
US Navy collisions stoke cyber threat concerns - stephenboyd
http://www.mcclatchydc.com/news/nation-world/national/national-security/article168470432.html
======
jorblumesea
Even if they were spoofed, every Navy ship has many people on watch at one
time and radar is more than enough to compensate. A more reasonable
explanation is exhausted crew and human error.

~~~
rectang
... which in turn would imply unreasonable schedules and systems which are not
robust when faced with inevitable human error. In other words, failures of
high level management and system architecture.

I await the scapegoating of the crew to protect the higher-ups.

~~~
grzm
> _I await the scapegoating of the crew to protect the higher-ups._

Considering the leadership of the Fitzgerald have been removed, why would you
expect scapegoating of the crew to occur in this case?

> _The commanding officer, executive officer and senior non-commissioned
> officer of the USS Fitzgerald have been removed from their duties for cause
> amid the fallout surrounding the deadly collision between the USS Fitzgerald
> and a cargo ship off the coast of Japan on June 17.

"We've lost trust and confidence in their ability to lead in those positions
and they will not return to the ship," Vice Chief of Naval Operations Adm.
William Moran told reporters at the Pentagon late Thursday. The 7th Fleet also
said several junior officers were relieved of duty._

[http://www.cnn.com/2017/08/17/politics/uss-fitzgerald-
leader...](http://www.cnn.com/2017/08/17/politics/uss-fitzgerald-leadership-
removed/index.html)

~~~
rectang
Do ship commanders such as the removed captain of the Fitzgerald decide
staffing levels? If sleep deprivation contributed this accident (as many are
speculating), I am nevertheless skeptical that the people who are responsible
for systemic lack of sleep will be held accountable.

~~~
grzm
You mean the speculation mentioned in comments here? This article, which
itself is unsubstantiated speculation, makes no such mention. If you're just
spitballing, fine, but I don't see any reason to make statements like these
without doing some research first, much less express skepticism, particularly
when presented with very recent evidence that leadership is being held
responsible.

------
zaroth
Unfortunately I see 'complete incompetence' as the only rational explanation.
This is just the latest in a string of naval disasters this year which are not
just confounding and bizarre rank amateur displays, but have resulted in loss
of life.

At this point, the American people deserve nothing less than an extraordinary
response and complete accountability throughout the ranks. When destroyers are
getting rammed by _cargo ships_ , and guided missile cruisers are colliding
with fishing bots, and running aground, we have a systemic problem with
training, discipline, or protocol, likely all three.

You simply cannot blame broken GPS on getting your destroyer rammed by a
20,000 ton cargo ship. Our enlisted deserve better, and Admirals should be
getting shit-canned for this.

~~~
PhasmaFelis
I vaguely recall a story, maybe a decade or two back, about a naval wargaming
exercise in which the red team (simulating the enemies of the US) approached a
zillion-dollar warship in rubber rafts that didn't trip any of its cutting-
edge electronics and "disabled" it with nothing but some men and some
simulated explosives.

They were accused of cheating, the officers upbraided, and the whole scenario
rewound to erase the embarrassing incident.

~~~
throwaway613834
Out of curiosity, how doe they go up the ship when they approach it with a
raft? Do they manage to tie a rope around something in the deck somehow, or do
they cut a hole in the ship...?

~~~
PhasmaFelis
I don't remember the details, unfortunately. They may have just planted
(simulated) shaped charges directly on the hull, or they may have gone through
some rigamarole with grappling hooks or something.

It occurs to me that you could probably climb the outside of a ship with sci-
fi electromagnetic gloves/boots, but I've never heard of anyone actually
making anything like that.

~~~
RugnirViking
Normally warship hulls are degaussed to remove magnetic signature for mines.
that might stymie any attempt to climb using magnets.

~~~
dogma1138
Pirates use hooks and ladders to climb on cargo ships.

The freeboard of a modern destroyer is usually below 10M and much lower around
the flight or water operations decks.

[https://en.m.wikipedia.org/wiki/USS_Fitzgerald#/media/File%3...](https://en.m.wikipedia.org/wiki/USS_Fitzgerald#/media/File%3AValiant_Shield_2012_120912-N-TX154-258.jpg)

Edit: better picture with sailors for scale
[https://defencyclopedia.files.wordpress.com/2015/05/burke-
in...](https://defencyclopedia.files.wordpress.com/2015/05/burke-
infographic1.png)

------
hackcasual
This is purely uninformed speculation. Radar and eyeballs are sufficient to
prevent these types of incidents.

Sleep deprivation has continued to be pointed to as a major issue on ships,
and yet from the CNO down, this has been ignored and nothing done:
[https://www.usni.org/magazines/proceedings/2017-07/let-
our-s...](https://www.usni.org/magazines/proceedings/2017-07/let-our-sailors-
sleep)

~~~
extrapickles
I wouldn't be surprised if sleep deprivation was a leading cause. The military
in general has a problem with letting people get enough sleep, especially if
the personnel are not on the day shift/watch.

