easily extend out to the sea and confuse mariners if standard navigation protocols do not require them to double-check their position through other means.
However, GPS is not the only navigational tool that can be hacked. Another maritime awareness system, AIS, is also vulnerable. The International Maritime Organization requires “AIS to be fitted aboard all ships of 300 gross tonnage and upwards engaged on international voyages, cargo ships of 500 gross tonnage and upwards not engaged on international voyages and all passenger ships irrespective of size.” The US Coast Guard also requires AIS for all vessels over 1,600 gross tons when operating within the navigable waters of the United States. The Coast Guard makes an exception for warships, but warships typically transmit AIS for safety and awareness.
AIS takes information from one ship and transmits its data to all other ships, as well as aircraft and shore-based maritime infrastructure such as port facilities. The transmitted data includes the ship’s name, location, course, and speed. AIS software also alerts ship drivers if they are in danger of getting too close to a vessel so they can adjust course or speed well in advance to avoid an in extremis situation.
According to the US Department of Transportation Maritime Administration, AIS signals can be spoofed. Indeed, there are cases of AIS spoofing in recent years. One example is the British-flagged oil tanker Stena Impero. As the oil tanker transited the Strait of Hormuz, its AIS signal was spoofed and it was tricked into sailing into Iranian territorial waters. The ship was summarily seized by the Islamic Revolutionary Guard Corps and the crew detained. The Stena Impero was held by Iran for two months before it was eventually released.
Another case involves the MV Manukai, a US-flagged container ship owned by Matson, a transportation services company based in Hawaii. In July 2019, the Manukai was inbound to Shanghai, the world’s busiest port. Maneuvering through a heavily trafficked channel is one of the more dangerous evolutions of a ship, and is a situation that requires accurate data about the other ships in the channel. When the Manukai was maneuvering to its assigned berth it started to see an AIS contact jump around and move from position to position before ultimately disappearing. A visual check confirmed that the ship never left port. The Manuaki then experienced a loss of all GPS and AIS. This phenomenon points to electronic warfare. Many containerships in the Maritime Security Program are similar in build to the Manukai. If the Manukai’s positioning and navigation equipment was vulnerable to loss, the same is theoretically true of any containership relied upon to move military cargo.
Finally, in June 2021 two NATO ships docked in Odesa, Ukraine had their AIS signals spoofed. The HMS Defender, a Royal Navy destroyer, and the HNLMS Evertsen, a Royal Netherlands Navy frigate, appeared to leave port and sail toward Sevastopol, a major port on the Black Sea, which also serves as the headquarters of Russia’s Black Sea Fleet—at least, that’s what their AIS signals said. Webcams around the Port of Odesa confirmed that the warships never left port. A malicious actor could use either of these techniques, GPS jamming or AIS spoofing, to confuse ships’ navigational systems and crew. During long stretches of sailing in the open ocean, ships are often steered on autopilot and rely fully on GPS navigation. Disrupting these systems could lead to ships going off course.
Critical Systems
Lastly, a malicious actor could use cyberattacks to disrupt the safe operations of a ship. Software that calculates the stability of a ship, moves rudders, or operates machinery can be hacked using satellite communications, serial ports, or USB sticks. The cybersecurity company Naval Dome created a virus designed to take over a ship’s machinery control system. Using a USB stick for delivery, they successfully overtook auxiliary systems such as fuel systems, generators, and air-conditioning. Their attack was also able to take over the ship’s ballast system.
Two additional examples show how programs used to accomplish mission-essential tasks can spell disaster for a ship when used improperly. The MV Golden Ray was a roll-on/roll-off (RO/RO) vehicle carrier that capsized in 2019 while traveling outbound from the Port of Brunswick, Georgia as it turned on its intended track. The interior spaces of a RO/RO resemble a giant parking garage. The National Transportation Safety Board performed an investigation and found that the Golden Ray’s center of gravity was too high and caused the capsizing. The ship’s center of gravity was off because the chief officer entered incorrect data into the shipboard stability calculation computer.
A similar event happened a few years earlier with another RO/RO vessel, the MV Höegh Osaka. The ship onboarded construction equipment and Range Rovers in the Port of Southampton, England and cargo was primarily loaded on the upper vehicle decks, while the lower vehicle decks were lightly loaded. The Höegh Osaka was also low on bunker fuel oil, which is stored in the lower parts of the ship. Additionally, ballast tank levels were estimated onboard and did not reflect actual tank levels. As a result, the center of gravity was too high for the ship to be stable. The vessel developed a severe list and went aground after losing control during a turn on its outbound track. Despite damaged cargo and damage to the vessel, the Höegh Osaka was salvageable due to the location of the grounding. Had the ship turned any earlier or later, it would have grounded in the only deepwater channel in the area. An obstruction like this would have rendered the Port of Southampton unusable for large shipping vessels.
Imagine if a state-sponsored actor was able to hack into the ballasting software for RO/RO vessels in the Ready Reserve Force. Load plans for vessels are normally planned ahead of time but ballast tanks also fit into the calculation for ship stability. If water levels were programmed to read a certain amount but the actual amount of water brought onboard was much less, a ship’s crew could unknowingly be piloting an unstable ship subject to capsize during a turn. Since several turns are common when maneuvering into or out of a port, having a ship capsize in a channel could impact any other ships entering or exiting the port. These effects would be compounded if multiple ships were trying to queue to receive military cargo during a major mobilization.
Implications
Cyberattacks of the sort described above can happen to friendly and adversarial ships alike. However, if the United States ended up in a war with China or Russia, sealift would present an asymmetric vulnerability. Most likely, a war with China or Russia would be fought in the Indo-Pacific or in Europe, meaning either adversary’s fleets would not have long distances to travel for replenishment. Because the United States is reliant on sealift vessels for long-term combat operations overseas, developing defenses for all three methods of attack is essential.
Operating companies that manage these ships must invest in hardening networks for resiliency and use the most up-to-date software with robust patching. These companies should also operate under the assumption that a cyberattack will strike their business operations and should maintain and test plans for mitigation and recovery. Maersk was able to bring back its operations by a stroke of luck—one of the company’s servers was offline due to a power outage during the attack and allowed it to recover its Active Directory.
Mariners should also train to operate ships without vulnerable technologies like GPS and AIS. On the high seas, mariners should be experts in celestial navigation. Closer to shore, coastal navigation should always be a backup. Mariners should also rehearse and enforce good cybersecurity practices to prevent malware from penetrating networks onboard ships. Relatedly, the Department of Transportation should mandate that operating companies or the unions that organize mariners require in-person classroom training on cybersecurity. Computer-based training is often rushed and fails to build the requisite knowledge to ensure good cybersecurity habits. Finally, DoD should send cyber red and blue teams to sealift ships as well as other naval vessels to inspect for vulnerabilities, patch any outdated systems, and conduct training with the crew. The requirements for strategic sealift are great during a major contingency overseas. Any efforts to reduce risk in cyber vulnerabilities would be a worthy investment.
Commander Jason Ileto is a supply officer in the US Navy. He earned a master of science in operations research from the Naval Postgraduate School in 2011 and is currently pursuing a graduate degree at the Naval War College. He has conducted a directed research project under the Cyber & Innovation Policy Institute (CIPI) Vice Admiral Samuel L. Gravely Jr. Program.
The views expressed are those of the author and do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense, or that of any organization the author is affiliated with, including the Department of the Navy and the Naval War College.
Image credit: Chief Mass Communication Specialist Joan E. Jennings, US Navy