News sources reported today that the U.S. Air Force is conducting aviation training tests this week blocking GPS signals while conducting training flight maneuvers.
It is not known with certainty if this relates in anyway to recent collisions involving military vehicles. 2017 has been a difficult year for the military with a record number of non-wartime vehicular accidents. The timeline of events is rather concerning, and suggests that Cyber attacks, including GPS spoof attacks may be a root cause of some of these accidents. Cyber security researchers demonstrated the ability to compromise GPS navigation systems on boating vessels using easily purchased computer equipment capable of generating spoofed GPS signals.
The HackRF One is a two way Software Defined Radio that costs just under $300 and could be used to mess with a cruise ships GPS controls such that without proper attention to detail, could lead to a maritime collision.
The U.K. government issued warnings reported in the media just yesterday suggesting that the cruise ship industry is vulnerable to cyber attacks that could lead to maritime collisions and the sinking of cruise ships. Imagine what would happen if a terrorist aboard a cruise ship hacked GPS while out at sea to cause a vessel on GPS driven autopilot to collide into a nearby cruise ship sending both ships down under. Such a scenario is a very real threat and can be easily accomplished using free software tools available to teenage hackers. The bad guys have known about this for a while now! Our elected officials need to start passing legislation to address these problems before mass tragedies happen. The media need to report this to the public so that pressure is applied to fix these problems and make maritime captains aware of the threat that exists.
The timeline of notable events that took place so far this year involving the U.S. Military accidents follows:
Timeline of Notable U.S. Military Events This Year:
- January 31st, 2017 USS Antietam Runs Aground
- March 14th, 2017 Three officers died instantly when their propeller-drive plane crashed near Clovis Municipal Airport
- June 17th, 2017 USS Fitzgerald Collision with ACX Crystal that veered towards the Fitzgerald roughly 11 minutes before impact – “WannaCry” compromised Maersk had its cargo ship Evora within near RF reach of the ACX Crystal at the time of change in direction 16:19GMT and appeared to closely follow the ACX Crystal until around 17:00 GMT when ACX Crystal returned to the collision site and was later able to use its communication systems to report the crash once out of near RF reach of the Maersk vessel – https://www.youtube.com/watch?v=m1b58yelh_c details the ship tracking
- June 22nd, 2017 U.S. Maritime – 20 Ships Report GPS Hacked in Black Sea
- June 28th, 2017 the Space-Based Positioning Navigation & Timing National Advisory Board meets and discloses concerns over vulnerabilities with GPS that could lead to collisions given the lack of encryption protecting GPS signals allowing those signals to be spoofed http://www.gps.gov/governance/advisory/meetings/2017-06/parkinson.pdf
- July 10th, 2017 U.S.M.C. KC-130 Crash Kills 16 in Mississippi field
- August 5th, 2017 U.S. Navy MV-22 Osprey Heli-plane Crash
- August 21st, 2017 USS John S. McCain collided with the Alnic MC Cargo ship that changed direction at 21:24 GMT veering towards the USS John S. McCain when 7 minutes later it crashed into USS John S. McCain at around 21:30 GMT (Nearby Chinese ship Run Hang 98 disappeared from Tracking immediately after crash suggesting this ship may have been part of a Radio Frequency attack on nearby GPS and communication systems) https://www.youtube.com/watch?v=vlrA36GzHNs
- August 26th, 2017 U.S. military Black Hawk helicopter crash off the southern coast of Yemen during training exercises
- September 5th, 2017 U.S. Air Force Crash kills experienced pilot in Nevada – classified
- September 13th, 2017 U.S. Marine Amphibious vehicle ignites injuring 15 marines at Camp Pendleton
- September 13th, 2017 Medic dies in fall during nighttime helicopter hoist training at Fort Hood, Texas
- September 13th, 2017 Two A-10’s collide in air in Nevada Test & Training Range, pilots eject safely
- September 14th, 2017 Staff Sgt. Alexander Dalida killed and 7 injured during demolitions training in Fort Bragg, North Carolina
- September 17th, 2017 Kansas National Guard military vehicle crashes into median while trying to exit freeway near Salina Kansas
- September 17th, 2017 Fort Drum, NY soldier’s vehicle crashes into a tree killing her
Given what has been an unusual spike in “accidents” this year, one has to wonder if Cyber attacks might be behind these calamities.
While the U.S. Navy is investigating if the USS John S. McCain’s systems were cyber attacked, the real questions that need to be answered are were the ACX Crystal and the Alnic MC Cargo ships cyber attacked such that impersonated GPS signals caused both cargo vessels to alter their tracking roughly ten minutes or less before those cargo ships collided with the USS Fitzgerald and McCain? What vessels were near when the collisions occurred? Was any RF data captured that might allow for triangulation of any spoofed GPS signals that have have taken place? We probably won’t learn about everything that occurred, but it is important that Cyber isn’t dismissed as the potential cause behind the collision.
Captains of any vessels need to be aware of the potential risk of being compromised when relying on GPS to control ship navigation.
This is serious stuff that needs a prompt response which should include notifying captains of the inherent risk of turning on GPS driven autopilot navigation.
Clearly these problems are multidimensional. Men on deck failed to identify the incoming threat timely and react appropriately to protect from the approaching vessels. A more public disclosure on what really took place might help protect other ships by making crew more aware of the threats that exist today.
The military appears to be taking measures this week to navigate war planes without the benefit of GPS.
The problem with GPS is that it can be impersonated using a replay attack from a nearby transmitter (which could be a laptop with a strong antenna). The lack of encryption of the signal to protect transmission and to validate the signal as authentic is a serious problem that needs to be addressed for the commercial and military sectors, lest we see continued collisions that may be caused by Cyber attackers launching GPS attacks.