With two deadly collisions in the same fleet, I bet there is some silly
regulation/task that is keeping watch standers from getting enough sleep. It
could be as simple as letting sleeping personnel get pulled into working
parties as everyone else is on watch or doing repairs/maintenance.

I wouldn't be surprised if things got worse as they pile even more training
requirements on trying to fix the issue.

------
Animats
He's just making that stuff up.

The US Navy has released surprisingly little info on the Fitzgerald collision.
The new "report" is all about damage control after the collision, not the
events leading up to it.

------
yeukhon
I am actually more concerned about the 10 missing sailors, not just concerns
for their lives, but I am really concerned how they went missing after the
collision? The ship's damage is not very bad. I can understand they could have
fallen into water, but this doesn't make a lot of sense. If they were facing
the impact, they would have run away. If they were in other three directions,
then I am surprised that ten sailors got thrown off the deck, and none of them
could get back on the water surface. This raises my concern for the ship's
rails.

\--EDIT--

I believe this incident occurred early in the morning around 5:24 a.m and I
don't think it was in total darkness. Also, what about the transport ship?
Shouldn't they also have the ability to detect (and also human for lookup)
since this is one of the busiest lane?

~~~
Johnny555
Opening flooded compartments is not done lightly, you need to stop the source
of the leaks first before you can open the hatches and enter the compartments
and do a full search.

A collision between a 10,000 ton destroyer and a 20,000 (?) ton cargo ship
dissipates a lot of energy into the water and churns up a lot of turbulent
water, if someone fell into the water in the dark, it's not at all surprising
that they'd be unable to surface. A human loses buoyancy around 30 feet deep
in the water so if you're pulled 30 feet down in the dark, it can be
disorienting and hard to figure out which way is up.

~~~
throwaway613834
> A human loses buoyancy around 30 feet deep in the water

Learned something new today, thanks for that. Didn't even realize this was
possible.

~~~
PhasmaFelis
The science behind it is really interesting. I had always assumed that you'd
get more buoyant as you went down and the pressure got higher; the thing is,
buoyancy isn't about pressure as such, it's about relative density. Water is
almost completely incompressible; even miles down, its density only increases
by a few percentage points. But the main thing keeping humans buoyant is the
air in your lungs, and your lungs are compressed as the outside pressure
rises, making the airspace smaller and denser, until your average density is
greater than the water's and you sink.

~~~
throwaway613834
Yeah, I looked it up for the same reason, that's why I said I found it so
interesting :) thanks for mentioning it though, I'm sure people will be
interested to learn why.

------
vxxzy
If it is indeed GPS spoofing it must be happening to commercial vessels right?
Doesn't the US military use a different, more accurate/secure version of GPS?
It seems more likely the less secure AIS protocol is somehow being
manipulated.

~~~
sitharus
Yes, the US military uses a different GPS code to the general public. It's
more accurate and harder to spoof.

However, these collisions could be caused by spoofing the general maritime
traffic so the US ships are on the 'correct' course and everyone else is
offset.

~~~
dragonwriter
> However, these collisions could be caused by spoofing the general maritime
> traffic so the US ships are on the 'correct' course and everyone else is
> offset.

These collisions could not be caused by anything but massive human failure,
because while the military may exploit networked electronic conveniences to
track expected civilian traffic positions, that's not supposed to be the
_only_ system they have.

And they'd be useless as warships if that was their only way of detecting
_larger_ ships than their own size short of bumping into them.

------
forapurpose
"Cyber" seems to have taken on the role formerly filled by angry divine
beings: If something happens and we don't know what it is or why it happened,
we used to think someone angered a god or an ancestor. Now, it's cyber.

Don't forget that several wars have started based on misattributed events. In
just the U.S.: The Maine and the Spanish-American War, the Gulf of Tonkin and
the Vietnam War, Iraq's WMD program and al-Qaeda alliance and the Iraq War ...

