Ship Navigation risks: defining the threat of GPS spoofing
The shipping industry has been aware of the threat of GPS spoofing for years, but one incident in 2017 pushed the issue higher up the global news agenda. In June of that year, at least 20 vessels in the Black Sea, in the vicinity of Novorossiysk Commercial Sea Port, reported that their automatic identification system (AIS) traces erroneously showed their position as Gelendzhik Airport, around 32km inland.
The large number of vessels involved and the fact that all of the ships’ tracking systems placed them in the same nonsensical location, led to informed speculation – still unconfirmed officially – that the incident could be attributed to Russian testing of satellite navigation spoofing technology as part of its electronic warfare arsenal.
“My gut feeling is that this is a test of a system which will be used in anger at some other time,” the UK Royal Institute of Navigation’s former president David Last (FRIN) told New Scientist in 2017.
Since then, there have been persistent concerns that the shipping industry may be vulnerable to GPS spoofing, raising the risk of keeping ships at sea longer than necessary to clear the confusion, as occurred in the Black Sea, or even dangerous scenarios such as ship collisions, either with other ships or with land.
Earlier this year, UK-based cyber vulnerability testing firm Pen Test Partners released information from a demonstration at the Infosecurity Europe conference, where the company’s researchers showed how electronic chart systems could be hacked to spoof the size and location of vessels. This, they argued, could cause chaos in a busy shipping lane such as the English Channel.
So what exactly is GPS spoofing, what threat does it pose to shipping, and what action should the industry be taking to reduce the risk?