Image Credit: Kestral
Blog Editor’s Note: An important question ship owners and operators are asking themselves more and more often.
Here is a link to a presentation on this topic RNTF president Dana A. Goward gave last week to a group of shipping industry executives in New York.
5 APRIL 2019 ANALYSIS
GPS spoofing – or GNSS spoofing more accurately – is a much-discussed cyber-threat to ship navigation systems. With the potential for paralysed shipping lanes, collisions and even untraceable piracy incidents, what is the current state of play between the shipping industry’s cyber-defences and the malicious actors who aim to cause chaos through GPS spoofing?
The shipping industry has been aware of the threat of GPS spoofing for years, but one incident in 2017 pushed the issue higher up the global news agenda. In June of that year, at least 20 vessels in the Black Sea, in the vicinity of Novorossiysk Commercial Sea Port, reported that their automatic identification system (AIS) traces erroneously showed their position as Gelendzhik Airport, around 32km inland.
The large number of vessels involved and the fact that all of the ships’ tracking systems placed them in the same nonsensical location, led to informed speculation – still unconfirmed officially – that the incident could be attributed to Russian testing of satellite navigation spoofing technology as part of its electronic warfare arsenal.
“My gut feeling is that this is a test of a system which will be used in anger at some other time,” the UK Royal Institute of Navigation’s former president David Last told New Scientist in 2017.
Since then, there have been persistent concerns that the shipping industry may be vulnerable to GPS spoofing, raising the risk of keeping ships at sea longer than necessary to clear the confusion, as occurred in the Black Sea, or even dangerous scenarios such as ship collisions, either with other ships or with land.
Earlier this year, UK-based cyber vulnerability testing firm Pen Test Partners released information from a demonstration at the Infosecurity Europe conference, where the company’s researchers showed how electronic chart systems could be hacked to spoof the size and location of vessels. This, they argued, could cause chaos in a busy shipping lane such as the English Channel.
So what exactly is GPS spoofing, what threat does it pose to shipping, and what action should the industry be taking to reduce the risk?
GPS spoofing: from military to civilian
GPS spoofing could be described more specifically as Global Navigation Satellite System (GNSS) spoofing, as this is the generic term for satellite navigation systems with global coverage, including GPS (US), GLONASS (Russia), BeiDou (China) and Galileo (Europe), all of which are used in the shipping industry. To clarify, this article will use the two terms interchangeably.