Can Warships Like the U.S.S. John S. McCain Be Hacked?

The more advanced the military technology, the greater the opportunities for intentional or unintentional failure in a cyberwar. As Scotty says in Star Trek III: The Search for Spock, “The more they overthink the plumbing, the easier it is to stop up the drain.”

In the case of a couple of recent accidents involving the U.S. Navy, the plumbing might actually be the computer systems that control navigation. In mid-August, the destroyer U.S.S. John S. McCain rammed into an oil tanker near Singapore. A month or so earlier, a container ship hit the U.S.S. Fitzgerald off Japan. Why didn’t those hugely sophisticated ships see the much-larger merchant vessels, and move out of the way?

There has been speculation, and only speculation, that both ships might have been victims of cyber foul play, perhaps as a test of offensive capabilities by a hostile state actor. The U.S. Navy has not given a high rating to that possibility, and let’s admit, the odds are against it.

Even so, the military hasn’t dismissed the idea, writes Bill Gertz in the Washington Free Beacon: “On the possibility that China may have triggered the collision, Chinese military writings indicate there are plans to use cyber attacks to “weaken, sabotage, or destroy enemy computer network systems or to degrade their operating effectiveness.” The Chinese military intends to use electronic, cyber, and military influence operations for attacks against military computer systems and networks, and for jamming American precision-guided munitions and the GPS satellites that guide them, according to one Chinese military report.”

The datacenters of those ships are hardened and well protected. Still, given the sophistication of today’s warfare, what if systems are hacked?

Imagine what would happen if, say, foreign powers were able to hack into drones or cruise missiles. This might cause them to crash prematurely, self-destruct, or hit a friendly target, or perhaps even “land” and become captured. What about disruptions to fighter aircraft, such as jets or helicopters? Radar systems? Gear carried by troops?

It’s a chilling thought. It reminds me that many gun owners in the United States, including law enforcement officers, don’t like so-called “smart” pistols that require fingerprint matching before they can fire – because those systems might fail in a crisis, or if the weapon is dropped or becomes wet, leaving the police officer effectively unarmed.

The Council on Foreign Relations published a blog by David P. Fidler, “A Cyber Norms Hypothetical: What If the USS John S. McCain Was Hacked?” In the post, Fidler says, “The Fitzgerald and McCain accidents resulted in significant damage to naval vessels and deaths and injuries to sailors. If done by a foreign nation, then hacking the navigation systems would be an illegal use of force under international law.”

He adds this could lead to war: “In this scenario, the targets were naval vessels not merchant ships, which means the hacking threatened and damaged core national security interests and military assets of the United States. In the peacetime circumstances of these incidents, no nation could argue that such a use of force had a plausible justification under international law. And every country knows the United States reserves the right to use force in self-defense if it is the victim of an illegal use of force.”

Is there precedent? Perhaps. In May and June 2017, two Sukhoi 30 fighter jets belonging to the Indian Air Force crashed – and there was speculation that these were caused by China. In one case, reports Naveen Goud in Cybersecurity Insiders, “The inquiry made by IAF led to the discovery of a fact that the flying aircraft was cyber attacked when it was airborne which led to the death of the two IAF officers- squadron leader D Pankaj and Flight Lieutenant Achudev who were flying the aircraft. The death was caused due to the failure in initiating the ejection process of the pilot’s seat due to a cyber interference caused in the air.”

Let us hope that we’re not entering a phase of active cyberwarfare.