In the days after the Arleigh Burke-class guided missile destroyer USS John S. McCain collided with a Liberian-flagged oil and chemical tanker off near the Strait of Malacca on Aug 21., Chief of Naval Operations Adm. John Richardson sought to throw cold water on an alarming theory on the McCain collision smoldering among the amateur national security experts dwelling in the Internet’s fever swamps: Could a single cyberattack have compromised the $1.8 billion destroyer’s systems and disabled the warship without firing a single shot?
On its face, it’s the stuff of spy novels: A nefarious hacker with a foreign government either completely disrupting a GPS satellite connection or “spoofing” a signal, feeding false navigational data to direct a target vessel off course. The McCain incident came just two months after the USS Fitzgerald collided with a merchant vessel off the coast of Japan, the fourth major surface mishap in a year for the Pacific-based 7th Fleet — the same fleet that frequently patrols the same seas as the Russian and Chinese military assets.
Moscow and Beijing have eclipsed the Department of Defense’s electronic warfare capabilities in recent years, it’s been widely reported. So is it possible that America’s adversaries are taking electronic potshots at the Pacific fleet?
While the Navy is at the very beginning of a sprawling review of 7th Fleet operations after the recent string of mishaps, Richardson insisted during an Aug. 30 all-hands livestream on Facebook that the branch had found “no indications” of sabotage or “any kind of cyber intrusion” in the case of the McCain.
“That is certainly something we are giving full consideration to but we have no indication that that’s the case—yet,” he told reporters at the Pentagon on Aug. 21, shortly after news of the McCain collision spread across the globe. “But, we’re looking at every possibility, so we’re not leaving anything to chance.”
This caution is not without reason, especially given the rising tensions in the Pacific and increasingly alarming incursions into federal government databases on top of, uh, Russia’s electronic hijinks. A 2016 report from the Army’s Foreign Military Studies Office indicated that the Russian government was engineering military-grade GPS jamming equipment into its civilian cell phone network as an electronic shield against missile attacks. And in June 2017, several commercial ships in the Black Sea reported major problems with their GPS-based navigation systems, prompting an official warning of broad GPS interference from the U.S. Maritime Administration amid speculation around a potential Russian cyberweapon.
Indeed, a military asset could absolutely disrupt a commercial GPS connection for a vessel like, say, the Philippine-flagged ACX Crystal that struck the Fitzgerald. In 2013, a team of researchers from the University of Texas successfully commandeered a yacht in the Mediterranean Sea by feeding counterfeit GPS signals into the vessel’s navigation systems to “put it on a collision course with another ship,” as Fox News reported at the time.
The Arleigh Burke-class guided-missile destroyer USS Fitzgerald (DDG 62) returns to Fleet Activities (FLEACT) Yokosuka following a collision with a merchant vessel while operating southwest of Yokosuka, Japan. (U.S. Navy photo by Mass Communication Specialist 1st Class Peter Burghart/Released)Photo via DoD
But according to Jake Williams, a former Army intelligence officer and National Security Agency analyst, military and especially Navy GPS signals are aggressively encrypted with some exceptions, making a collision course orchestrated via phony signals deeply unlikely.
“Nobody has shown the capability to spoof a military GPS signal at this point,” Williams told. “There have been cases of GPS jamming — the New Jersey delivery man whose illegal jammer ended up screwing up satellite tracking at JFK Airport, for example — but nobody is flying or navigating based purely on GPS, period.”
The Navy’s lack of evidence isn’t the only persuasive argument against a major hacking incursion. Williams points out that even if a government hacker managed to infiltrate the Navy’s encrypted network, an imminent collision wouldn’t go unnoticed by a destroyer’s robust watch crew without a major human error caused by, say, sleep deprivation from the 7th Fleet’s years as a high-tempo forward-deployed force.
Indeed, the earliest assessments of the McCain collision suggest that the destroyer experienced a major steering failure while approaching the Singapore Strait, a loss of control exacerbated by a failure of the ship’s backup system. (Navy cyber interference task force Operation Orion Hammer turned up exactly zero evidence of a cyberattack on the steering systems, the U.S. Naval Institute reported on Aug. 25.) And in the case of the Fitzgerald, a Navy investigation attributed the collision not simply to mechanical failure, but “serious mistakes” buy the destroyer’s bridge crew in which the watch team “lost situational awareness” that left them incapable of effectively responding to the imminent collision.
