The Strategist
The Curious Case of USS McCain
04 Oct, 2017 · 5376
Vice Admiral (Retd) Vijay Shankar considers the vulnerabilities of computerised warship systems to cyber-attacks
On 21 August 2017, in the darkness of astronomical twilight, USS John S McCain, a destroyer bound for Singapore after a sensitive ‘freedom-of-navigation’ operation off one of China’s illegal man-made islands in the South China Sea (SCS), collided with a 30,000-ton oil and chemical tanker, Alnic MC, in the eastern approaches to Singapore. 10 sailors lost their lives in the collision while the hull of the ill-fated McCain was stricken by a large trapezium-shaped puncture on its port quarter abaft the after stack. The greater base of the trapezium was below the waterline and extended at least 40 feet along the hull to a height of 15 feet. Two months earlier, a similar collision involving another Arleigh Burke destroyer could advance a more-than-accident theory.
Initial reports suggest a loss of course-keeping control caused the McCain's fatal collision. That, and the computer-aided nature of the ship's steering and navigation system, has led to the conjecture that McCain’s manoeuvring system may have been 'hacked' and then manipulated to force a deliberate collision.
The Singapore Strait extends between the Strait of Malacca and the SCS in the east. The Strait is about 8 nautical miles (15 km) wide and lies between Singapore Island and the Riau Islands (Indonesia) to the south. It is one of the world’s busiest shipping routes. The Maritime and Port Authority of Singapore (MPA) periodically warns mariners of the special rules applicable for safe pilotage in these waters. In one of its marine circulars, it draws attention to the traffic separation scheme (TSS) and the hazardous character of these waters. By law, the significant burden placed on vessels is: to proceed in the appropriate traffic lane in the general direction of flow; to keep clear of traffic separation lines or zones; and cardinally, masters of vessels are warned to take extra precautions and proceed at a safe speed. In determining safe speed, experience advocates several factors be considered, which, in addition to traffic density, include: state of visibility; manoeuvrability of the vessel; state of wind, sea and current; proximity of navigational hazards and draught in relation to the available depth of water. In the circumstance, the prudent mariner very quickly appreciates that the primary hazard presented by the narrows is not geography, but density of traffic and the perils of disorderly movement. On an average, 200-220 ships transit this passage daily of which more than 100 are restricted in their ability to manoeuvre due to deep draught.
The organisation on board a warship for negotiating such waters are the Special Sea Dutymen; a group of highly specialised and trained personnel charged with manning critical control positions involved in evolutions that potentially could endanger the ship, such as berthing, transiting pilotage waters and close-quarter manoeuvring. Instancy of human judgement and fail-safe control are key.
A standard fit on most United States Navy (USN) warships is the Integrated Platform Management Systems (IPMS). It uses advanced computer-based technology comprising sensors, actuators, data processing for information display and control operations. Its vital virtue is distant remote control through commercial off-the-shelf elements (some may argue its 'critical vulnerability'). Modern shipping, for reasons only of economy, was quick to adopt the system. Warships systems, however, demand redundancy, reliability, survivability and unremitting operations; all of which militate against cost-cutting expediencies. Incidentally, the Indian Navy, as early as May 1997, introduced the IPMS as a part of Project ‘Budhiman’ with the proviso that it would not intrude into critical control and combat functions.
The extent to which the IPMS had penetrated systems on-board the USS McCain is not entirely clear, but it is well known that in the last two decades, the USN has resorted to deep cuts in manpower and invested heavily in control automation. Inferences are evident.
On 21 August, nautical twilight was at 0618 hrs (all times Singapore standard), the moon was in its last quarter, and moon rise was at 0623 hrs. It was dark, however, visibility was good and the sea calm. Collision occurred at 0524 hrs; USS McCain was breached on the port side causing extensive flooding. Examination of the track generated by the Automatic Identification System (AIS) video indicates the Alnic MC approaching Singapore’s easternmost TSS; about 56 nautical miles east of Singapore, at a speed of 9 knots, when it suddenly crash stopped and turned hard to port, could be assumed to be the result of the collision. Unfortunately, as military vessels do not transmit AIS data, the track of the McCain is not available. However, since the McCain was headed for Singapore it is reasonable to assume that it was overtaking the slow tanker from the latter’s starboard side when it lost steering control and effected an unbridled turn over the tanker’s bulbous bows. The trapezoid form of the rupture and elongation aft would suggest events as mentioned rather than a north south crossing by the destroyer at the time of collision (after all, the destination was Singapore).