And attribution is especially difficult in attacks on computer systems. An
enterprising, well-resourced actor could provoke war between enemies or
division between allies with a well-crafted attack.

~~~
jessaustin
Don't forget six years ago when we destroyed Libya because some exile in
Switzerland claimed Qaddafi was being extra super mean, only he wasn't. How
long until we admit that Assad wasn't connected to the Syrian gas "attacks"?

"Misattributed" is soft-pedaling it. The war pigs tell these lies so they can
make money by killing hundreds of thousands of innocent people.

~~~
forapurpose
> we destroyed Libya

The U.S. and allies helped drive Qaddafi from power. They didn't physically
destroy Libya, though maybe politically.

> because some exile in Switzerland claimed Qaddafi was being extra super
> mean, only he wasn't.

Qaddafi's human rights record was very well known for a long time, and he also
made enemies in the West by supporting terrorists and destroying a commercial
airliner in flight, killing its passengers. The immediate cause of the West's
intervention was that Qaddafi was openly about to destroy rebels (including
civilians, IIRC). I'm not sure how much of a role this exile played.

~~~
jessaustin
Educate yourself:

[https://www.foreignaffairs.com/articles/libya/obamas-
libya-d...](https://www.foreignaffairs.com/articles/libya/obamas-libya-
debacle)

[http://foreignpolicy.com/2016/03/22/libya-and-the-myth-of-
hu...](http://foreignpolicy.com/2016/03/22/libya-and-the-myth-of-humanitarian-
intervention/)

Holy shit those lies were so transparent that even staid mainstream media
brands felt compelled to debunk them! Even if those lies had been true, why
did we care so much about Libya and not about nineteen other brutal corrupt
dictators in Africa and around the world? Qaddafi had already given up his
nuclear program, and DPRK rightly points out that that mistake cost him
everything. How convenient for those who benefit from both the current
European refugee crisis and from escalated conflict in Korea!

------
cyberferret
I am not a naval person by any stretch, but I thought the protocol on _any_
large ship (military or civilian) was to have at least one, if not two people
on watch at all times?

I would assume a navy ship would have multiple people with eyes 'outside the
boat' especially in a busy shipping (and piracy ridden) lane such as the
Malacca Straits?

~~~
nradov
US Navy ships underway typically have at least 4 crewmen on watch as dedicated
lookouts, plus at least 4 more on the bridge sometimes looking out the windows
and someone in CIC watching radar. In high risk situations there may be even
more.

------
andrew-lucker
Does anyone have a technical explanation of how gps spoofing works?

~~~
blackguardx
I'm not sure this is technical enough, but this gist is as follows. GPS
signals are extremely weak. They are below the background noise floor (you
can't see them with a spectrum analyzer) and can only be received by
convolving with a pseudorandom code (PN code). Because they are so weak, an
adversary can overpower them and cause receivers to "lock on" as long as rogue
signal is well designed. GPS signals are fairly simple. They mainly encode
precise time information from atomic clocks orbiting the earth. By receiving 4
time signals from 4 atomic clocks in known orbits, one's position can be
precisely known.

This is a hard attack, but not not impossible. The Iranians are rumored to
have used this technique to down a stealth drone the US was using for spy
purposes.

~~~
foota
I'm sure it's beyond me without a lot of work, but what makes the attack
difficult for someone with the right background?

~~~
blackguardx
I think this has become much easier with the rise of SDR.

You would mainly have to know alot about the orbits of the GPS satellites to
be able to convincingly simulate their signals from a given point on the
globe.

~~~
throwaway613834
> You would mainly have to know alot about the orbits of the GPS satellites to
> be able to convincingly simulate their signals from a given point on the
> globe.

Do GPS receivers validate satellite orbits? Do they even know what all the
satellite orbits are supposed to be?

------
hamandcheese
> The U.S. military uses encrypted signals for geolocation of vessels, rather
> than commercial GPS.

It seems like a massive oversight to keep encrypted GPS signals for use
exclusively for US military. As mentioned in another comment, the collision
could have been caused by spoofing the commercial ships GPS rather than a
cyber attack on the Navy vessel.

The ability to selectively enable GPS in a region for only US military (as
mentioned, once again, in another comment) doesn't even seem like that big of
a strategic advantage - surely a sophisticated enemy wouldn't rely on GPS,
would they?