“It’s not like people are just driving these ships by wire,” Williams said. “They were in a busy shipping lane and definitely had people stationed at lookouts across the ship. It’s not merely a case of a GPS spoofing problem, and they had already reported a loss of control — this by itself suggests that the McCain collision isn’t purely a GPS issue.”
Related: Amid 7th Fleet Turmoil, Sailors Open Up About The Navy’s Silent Threat: Sleep Deprivation »
But the most compelling argument against a cyberattack as the root cause of the 7th Fleet’s collision problems isn’t technology-based, but strategic: Even if a state actor managed to exploit a major vulnerability in the Navy’s computer systems — where’s the strategic gain in sending a single destroyer into a random merchant vessel?
“Even if you have a capability, a hacking attack is not something you get a repeated chance at,” Williams told Task & Purpose. “Every time you execute a network attack, you expose a vulnerability that the target can repair and adapt to. You have to pick the most appropriate time to pull the trigger. So to use that chance to cause a collision with the McCain — to what end? What’s the gain in that?”
There’s also the separate issue of exposing an exploit rather than simply lurking in a system and gathering intelligence over the long run: “If you’re in a position to take these systems out, chances are you’re actually getting more benefit by monitoring these systems over time rather than immediately disabling them.”
Williams points to the unprecedented cyberattack that knocked out broad swaths of Ukraine’s power grid in 2015, an attack often attributed to Russian-backed hackers. “They were in there for six months, and they totally bricked the system,” he explains.
Assuming the McCain collision actually was a test of a new weapon’s operational capability, any smart military would target dummies before clueing in the enemy to a potential exploit for a mere trial run. “There is zero question that whoever executed this attack tested it beforehand, which means setting up mock systems,” says Williams. “For something on this scale, you don’t just point and shoot. It doesn’t make any sense.”
U.S. Navy Adm. Scott Swift, Commander, U.S. Pacific Fleet, conducts a media availability at Changi Naval Base Aug. 22, 2017 addressing the current status of the USS John S. McCain (DDG 56).Photo via DoD
If any incident in recent years may actually point to a tangible threat of a military-grade cyberattack, it might be the GPS interference that deceived commercial vessels in the Black Sea in June, a logical testing ground for a Russian military that’s spent years flexing its muscles in Ukraine. But Williams insists that even sophisticated GPS jamming wouldn’t contribute to the McCain collision alone: The Arleigh Burke destroyers are “far more maneuverable vessels, even if the GPS is spoofed on both the ship and the commercial tanker.”
It is highly, highly unlikely that a cyberattack was responsible for any of the surface mishaps that have occurred in the last year, let alone the McCain collision; even if the technological tools were there, there’s no strategic logic behind dinging a few destroyers between Japan and Singapore. But that’s not stopping the Navy from taking the “thread of conversation” that’s emerged from the McCain collision seriously, as Richardson put it.
“I will tell you that we have given that an amazing amount of attention,” Richardson said during the Aug. 30 livestream. “It is sort of a reality of our current situation that part of any kind of investigation or inspection is going to have to take a look at the computer, the cyber — you know, the informational warfare aspect — of our business.”
Related: The USS McCain Tragedy Has A Dire Impact On US Missile Defenses »
Ironically, Richardson’s mention of “information warfare” rather than “electronic warfare” reveals one unexpected consequence of the cyberattack theory: exacerbating American anxieties about Russia’s military prowess that have run high since the 2016 presidential election. To wit: In 2014, Russian-backed media circulated reports that a Russian Su-24 fighter, while buzzing the Burke-class USS Donald Cook, allegedly disabled the destroyer’s Aegis Combat System with a Khibina EW system. An Army report published later that year indicated that the media hysteria had delivered Moscow a psyops victory, despite the absence of any evidence of an electronic incursion.
“The provocation ended without incident when the Russian jet finally left the area,” the Army wrote. “However, from an information warfare perspective, the battle had just begun.”
That’s why, even though it could simply be buying into Kremlin PR about the Russian bear’s cyber capabilities, the specter of a cyberattack in the Navy’s string of incidents remains a matter of grave concern for the Pentagon for one simple reason: 17 sailors have died between the Fitzgerald and McCain collisions.
“This isn’t just moving ships around with GPS spoofing — you’re killing U.S. military personnel,” Williams says. “This is the point where you tread towards the argument that cyberattacks that result in fatalities, like Stuxnet, are acts of war.”