I crossed the ocean, where no one would see
And I put a time-bomb in your submarine;
Goodbye to old friends, the secret’s in hand
With phonied up papers, and counterfeit plans…
Alice Cooper, from “Halo of Flies“
“Pay no attention to the man behind the curtain!“
Noel Langley, from “The Wizard of Oz“
I’ve been wanting to get to this story for some time, but things – like work – keep getting in the way. I would have much preferred to get it out there while it was hot off the press: but even now that it has cooled a bit, it remains evident that western automatic disparagement of anything Russian has metastasized to the point that westerners dare not use a Russian-made spoon to eat their breakfast, lest it lunge at your face in its idiot violence and put your eye out. Russian policy is reckless and destructive, Russian-made coronavirus vaccines are just cheap weapons supporting its pursuit of linebacker diplomacy, and even the most innocent-appearing technology produced by the benighted country is infected with menace.
Consider Deutsche Welle‘s squeals of panic (actually, they are squealing in panic over a story which originally appeared in Bild, implying a general German-media panic) over the installation in German military vessels – even, ich kann es nicht glauben, submarines! – of Russian-built navigational aids. Sohn einer Hündin! What were the naval architects thinking?? Did they not realize the Russians build backdoors and exploitable vulnerabilities into the simplest devices, so that they can later make you chop your finger off, or drive into a wall or something??
The British press was quick to pick it up – absolutely unacceptable, old chap. Those systems must be ripped out as quickly as it can be carried out, and replaced with reliable NATO systems made by an honest western manufacturer.
The thing is, Transas – the maker of these Navaids (a portmanteu of ‘navigational aids’) – builds about 35% of the navigational systems used by world shipping, and about 45% of the trainers. The company was acquired by Wartsila of Finland in 2018, but the defense division remains Russian. It sounds to me as though the alarm was perhaps raised by some commercial entity which builds similar systems, and which would like to see its global market share rise by 35%.
What are we talking about here? The Transas Navi-Sailor 4100 is an ECDIS system, an acronym typically pronounced ‘Ekk-Diss’; an Electronic Chart Display Information System. It replaces the drawers of paper charts ships used to have to carry, and update, for routine navigation. If you regularly travel the same route, as many commercial carriers do, you can write and save the route in ECDIS that offers the best compromise between speed and safety, incorporate and display known shoals and navigation hazards; a saved route appears as an overlay with a dotted red line and the helmsman simply has to follow it, making course corrections at waypoints which account for the speed and maneuverability of your vessel. You can select route monitoring, and the system will warn you if you stray outside the designated safety corridor, much as rumble strips on the side of the pavement alert you if you are drifting off the highway. Although the latter usually make you scream and shit your pants, especially if you have dozed off while driving. ECDIS monitors everything that contributes to the current accuracy of the system, including if your charts are out of date, your AIS (Automatic Identification System) is inactive, your applied helm exceeds the recommended turn rate, and notifies you that you are coming up to a critical point which may require you to make a log entry. You can select ETA (Estimated Time of Arrival) and ECDIS will figure it out for you on the assumption that your current route and speed are the values you intend to use. It is like a Second Officer on the bridge who never sleeps and knows everything.
The overlays you select to provide the chart you need for navigation are stored on the system; the symbol which represents you and moves about on the chart takes its feed from GPS – most commonly – or the ship’s Inertial Navigation System (INS), which is a gyrocompass incorporating dead reckoning, using accelerometers and starting from a known position.
You can pursue ECDIS and INS systems on your own; nothing like education to broaden your mind. But the intent of this post is more to alert you that once again, the west is being abysmally stupid, and apparently assumes you are, too.
“The Bild report claims that the system’s data encryption does not comply with military security standards, in an apparent reference to NATO, of which Germany is a member.
“During a worst-case cyberattack, navigation data could be hacked and the ship could fully lose operability,” Bild quoted an unnamed officer as saying. The report also pointed out that Russia sometimes carries out naval maneuvers close to Germany’s Baltic Sea coastline.”
What would be the point of data encryption in a navigation system? Is the Rock of Gibraltar a British secret? Do the Russians have to ask for a special map to find their way through the English Channel? Navigational information for the oceans and seas of the world is international property. Do commercial vessels making their way into Golden Horn Bay at Vladivostok have to wait out at sea until the FSB sends a special cloak-and-dagger operative to guide them in? Hardly. Maybe a pilot, but it is not unusual for harbors to require a pilot’s services for arriving shipping and the pilot uses charts that are available to everyone. ECDIS is just an electronic locker of charts which are readily available to anyone.