Any strategic advantage doesn't really seem worth the potentially massive
damage that could be caused by a large scale spoofing of GPS signals.

~~~
Johnny555
Plus with the advent of Glonass, Galileo, and Beidou, the ability for the USA
to turn off GPS has less strategic value.

[https://en.wikipedia.org/wiki/GLONASS](https://en.wikipedia.org/wiki/GLONASS)
[https://en.wikipedia.org/wiki/Galileo_(satellite_navigation)](https://en.wikipedia.org/wiki/Galileo_\(satellite_navigation\))
[https://en.wikipedia.org/wiki/BeiDou_Navigation_Satellite_Sy...](https://en.wikipedia.org/wiki/BeiDou_Navigation_Satellite_System)

~~~
dragonwriter
That would be true if the US did not have it was not willing to use effective
ASAT weapons to also deny opponents the use of GPS alternatives in the event
of a war in which they would want to deny GPS.

~~~
hamandcheese
Surely GPS satellites can also be shot down, no? It seems the best possible
outcome might be a single global navigation system that all powers depend on,
creating a navigational form of mutually assured destruction, ensuring its
continued availability during a time of conflict.

That will probably never happen, though.

~~~
PhasmaFelis
I feel like that would just encourage all parties involved to develop robust
non-satellite fallback systems and procedures...which, actually, would have
prevented these collisions in the first place.

~~~
nradov
All parties involved already have robust non-satellite systems for collision
avoidance because satellite systems have never been used for that purpose in
the first place.

~~~
PhasmaFelis
The post suggests that they weren't robust enough. That's why I said systems
and _procedures_ \--backup systems don't work if the guys monitoring them
aren't well-trained or paying attention because everyone assumes the GPS is
infallible. Policies based on GPS MAD would place a lot more attention on the
non-GPS systems.

------
Johnny555
Regardless of any GPS spoofing that could be present, it'd be awfully hard to
hide the radar return from a large tanker/cargo ship.

------
anovikov
A much better explanation for that is that the guys there are being overworked
and exhausted. Navy resources are overstretched as there is lack of destroyers
due to many years of interruption in DDG construction. Navy has at least 12
destroyers less than it would have if not the catastrophe of Zumwalt class
construction.

~~~
yborg
Navy resources are mostly stretched because of the Navy's insistence on
launching $30 billion supercarriers to fly $120 million F-35s. You could build
15 or 16 Arleigh Burke-class destroyers for what it's costing (so far) to
build the Gerald Ford.

~~~
anovikov
That is just because it is the first ship in class. Neither Enterprise nor
Nimitz came out easy either.

------
SuperChihuahua
"#USSJohnSMcCain suffered steering loss approaching Strait of Malacca, unclear
why crew couldn't utilize back-up -Navy official"

[https://twitter.com/jimsciutto/status/899793613126864897](https://twitter.com/jimsciutto/status/899793613126864897)

------
GreaterFool
I imagine one could make a modern device that tracks position by watching the
sky. I wonder how well could that work in bad weather. Is there any light
spectrum of the stars that passes through a serious storm? Humans may be
incapable of seeing it but how about advanced telescope/camera?

~~~
dbenjamin
This has existed for quite a while. The SR-71 (introduced in 1966) had an
astro-inertial navigation system that tracked stars to reduce error in a
standard INS.

Using spectrum filters, was able to track stars day and night (and I imagine
potentially in bad weather).

[https://timeandnavigation.si.edu/multimedia-
asset/nortronics...](https://timeandnavigation.si.edu/multimedia-
asset/nortronics-nas-14v2-astroinertial-navigation-system)

------
forapurpose
The U.S. government's budget sequester has forced the military to greatly
reduce training and therefore readiness. The Air Force attributed recent
fighter plane accidents to a lack of training. I wonder if these accidents are
related.

------
trhway
The crew uses cellphones (browsing Singapore Tinder is a really good way to
kill time while not falling asleep during the watch at 4am - makes for a
peculiar case of "texting while driving" though). Coming from the providers in
the region, with many directly or indirectly owned/invested/hacked by China,
the phones are already hacked, and they provide a pretty good attack vector on
any wireless ship system and after that on any other that it is connected too.
Though my bet here is on pretty obvious Chinese spoofing of the destroyers'
GPS - it being supposedly military grade makes it the last thing to be looked
at.

