Middle East shipping faces growing cybersecurity, GPS jamming risks

As geopolitical tensions mount in the Middle East, so too are concerns that shippers in the region will soon be subjected to GPS interference and cyberattacks.

The shipping industry, historically slow at adopting new technologies, is in the midst of a digital transformation. The introduction of the internet in the 1990s gave impetus to the adoption of new technology, including implementation of GPS (Global Positioning System), a satellite navigation system set up originally by the U.S. Government for military purposes. 

From helping vessels navigate crowded sea routes to allowing the tracking and mapping of oil spills in the middle of the ocean, GPS has now become ubiquitous in the global maritime industry — so much so that a 30-day loss of the satellite-based navigation system could cost the industry up to $14.6 billion, according to a recent study by RTI International.

GPS has flaws

While GPS has revolutionized transportation and enabled the development of technologies such as the Automatic Identification System (AIS), it suffers from many flaws. The navigation technology is susceptible to signal loss from weather effects as well as radio and satellite interference, but the problem that poses the biggest threat to the shipping industry is GPS jamming. This occurs when a transmitter with the same frequency as the one on a vessel is used to interfere with the satellite signal, resulting in a jam that overwhelms the system.

“There have been many reports of instances where GPS has been made unusable through unintentional interference and more nefarious means of hostile actors,” said Duke Buckner, senior director strategy and business development from Microsemi’s Frequency and Time division.

GPS interference has emerged as a major security risk for ships in recent years. In 2016, South Korean fishing vessels returned early to port after their GPS signal were jammed, according to media reports. Similar disruptions have also been reported from the Black Sea and the Mediterranean sea.

“The Persian Gulf is an example of a targeted area that has military or economic impact to be gained by interfering with radio navigation signals,” Buckner said.

Maritime agency issues GPS warning

The impact of GPS interference on the shipping industry has so far been limited, but an advisory issued by a U.S. maritime regulator warning about possible GPS disruptions in the Persian Gulf could be a serious source of concern for shippers in the region.

The Strait of Hormuz, which is located between Oman and Iran, connects the Persian Gulf with the Gulf of Oman and is the world’s most important oil transit choke-point. In 2018, its daily oil flow averaged 21 million barrels per day or the equivalent of about 21 percent of global petroleum liquids consumption, according to the U.S. Energy Information Administration.

The U.S. regulator’s warning came after the May 12 attacks this year against four commercial vessels in the vicinity of the anchorage off Fujairah, United Arab Emirates. Tensions between Iran and the West have since escalated and threaten to cast a shadow over maritime trading in the resource-rich region.

“Attacks from state and non-state actors occur at the weakest link in the security ecosystem, which in many cases happen through network intrusion,” defense-focused venture capital firm Overwatch Capital’s Chief Executive Steven Muntean said.

To sailors and port officials in the Middle East and other possible conflict zones, Microsemi’s Buckner recommends researching traditional navigational tactics such as dead reckoning and celestial navigation, which are impervious to cyberattacks. “So, one knows if instrumentation is providing accurate information,” he added. “Trust, but verify.”

But despite its apparent weaknesses, the industry will likely rely on GPS for a while. It provides the fastest and most accurate method for mariners to navigate, measure speed, and determine location. The previously used technology, called Long Range Navigation (LORAN) is accurate to only a mile, while other sensor or radar alternatives are limited by geographic and weather conditions.

A case for GPS alternatives

Some governments are pushing for the deployment of eLoran (Enhanced Long Range Navigation), which has an additional channel to communicate corrections, warnings, and signal integrity information to users. Compared to GPS, which is transmitted from a satellite 12,550 miles above the Earth, eLoran has a much stronger signal, making it harder to jam or spoof.

However, many countries are reluctant to shell out money to build new radio transmitter stations or upgrade older ones required for eLoran’s proliferation, arresting the development of the nascent technology.

Most recently, the Galileo satellite navigation system, which is considered Europe’s answer to the GPS, was hit by a one-week outage. It is one of the four space-based navigation networks with global reach, along with the GPS, Russia’s Global Navigation Satellite System (GLONASS) and China’s Beidou.

“GPS is far and above the best Position, Navigation and Timing (PNT) service available, it remains ubiquitous, and most importantly, free for civilian use,” Buckner said, but added that the industry will have to undergo a transformation to become less reliant on a single reference for navigation.

IT adoption opens doors to cybercriminals

The need for better cybersecurity also emerges from the changing nature of the maritime industry. In just the last few years, companies and governments have begun using software to run operations like cargo handling, port systems and other automated processes, helping them cut costs, but also opening the door to cybercriminals.

This was demonstrated in 2017 when the Petya ransomware caused havoc around the world, seriously affecting world’s largest container ship and supply vessel conglomerate,  AP Moller Maersk. The breach affected all of the company’s business units and disrupted port operations around the world.

On another occasion, between 2011 to 2013, hackers working with a gang were infiltrating the IT systems of the Port of Antwerp to locate the containers in which consignments of drugs had been hidden. The gang would then drive the containers from the port, retrieve the drugs and cover their tracks.

“It is likely we will see more cyberthreats continue to emerge until a consolidated industry effort is established,” Overwatch’s Muntean said.