The growing risk of cyberattacks on ships’ navigation systems is prompting countries to look back to radio-based alternatives, built on World War Two-era technology.
The predominance of GPS and other Global Navigation Satellite Systems (GNSS), coupled with the loss of traditional mapping skills amongst sailors, is leading to a shipping industry that is increasingly vulnerable to being undermined by hackers.
As Reuters reports, South Korea is currently developing a more secure alternative, with the US and Russia both indicating plans to do something similar, all around the radio-based navigation technology eLoran.
The eLoran system is an enhanced version of Loran (Long range navigation), developed by the US during World War Two. While GNSS signals offer precise locations, they are also relatively weak and it doesn’t take much to jam them or spoof a new set of directions. eLoran is roughly 1.3 million times stronger, and any potential hackers would need a large antenna and powerful transmitter to attempt to jam it.
Lee Byeong-gon, an official at South Korea’s Ministry of Oceans and Fisheries, told Reuters that the government is working on three eLoran test sites by 2019. He also noted that there is opposition from local residents at one of the sites, on Gangwha Island, who are “strongly opposed to having a 122 to 137 meter-high antenna” close to their homes.
In addition to the aesthetics of large eLoran transmitters, the cost for building a cohesive network has also dissuaded several governments – notably those in Europe – from investing in the technology.
Despite the barriers to building land-based transmitting stations, the perceived risk around the shipping industry’s reliance on GPS is leading a number of countries to follow South Korea’s example. In the US a bill to establish an eLoran system is waiting to go to the Senate, while Russia is aiming to establish its own version of eLoran, called eChayka.
The UK and Ireland’s General Lighthouse Authorities conducted trials of eLoran, but a lack of comparable interest from other European countries meant the initiative failed to gain traction. Britain has one eLoran transmitter in the north of England, and experts say at least one other base on the British mainland would be needed to create a shipping timing service. To do that would require a certain level of commitment from the UK government.
It may be the case that cyberattacks on shipping routes will eventually force government backing. In July, for example, a security researcher with the handle x0rz was able to connect to a ship as an admin using Shodan, a search engine for the Internet of Things.
“My tweets explain that you just need to search on Shodan, connect to the interface, login with default credentials and voilà, you’re in,” x0rz told Alphr, adding that only a few ships seemed to be vulnerable.
Shodan now live tracking ships via VSAT antennas exposing web services %uD83E%uDD26%u200D%u2642%uFE0F https://t.co/WTtc7tAvYz #OSINT#shodan pic.twitter.com/Ap5hW5EijX
— x0rz (@x0rz) July 18, 2017
Shipping aside, the move towards digital networks has raised problems for other core infrastructures. The UK rail network has been the victim of multiple major cyberattacks over the past couple of years. Following a report in 2016 about security breaches to the railways, Sergey Gordeychik – a security researcher at Kaspersky Lab in Moscow – said that if hackers were able to control elements such as signal lights they could “create real disaster”.
“Hackers can get access not only to simple things like online information boards or in-train entertainment, but also to computer systems which manage trains by itself, which manage signals, manage points, and in this case, if they have enough knowledge, then they can create real disaster related to train safety,” said Gordeychik.
The return of archaic systems could be one way to create backups to vulnerable digital systems. It’s certainly proved itself useful for authorities that wish to purposefully slowdown processes. A number of US institutions, including the FBI, the CIA and DARPA have all ditched emails for Freedom of Information Act (FOIA) requests, in favour of fax machines. A lawsuit last year alleged that the FBI intentionally used computer systems dating from the 1980s to create technological roadblocks for FOIA requests.