Euro Security Watch with Mathew J. Schwartz

Governance , Incident Response

US Navy Collisions: Don't Bet on Hacking Human Error Remains Most Likely Explanation, Experts Say
US Navy Collisions: Don't Bet on Hacking
USS John S. McCain (DDG 56) on August 23 steering towards Singapore's Changi Naval Base following a collision with the merchant vessel Alnic MC. (Photo: U.S. Navy)

Every time airport systems go down, leading to flight disruptions and delays; power grids crash, leading to blackouts; or online services such as Amazon Web Services, Twitter or Facebook become unreachable, leading to mass panic, a bevy of news stories will inevitably and ask in breathless fashion: "Was it a hack attack?"

See Also: Ransomware: The Look at Future Trends

That's despite history proving that statistically speaking, squirrels, birds, rats and even jellyfish - not to mention human error - remain the much more likely cause of outages, rather than any type of cyberattack.

"Re: possibility of cyber intrusion or sabotage, no indications right now" 

Keep that in mind as the U.S. Navy investigates the Monday collision between USS John S. McCain, a guided-missile destroyer, and the merchant vessel Alnic MC, a Liberian-flagged, 600-foot-long oil and chemical tanker with a dead weight of 50,760 tons.

Total Successful Cyber War Operations

Count of threat actors current as of Aug. 7. (Source: Cyber Squirrel 1)

The destroyer "was transiting to Singapore for a routine port visit when the collision occurred," according to the U.S. Navy. Ten sailors remain missing, and the Navy says some remains have been recovered at sea, as well as by divers undertaking recovery operations inside the ship.

The crash marked the fourth time this year that a warship in the U.S. Navy's Pacific fleet suffered a mishap. Three ships have been involved in collisions, while one ran aground.

On Wednesday, the U.S. Navy said it fired Vice Adm. Joseph Aucoin, the commander of its Seventh Fleet, headquartered in Japan, "due to a loss of confidence in his ability to command." His position has been filled by Vice Adm. Phil Sawyer.

Following the mishaps, Adm. John Richardson, chief of U.S. naval operations, ordered a full review. "He [Richardson] is going to look at all factors, not just the immediate ones which will fall rightly under the fleet commander's investigation of what happened to his ship," U.S. Secretary of Defense Jim Mattis said in a Monday press conference.

Richardson says all potential explanations for the collisions are being explored, but so far there is no sign that any "cyber intrusion or sabotage" occurred.

Even Malware No Smoking Gun

Information security expert Jake Williams, founder of U.S. cybersecurity firm RenditionSec, and an exploit development instructor for SANS Institute, believes it's extremely unlikely that the Navy ship mishaps are due to anything related to cybersecurity.

"It's important that we note that even if malware were found in the control systems of the ship, that doesn't mean it caused the crash," Williams says via Twitter. "The ship control (and other systems) would be cyber key terrain and we should expect hacking for intel. But causing a crash? Nope."

U.S. Navy Adm. Scott Swift said in a Tuesday press conference that all Seventh Fleet ships will cease operations - in staggered fashion - by August 28 so that their crews can review "navigation, ships' mechanical systems and bridge resource management."

Bridge resource management, or BRM, is a maritime safety and error management tool that involves training crews to make use of all available equipment, information and human resources to ensure they operate a vessel safely.

The reference to BRM may indicate the direction in which the Navy's investigation is heading.

Military GPS: Tough to Jam

Another potential explanation for the crashes might involve jamming warships' GPS. But experts say the U.S. military uses a version of GPS that is encrypted, and that it would be very difficult - although not impossible - for an adversary to disrupt.

Still, many experts believe that the most likely cause of the U.S. Navy's warship mishaps remains human error, potentially caused by sleep deprivation.

"The balance of the evidence still leads me to believe that it was crew negligence as the most likely explanation - and I hate to say that because I hate to think that the Navy fleet was negligent," University of Texas at Austin aerospace professor Todd Humphreys, who studies GPS security issues, tells USA Today.



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network