Naval Cybersecurity in the Era of International Rivalry: Guarding Seaborne Supplies Against Modern Threats

In the realm of modern warfare, the maritime transportation industry plays a crucial role, especially in times of conflict. This article explores the vulnerabilities that have come to light in recent conflicts, with a focus on sealift and Automatic Identification System (AIS) spoofing.

The first Persian Gulf War demonstrated the importance of sealift, with over 230 ships delivering twelve million tons of ground vehicles, helicopters, cargo, fuel, and ammunition by sea. Sealift, it seems, delivers 90 to 95 percent of all military cargo in wartime. However, this reliance on maritime transportation also exposes vulnerabilities, particularly in the face of cyberattacks.

Malicious actors can disrupt the flow of forces into theater by attacking operating companies, disrupting systems that ships rely on for positioning and navigation, or infiltrating critical systems onboard ships. Cyberattacks can even disrupt the safe operations of a ship, including software that calculates the stability of a ship, moves rudders, or operates machinery.

The Automatic Identification System (AIS) is a crucial tool for tracking vessels at sea. However, it's not immune to manipulation. In 2019, NATO ships docked in Odesa, Ukraine had their AIS signals spoofed, causing them to appear as if they were leaving port and sailing toward Sevastopol, a major port on the Black Sea. This wasn't an isolated incident. The British-flagged oil tanker Stena Impero was tricked into sailing into Iranian territorial waters, and the MV Manukai, a US-flagged container ship, experienced a loss of all GPS and AIS while maneuvering in Shanghai's heavily trafficked port.

The US Department of Transportation Maritime Administration has stated that AIS signals can be spoofed, and another maritime awareness system, AIS, is also vulnerable to spoofing. This raises concerns about the reliability of these systems, especially in times of conflict.

The credibility of Russia's fighting effectiveness was put into question in the first month of its invasion of Ukraine due to cracks in its logistical network. The transportation of equipment from Siberia to Ukraine's border via railcars showcases the logistically complex process of mobilizing for war. However, the vulnerabilities of the maritime transportation industry, particularly in the face of cyberattacks and AIS spoofing, are clear.

In light of these vulnerabilities, it's essential to address the issue and ensure the safety and reliability of the maritime transportation industry, particularly in times of conflict. The US Navy's Military Sealift Command manages a portfolio of vessels that perform the strategic sealift mission, but most of these vessels are primarily of foreign origin, often operated or registered by non-U.S. entities. This raises questions about the security of these vessels and the need for increased domestic capabilities.

The US intelligence community warned of Russian troop movements amassing at Ukraine's border months before the Russo-Ukrainian War. NATO conducted Exercise Trident Juncture in 2018, involving all NATO allies in Norway to assess NATO's ability to evaluate the information environment. During the exercise, NATO allies experienced GPS signals jamming and suspected Russia as the culprit.

As the world continues to navigate geopolitical conflicts, it's clear that the maritime transportation industry is a vital component of any military strategy. However, the vulnerabilities highlighted by recent conflicts underscore the need for increased security measures to protect this vital infrastructure.

Naval Cybersecurity in the Era of International Rivalry: Guarding Seaborne Supplies Against Modern Threats