Which brings us to the moving symbol on the overlay, which represents the ship or submarine you are standing on. That movement which tells you where you are on the face of the earth comes from GPS. While you’re on the surface. Can submarines receive GPS while they are submerged? Nope. INS only. Can the Russians hack your INS? What do you think?
The reporting sources seem super-excited about the possibility of Putin moving around German submarines at his evil pleasure, maybe making them collide with one another, to the accompaniment of ominous balalaika music. No wonder the imaginary officer who told Bild that ‘navigation data could be hacked and the ship could fully lose operability’ was unnamed. The filtering process that is supposed to catch idiots before they get promoted high enough to be dangerous was obviously down for maintenance that day. Suppose your ECDIS told you there was an island looming in front of you, and you were about to crash into it – that’s what bridge windows are for. You might be on a submarine, and it’s quite true they don’t have windows, but when they are submerged they are not working on GPS data anyway. While we’re on that subject, where do the Russians get their GPS feed from? Oh, that’s right – GLONASS. They know very well that if they relied on GPS for long-range targeting, the west would just mess with their GPS feed. The systems they build are probably capable of receiving both, but international users probably use GPS. I’m sure Russia is capable of jamming GPS, but it has never been observed doing it, and submarines don’t receive GPS while submerged.
This might be a good place for a simple summary. The system the Germans are shrieking about is ECDIS, a chart-display system which uses electronic overlays to call up charts for whatever area you want to navigate. It does not inject the moving symbol which represents you – that comes from GPS, and you still have your own radar slaved to the ECDIS, so you have raw video from that as well to confirm your position in relation to other contacts. Although the Transas Navi-Sailor 4100 is built by Russia, it is not a replacement for radar, Russia cannot hack your INS feed, and Russia does not even use GPS for most navigational applications. The International Maritime Organization (IMO) directs that by law, all commercial ships must install and use ECDIS (the general implementation period ran from 2012 to 2018), and maritime law clearly states that all international vessels must carry current charts aboard in some form. They can be paper or electronic, but if electronic, updates must be regularly downloaded. Only charts approved by governments can be considered official. The ECDIS systems Bild is screeching about have been in the German vessels since 2005 – over 15 years of updates have been downloaded without anyone in NATO expressing the slightest alarm.
Did I say you cannot hack GPS? I certainly didn’t. Because you can. Some of those who can do it are sufficiently proud that they want you to know about it, and they would be the usual suspects.
Naval Dome cybersecurity – I’m imagining your surprise – is located in Israel. And they want you to know that not only can GPS be hacked, it’s not even difficult. According to Naval Dome’s Chief Technical Officer,
“We succeed in penetrating the system simply by sending an email to the Captain’s computer.
We designed the attack to alter the vessel’s position at a critical point during an intended voyage – during night-time passage through a narrow canal. During the attack, the system’s display looked normal, but it was deceiving the Officer of the Watch. The actual situation was completely different to the one on screen. If the vessel had been operational, it would have almost certainly run aground.”
He goes on to explain that Naval Dome incorporated a viral attack concealed in the email, which installed itself as an ECDIS update. The company was also able to corrupt and falsify the radar picture through the Ethernet Switch Interface, which connects the radar to the ECDIS, so that the original attack also affected the radar. Finally, they were able to override the Machinery Control System (MCS), although this would be much harder to duplicate as it was done by means of an infected USB stick. German military vessels typically employ some pretty strict access control, and such an act of sabotage would likely have to be carried out by someone posing as a civilian contractor during refit, or by a traitor in the employ of a hostile government.
The fairly-obvious objective of this exercise is to terrify shipping-line owners that their vessels could be turned into maritime twin-towers airliners, and manipulated to cause terrible loss of life and incalculable property damage. All of which could be avoided by…ahem…contracting Naval Dome cybersecurity to consult and harden your ECDIS system against penetration.
I propose several points for consideration. One, there is absolutely no reason to imagine the ECDIS systems supplied to Germany by Russia have concealed electronic traps incorporated which would let the Russians manipulate and remotely control German ships and submarines. They have been in place for more than 15 years without any such incidents. Two, submarines submerged do not use GPS information, proceeding under INS guidance which does not have external input other than vessel motion. Three, while Russia has not ever been reported for attempts to manipulate GPS information or to interfere with ECDIS data or chart updates which are not likely downloaded from Russian sources anyway – ECDIS is international and it is a bit of a stretch to imagine the German government approved military chart downloads for German use from Russia – the Israelis have acknowledged that they are capable of doing it, and are actually quite chuffed with the results. Four, you can maybe save yourself a great deal of money by not opening any unsolicited email unless you are sure where it originated, and Five, Russia is probably luckier than it realizes because it uses GLONASS for military applications rather than GPS.