Coincidentally, two Chinese merchantmen, the Guang Zhou Wan and the Long Hu San, were in close proximity through the episode. Was that a chance presence? Or, does it add to the probability of deliberate cyber engineering of the mishap? And, why else other than to damage the strategic credibility of the USN deployed in tense conditions in the South and East China Seas? Or was it, indeed, a case of gross crew incompetence? While time and ‘sub-rosa’ inquiries could put to rest speculations, vulnerabilities of highly computerised warship systems to cyber attacks may well remain the albatross around the operational commander’s neck.
Initial reports suggest a loss of course-keeping control caused the McCain's fatal collision. That, and the computer-aided nature of the ship's steering and navigation system, has led to the conjecture that McCain’s manoeuvring system may have been 'hacked' and then manipulated to force a deliberate collision.
The Singapore Strait extends between the Strait of Malacca and the SCS in the east. The Strait is about 8 nautical miles (15 km) wide and lies between Singapore Island and the Riau Islands (Indonesia) to the south. It is one of the world’s busiest shipping routes. The Maritime and Port Authority of Singapore (MPA) periodically warns mariners of the special rules applicable for safe pilotage in these waters. In one of its marine circulars, it draws attention to the traffic separation scheme (TSS) and the hazardous character of these waters. By law, the significant burden placed on vessels is: to proceed in the appropriate traffic lane in the general direction of flow; to keep clear of traffic separation lines or zones; and cardinally, masters of vessels are warned to take extra precautions and proceed at a safe speed. In determining safe speed, experience advocates several factors be considered, which, in addition to traffic density, include: state of visibility; manoeuvrability of the vessel; state of wind, sea and current; proximity of navigational hazards and draught in relation to the available depth of water. In the circumstance, the prudent mariner very quickly appreciates that the primary hazard presented by the narrows is not geography, but density of traffic and the perils of disorderly movement. On an average, 200-220 ships transit this passage daily of which more than 100 are restricted in their ability to manoeuvre due to deep draught.
The organisation on board a warship for negotiating such waters are the Special Sea Dutymen; a group of highly specialised and trained personnel charged with manning critical control positions involved in evolutions that potentially could endanger the ship, such as berthing, transiting pilotage waters and close-quarter manoeuvring. Instancy of human judgement and fail-safe control are key.
A standard fit on most United States Navy (USN) warships is the Integrated Platform Management Systems (IPMS). It uses advanced computer-based technology comprising sensors, actuators, data processing for information display and control operations. Its vital virtue is distant remote control through commercial off-the-shelf elements (some may argue its 'critical vulnerability'). Modern shipping, for reasons only of economy, was quick to adopt the system. Warships systems, however, demand redundancy, reliability, survivability and unremitting operations; all of which militate against cost-cutting expediencies. Incidentally, the Indian Navy, as early as May 1997, introduced the IPMS as a part of Project ‘Budhiman’ with the proviso that it would not intrude into critical control and combat functions.
The extent to which the IPMS had penetrated systems on-board the USS McCain is not entirely clear, but it is well known that in the last two decades, the USN has resorted to deep cuts in manpower and invested heavily in control automation. Inferences are evident.
On 21 August, nautical twilight was at 0618 hrs (all times Singapore standard), the moon was in its last quarter, and moon rise was at 0623 hrs. It was dark, however, visibility was good and the sea calm. Collision occurred at 0524 hrs; USS McCain was breached on the port side causing extensive flooding. Examination of the track generated by the Automatic Identification System (AIS) video indicates the Alnic MC approaching Singapore’s easternmost TSS; about 56 nautical miles east of Singapore, at a speed of 9 knots, when it suddenly crash stopped and turned hard to port, could be assumed to be the result of the collision. Unfortunately, as military vessels do not transmit AIS data, the track of the McCain is not available. However, since the McCain was headed for Singapore it is reasonable to assume that it was overtaking the slow tanker from the latter’s starboard side when it lost steering control and effected an unbridled turn over the tanker’s bulbous bows. The trapezoid form of the rupture and elongation aft would suggest events as mentioned rather than a north south crossing by the destroyer at the time of collision (after all, the destination was Singapore).
Coincidentally, two Chinese merchantmen, the Guang Zhou Wan and the Long Hu San, were in close proximity through the episode. Was that a chance presence? Or, does it add to the probability of deliberate cyber engineering of the mishap? And, why else other than to damage the strategic credibility of the USN deployed in tense conditions in the South and East China Seas? Or was it, indeed, a case of gross crew incompetence? While time and ‘sub-rosa’ inquiries could put to rest speculations, vulnerabilities of highly computerised warship systems to cyber attacks may well remain the albatross around the operational commander’s neck.
POPULAR COMMENTARIES
