Friday, February 14, 2020

Understanding GPS spoofing in shipping: How to stay protected

The weak signals sent by orbiting satellites can be easily swamped and spoofed
ESA

From Safety4Sea

Knowing exactly where you’re sailing and where to sail next is the most important part of a vessel’s navigation which can be accomplished by the use of GPS.
Yet, what happens when your GPS gets spoofed?
GPS spoofing, often leading to GPS outages, causes major disruptions to the shipping industry impacting safe navigation, leading to paralyzed shipping lanes, collisions and untraceable attacks.


GPS spoofing

The attack tries to deceive a GPS receiver by broadcasting fake GPS signals, which resemble normal signals, or by broadcasting genuine signals captured elsewhere or at a different time.

This act causes the receiver to believe its position to be somewhere else than where it is, or to be located where it is but at a different time, as determined by the attacker.

NOAA explains that a GPS consists of three systems:
  • Satellites: Satellites act like the stars in constellations—we know where they are supposed to be at any given time.
  • Ground stations: They monitor and control the satellites, and they help determine their locations—both where they were and where they are forecast to be.
  • Receivers: A receiver, like you might find in your phone or in your car, is constantly listening for signals from these satellites, which can be used like a giant tape measure between the receiver and satellites.
Last year, the maritime sector experienced disruptions in navigation caused by GPS interferences, with some, such as the GPS attacks in the Strait of Hormuz, being called ‘strategical’ attacks, with US believing that Iran was to blame.

2019 incidents

The most often places that the attacks occurred were Eastern, Central Mediterranean Sea, Suez Canal and the Strait of Hormuz.

a) People’s Republic of China

The latest GPS outage that caught the shipping’s eye was in 2020, when it was reported that the People’s Republic of China observed a number of GPS spoofing incidents in and around coastal areas and ports.

What happened was that the Centre for Advanced Defense Studies (C4ADS) examined the AIS data in the area and found out that hundreds of vessels were spoofed, with the activity being ongoing for months against vessels across Shanghai simultaneously and mostly vessels navigating the Huangpu River.

b) Eastern, Central Mediterranean Sea, Suez Canal

The US Maritime Administration (US MARAD) alerted the shipping industry that they received reports about GPS interference incidents in the Eastern and Central Mediterranean Sea, and Suez Canal resulting to lost GPS signals that seriously affected the vessel's navigation and operations.

The alert was about GPS interference reported between Libya and Malta, specifically in areas offshore of Libya and to the east and the northwest of Malta.

Also, in the Eastern Mediterranean, these reports were concentrated near Port Said, Egypt, the Suez Canal, and in the vicinity of the Republic of Cyprus.

Instances of similar interference were also reported between Hadera, Israel and Beirut, Lebanon.

c) Strait of Hormuz

The area was a hot spot for attacks either against ships or against their GPS systems; the attacks against commercial vessels, the shooting down of a US Navy drone and of an Iranian drone, while also the seizure of the UK-flagged 'Stena Impero' by Iranian authorities seriously affected shipping navigation and trade in the area.

In addition to the above attacks, it was reported that ships that were sailing in the region experienced unusual GPS interference.

Consequently, the US MARAD warned that ships operating in the Persian Gulf, Strait of Hormuz, and Gulf of Oman may also encounter GPS interference, bridge-to-bridge communications spoofing or other communications jamming with little to no warning.

 C4ADS Research shows GPS spoofing detected via AIS data

Report states that Russia’s GPS spoofing threatens shipping

In the meantime, on the same year a report by C4ADS revealed that Russian GPS spoofing threatened the safe navigation of vessels.

C4ADS and UT Texas determine the location of a GPS spoofer in Syria via ISS GPS data

Specifically, the non-profit analytical group used publicly available data and commercial technologies, analyzed patterns of GNSS spoofing in the Russian Federation, Crimea, and Syria, which revealed that the Russian Federation is developing an advantage in the targeted use and development of GNSS spoofing capabilities to achieve tactical and strategic objectives at home and abroad.

 Black Sea spoofing activity (Jan 2016 - Nov 2018)

GPS spoofing attack that caught shipping’s eye

A serious GPS spoofing incident took place in 2017 when approximately 20 vessels experienced GPS spoofing while sailing through the northeast portion of the Black Sea.

Concerning the incident, a master that was sailing in the Black Sea contacted the US Coast Guard Navigation Center (NAVCEN) to report the disruption, as his GPS put him in the wrong spot than where he actually was.
The master understood that there was something wrong with the GPS after contacting other vessels nearby, which experienced same problems.

Referring to the dangers of GPS spoofing incidents, CHIRP highlighted that crews should not be solely reliant to technological means and advises that they should cross-check with other independent and reliable navigation techniques.
CHIRP Maritime has repeatedly highlighted the importance of traditional navigation and keeping a good lookout. It is imperative that critical sections of every passage are carefully planned and executed.

Overall, GPS is a crucial tool for a safe navigation, helping the master and the crew understand the vessel’s position and direction.
Therefore, key shipping stakeholders provided recommendations and steps to be taken to deal with this kind of incidents.

The Fugro Oceanstar system detects when a vessel’s position is being manipulated, if there is a cyber-attack, it will trigger a spoofing alarm to alert the crew.

In essence, it is recommended to:
Report such incidents in real time, providing detailed information of the vessel, as the location, date, time and duration of the outage/disruption.
Provide photographs or screenshots of equipment failures that may help with the analysis of the incident.
Make sure that the navigators are fully aware of a potential GPS jamming and spoofing and the differences between the two and how and what ship's equipment they will affect.
Ensure navigators can use other means of fixing the vessel's position without the use of GPS.
Make sure that navigators have the knowledge on using a variety of position fixing methods in order to cross check the vessel’s position and accuracy of the GPS location being shown.
Be always informed of specific ‘sensitive’ areas that you are about to sail by and exercise caution.

Concluding, urging the shipping industry to take action against GPS outage, 14 maritime organizations sent a letter to the USCG’s Commandant Karl Schultz, asking that the issue of 'deliberate interference' with America’s Global Positioning System (GPS) and other Global Navigation Satellite Systems (GNSS) signals to be resolved.
We request that you raise the urgent issue of deliberate interference with America’s Global Positioning System (GPS) and other Global Navigation Satellite Systems (GNSS) signals at the upcoming 122nd session of IMO Council from July 15th to 19th 2019

… the letter stated.

Links :

No comments:

Post a Comment