GPS Hacks Against Shipping
Reports are coming out of the Black Sea that back in June, a number of ships were impacted by interference with their Global Positioning Systems (GPS) that they use for navigation. A number of ships reported false GPS locations while in the Black Sea, indicating their position to be almost 20 miles inland. This incident may be the first actual GPS spoofing attack, impacting real ships, seen in the wild.
Are We Really Here?
Although the risks of fake GPS signals causing navigation issues have been known for years, this may be the first time such activities have been seen outside of the research community and in the real world.
GPS signals, which come from orbiting satellites, are very weak. It is possible for more powerful signals originating on the ground from an attacker to mimic a GPS satellite and be mistaken for authentic. This gives an attacker with such broadcast capabilities the ability to manipulate the triangulation calculations that GPS devices use to determine their location on the earth’s surface. The result is a victim will think they are somewhere they are not.
href="
A successful attack could make a crew alter course to the attackers destination, cause collisions, or run ships aground.
What is Old is New
Such concerns over the past few years has driven a resurgence for using much older radar technology such as Enhanced Long-Range Navigation (eLoran) to augment or supplant GPS location services for ships. This technology, although modernized, has its roots dating back to World War II. These land based systems transmit very powerful signals which would be difficult for most attackers to overwhelm with their own signal. It makes attempts to jam or spoof legitimate signals very difficult and more unlikely.
Aye Captain!
Technology is just a tool. It can be used for good or malice. Today, the best protection is still an experienced Captain as complete reliance on technology has proven problematic. Experienced professionals, who are doing their job diligently, is the best defense to such digital manipulation attempts.
Even the very best technology does not assure security and safety. The recent at-sea collision of the USS Fitzgerald and a cargo vessel off the coast of Japan, shows how even one of the most advanced ships on the seas can be involved in a collision. People are the crucial element. If they perform diligently in a professional capacity, then traffic flows safely. If people or technology are insecure, incompetent, or vulnerable to manipulation then bad things will happen.
These are some of the issues that must be considered for the emerging wave of autonomous ships planned for the open ocean. Will removing people from the equation make shipping safer or simply make it easier for hackers to cause catastrophe?
Interested in more? Follow me on LinkedIn, Twitter (@Matt_Rosenquist), Information Security Strategy, and Steemit to hear insights and what is going on in cybersecurity.
I don't think it will pose a threat to how the Ship navigates as much as autonomous fleet management and trading based on data on the positioning of goods carried on ships. Ships will navigate based on sensors onboard, as well as different satellites that are not in the GPS system such the AIS satellite systems.
But yeah, this will be an interesting topic to follow. There will most likely be tens of thousands of new smallsats in orbit serving different purposes within the next ~10-20 years. So then companies managing big fleets or coastal safety will own their own satellite constellations which they can encrypt themselves. Making it a lot harder to hack.
It could also affect private boats, yachts, and smaller commercial vessels. Commercial grade GPS navigation units are cheap and therefore popular. As other options and systems come down in price, then this type of threat diminishes.
This is next-level stuff.
how would a ship crash if they saw each other before they collided... like someone would have been "Is it just me or is there a ship coming straight for us"
When we rely on technology, we sometimes get lazy.
this seems so unreal. its weird to think that even the best and most advanced technology doesnt protect us 100%
My first thought, after reading the first paragraph, was the sea collision of the USS Fitzgerald. It's Unbelievable!
This is a very interesting topic, it will be partially solved when the new geopositioning constellations are active and the multi-GNSS systems start to operate. Most of the receivers are already compatible with signals coming from GPS, Galileo, Glonass and QZSS.
It will be more difficult to mask all the different systems but even with that... autonomous systems have to rely in multiple sensors to avoid this kind of problems (for example, cars can know where they are even in a tunnel thanks to the integration of the inertial motion units).
I am concerned with the inherently weak signals from satellites. They are at risk of being overwhelmed by more powerful transmitters that attackers may use on the ground/sea. Spoofing may be a problem, unless it is a subscription model where signed or encrypted communication is established.
I absolutely agree with you. Anyway, as you spotted on your article, other navigation systems are available, and the key for autonomous navigation usually is a proper sensor fusion system integrating different sources, and also it would be necessary to have a failure detector for when the different systems are diverging. In my opinion, we won't see fully autonomous systems at sea, you spotted properly that a good captain is the best navigation system, maybe the crew will be reduced, but there will still be a maintenance team and so on (predictive maintenance and automation are progressing, I know but...).
The thing with subscription model GNSS is that deploying such a system, and then maintaining, is extremely expensive, with a very long term ROI. That is why this constellations are now deployed only by defense actors (European system -Galileo- is a European Comission "property" because ESA cannot have military intersts, GPS depends on the US army). But maybe, for some equatorial/medium latitudes what we will see will be regional GNSS augmentation systems (kind of a subscription based EGNOS/WAAS) that could help detect the spoofing. In fact... it is a very interesting idea to develop.
It seems like world is not safe any more. Even more secured bitcoin wallets also being hacked by others.
wow nice post
Cool
Goog
Congratulations @mrosenquist! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP