In the most recent edition of the Institute of Navigation’s Journal “Navigation” Professor Humphries and a colleague explain over the course of 16 pages how it was done. From the paper’s abstract:
“An attacker’s ability to control a maritime surface vessel by broadcasting counterfeit civil Global Positioning System (GPS) signals is analyzed and demonstrated. The aim of this work is to explore civil maritime transportation’s vulnerability to deceptive GPS signals and to develop a detection technique that is compatible with sensors commonly available on modern ships. It is shown that despite access to a variety of high-quality navigation and surveillance sensors, modern maritime navigation depends crucially on satellite navigation and that a deception attack can be disguised as the effects of slowly-changing ocean currents …”
But bad actors need not be able to penetrate the complex formulas of this technical paper in order to pose a significant hazard to shipping. At the annual Defcon hackers’ convention in 2015 a Chinese technologist gave step by step instructions on how to build a GPS spoofing device and was selling kits for $300.
Maritime executives and security professionals should take note.
Imagine a container ship bound from the Cape of Good Hope to Osaka via the Malacca Strait. A crew member or paying passenger has brought a GPS spoofing device aboard that is difficult to distinguish from a computer or other piece of personal electronics.
Once the ship is well clear of Africa and Madagascar, the spoofer diverts the ship’s course slightly more than five degrees to the right and encourages an speed increase of two knots. In less than four days, instead of arriving at the entrance to the Malacca Straits as expected, the vessel will make landfall 10 hours earlier and 220 nautical miles away, off shore a sparsely populated part of Indonesia.
Dana A. Goward is President of Resilient Navigation and Timing Foundation.
The opinions expressed herein are the author’s and not necessarily those of The Maritime Executive.
By Dana Goward