~~~
Johnny555
Do you have any evidence that any networks accessible by personal crew devices
(i.e. cellphones) are connected at all to the ship's control networks?

~~~
trhway
are you kidding? Check out "smart ship" for example:

[http://www.globalsecurity.org/military/systems/ship/ddg-51-u...](http://www.globalsecurity.org/military/systems/ship/ddg-51-upgrade.htm)

Everything integrated, and as long as at least one component talks wireless
... and there are actually a bunch of them, and as i mentioned, being an
actual smartphone is only one of the features of those cheap smartphones
bought at the local port :).

One can easily imagine that the ships which rammed (and/or some other ships
close by) the destroyers could have carried cell towers and/or GPS spoof-er
which were promptly, say, dumped overboard.

And leaving all that hi-tech aside - plain old $2K/bottle cognac, drink of
choice of the 7th fleet :) [https://federalnewsradio.com/tom-temin-
commentary/2017/03/fa...](https://federalnewsradio.com/tom-temin-
commentary/2017/03/face-navys-7th-fleet-scandal-malignant/) ,
[http://www.washingtonpost.com/sf/investigative/2016/05/27/th...](http://www.washingtonpost.com/sf/investigative/2016/05/27/the-
man-who-seduced-the-7th-fleet)

~~~
Johnny555
I don't see anything there that suggests that the ship runs on a wifi network.

The closest thing I saw was _" Shipwide interior wireless communications
system"_, but that doesn't imply Wifi, and is likely just a digital trunking
radio system -- not something a consumer Wifi device will be able to connect
to.

------
tardygrad
This article is just idle speculation with some of the vague 'Russia is behind
it' rhetoric we've been seeing over the past few years.

Even if someone had developed the capability to spoof military grade GPS why
would they use it on a random ship for no reason? That would accomplish
nothing while tipping off the military that someone had cracked GPS.

Even if this is a GPS problem at all it is more likely to be a bug in the
implementation than a targeted attack.

By Occam's Razor this is likely just a plain old human error and not some
sophisticated conspiracy - someone was negligent and shit hit the fan.

~~~
bhouston
Could they instead spoof the GPS that the other civilian ship was using and
guide it into the US ship? That seems like it would be infinitely easier to
do.

Isn't is also possible to just hack into the computers of the civilian ship as
they are likely incredibly insecure and basically do what you want with it? I
understand most industry computer control systems incredibly dated and
insecure.

Just speculation of course.

~~~
lstyls
Navy attack ships are much, much faster and more maneuverable than cargo ships
or takers. They could have outmaneuvered one easily if they wanted to.

------
lowbloodsugar
Twofer: Not only deflect blame from actual problem but also raise funding for
anti-cyberwarfare boondoggle!

~~~
sitkack
Suddenly a 500k PR contract from the Navy lands in his lap.

~~~
jessaustin
The dudes at CrowdStrike are all, "why didn't _we_ think of this?"

------
basicplus2
All ships should be keeping a physical lookout at all times, it can only be
complete incompetence at work. Pretty pathetic of a warship cannot steer clear
of such a large vessel. Clearly it would pretty easy for an enemy to attack
them if they are thus incompetent

~~~
throwaway613834
> All ships should be keeping a physical lookout at all times

I know nothing about the military or naval practices but this sounds hard and
very costly... you want someone on shift 24/7 with his head constantly
rotating watching out in all directions? Or maybe 3-4 people simultaneously
looking out each in a single direction? That would mean you have a bunch of
people doing literally nothing productive (besides watching) at any given
point in time, some of them even being asleep since you want 24/7 shifts...
and they have to not get bored or look away for any nontrivial period of time.
It seems very difficult.

~~~
Johnny555
_a bunch of people doing literally nothing productive (besides watching)_

They are not doing "nothing productive", they are keeping watch to prevent
exactly this type of accident from happening.

Do you really think that the entire ship goes to to sleep at night on a 2
billion dollar naval destroyer while it cruises in a crowded shipping lane?
Even the $250M office/residential building where I work has 2 night watchmen
and a building engineer or two on duty at all times... and the building is
unlikely to have a collision when another building moves into its path.

~~~
throwaway613834
> Do you really think that the entire ship goes to to sleep at night on a 2
> billion dollar naval destroyer while it cruises in a crowded shipping lane?

I didn't say they all go to sleep, they probably have lots of things to do at
various times. And I wasn't talking about more-sensitive points like crowded
shipping lanes. I was just talking about having people on duty to literally
keep a watch out over the sea the entire time. Not sure why you twist my words
like that.

Or you're saying they _do_ have watchmen 24/7 but their watchmen are just
blind? How did they manage to collide 4 times this year if they had people
watching the sea the whole time?

Oh, and don't forget others are suggesting sleep deprivation as the cause.
Which is not exactly inconsistent with my point that keeping watch is probably
difficult and costly...

