Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations
US Navy Collisions: Don't Bet on Hacking
Human Error Remains Most Likely Explanation, Experts SayEvery time airport systems go down, leading to flight disruptions and delays; power grids crash, leading to blackouts; or online services such as Amazon Web Services, Twitter or Facebook become unreachable, leading to mass panic, a bevy of news stories will inevitably and ask in breathless fashion: "Was it a hack attack?"
See Also: How to Take the Complexity Out of Cybersecurity
That's despite history proving that statistically speaking, squirrels, birds, rats and even jellyfish - not to mention human error - remain the much more likely cause of outages, rather than any type of cyberattack.
Keep that in mind as the U.S. Navy investigates the Monday collision between USS John S. McCain, a guided-missile destroyer, and the merchant vessel Alnic MC, a Liberian-flagged, 600-foot-long oil and chemical tanker with a dead weight of 50,760 tons.
Total Successful Cyber War Operations
The destroyer "was transiting to Singapore for a routine port visit when the collision occurred," according to the U.S. Navy. Ten sailors remain missing, and the Navy says some remains have been recovered at sea, as well as by divers undertaking recovery operations inside the ship.
The crash marked the fourth time this year that a warship in the U.S. Navy's Pacific fleet suffered a mishap. Three ships have been involved in collisions, while one ran aground.
On Wednesday, the U.S. Navy said it fired Vice Adm. Joseph Aucoin, the commander of its Seventh Fleet, headquartered in Japan, "due to a loss of confidence in his ability to command." His position has been filled by Vice Adm. Phil Sawyer.
Following the mishaps, Adm. John Richardson, chief of U.S. naval operations, ordered a full review. "He [Richardson] is going to look at all factors, not just the immediate ones which will fall rightly under the fleet commander's investigation of what happened to his ship," U.S. Secretary of Defense Jim Mattis said in a Monday press conference.
Richardson says all potential explanations for the collisions are being explored, but so far there is no sign that any "cyber intrusion or sabotage" occurred.
2 clarify Re: possibility of cyber intrusion or sabotage, no indications right now...but review will consider all possibilities
— Adm. John Richardson (@CNORichardson) August 21, 2017
Even Malware No Smoking Gun
Information security expert Jake Williams, founder of U.S. cybersecurity firm RenditionSec, and an exploit development instructor for SANS Institute, believes it's extremely unlikely that the Navy ship mishaps are due to anything related to cybersecurity.
"It's important that we note that even if malware were found in the control systems of the ship, that doesn't mean it caused the crash," Williams says via Twitter. "The ship control (and other systems) would be cyber key terrain and we should expect hacking for intel. But causing a crash? Nope."
For those continuing the narrative that a cyber attack might be responsible for the navy collision, a reminder that correlation != causation pic.twitter.com/o9bXybD9cd
— Jake Williams (@MalwareJake) August 23, 2017
U.S. Navy Adm. Scott Swift said in a Tuesday press conference that all Seventh Fleet ships will cease operations - in staggered fashion - by August 28 so that their crews can review "navigation, ships' mechanical systems and bridge resource management."
Bridge resource management, or BRM, is a maritime safety and error management tool that involves training crews to make use of all available equipment, information and human resources to ensure they operate a vessel safely.
The reference to BRM may indicate the direction in which the Navy's investigation is heading.
Military GPS: Tough to Jam
Another potential explanation for the crashes might involve jamming warships' GPS. But experts say the U.S. military uses a version of GPS that is encrypted, and that it would be very difficult - although not impossible - for an adversary to disrupt.
Still, many experts believe that the most likely cause of the U.S. Navy's warship mishaps remains human error, potentially caused by sleep deprivation.
"The balance of the evidence still leads me to believe that it was crew negligence as the most likely explanation - and I hate to say that because I hate to think that the Navy fleet was negligent," University of Texas at Austin aerospace professor Todd Humphreys, who studies GPS security issues, tells USA Today.