Katherine Dunn investigates maritime risk in the East Mediterranean.
GPS is a pivotal technology for the shipping industry, but is proving vulnerable to malicious interference and military activity.
Download the full S&P Global Platts Insight Magazine here.
Early one Sunday in March 2018, a ship in Port Said, the northern gateway to Egypt’s Suez Canal, suddenly and inexplicably lost all connection to GPS on board.
“All of them affected,” the vessel’s crew wrote in a report to the US Navigation Centre of Excellence (NAVCEN), after a total of seven receivers lost connection to GPS. “Disturbance still continuous.”
The cause of disruption, after an investigation by NAVCEN, was listed as “unknown interference.”
In the following days, vessels in and around Port Said and the Suez Canal reported sudden and unexplainable outages in their GPS, some lasting days, and referenced dozens of vessels in the area experiencing the same problem.
The disruptions were concentrated around the canal, but also extended north along a strip of sea, from just east of Cyprus to the Lebanese coast. NATO has also reported disruptions off the south coast of Turkey. While the GPS mostly just disappeared, the reports noted, sometimes it placed the vessels somewhere they were not: in one case, a vessel in Port Said appeared on GPS to be west of Alexandria, more than 150 nautical miles to the west.
US and NATO officials were paying attention, with good reason. The region has seen military tensions escalate in recent years, particularly off the coast of Syria. It is also a vital trade route: in March 2018, 1,450 vessels of all sizes transited the waterway, about a third of which were oil tankers or LNG ships, according to data from the Suez Canal Authority. Those vessels were carrying about 61 million barrels of crude oil alone, or nearly 2 million b/d.
By March 23 last year, just five days after the first report, the US Maritime Authority (MARAD) released an alert warning vessels of possible GPS interference in the East Mediterranean. By the summer, the incidents had drawn an alert from NATO’s Allied Maritime Command (MARCOM).
“In recent months, several electronic interferences have been detected, particularly GPS and AIS interference, as well as possible GPS jamming in the East Mediterranean,” a July 31 advisory warned.
Altogether, 16 individual reports of GPS interruptions were made between March 18 and November 4, all with the cause listed as unknown.
In a February 2019 newsletter, NATO’s Shipping Centre confirmed they are still investigating in the region and encouraged merchant ships to report any incidents. “GPS jamming continues to be present in areas of the Eastern Mediterranean,” the centre said.
The Global Positioning System, or GPS, underpins most of the world’s digital systems for determining location, time, and communication — on everything from your mobile phone, to the world’s largest commercial vessels.
“For so many years we were used to using [only] GPS,” says Chronis Kapalidis, an expert in maritime security and the East Mediterranean at Chatham House.
It has always been possible to disrupt GPS, but doing so is now easier and cheaper than ever, experts say.
That has meant an explosion of both GPS “jamming” – when GPS is interrupted – and “spoofing” – when a receptor is tricked into believing it is somewhere it is not.
Disruption can come from civilians, who can now buy cheap jammers on the internet. It also comes from states, appearing in geopolitical hot spots alongside a new wave of cyber conflict.
Experts say many large vessels have no back-up to GPS, and crew often lack awareness that it is even vulnerable to disruption. Without back-up, an increasingly digital generation of commercial vessels risks getting caught in the crosshairs.
States or rogue elements?
There is no official explanation for why GPS is being disrupted in the East Mediterranean, but a patchwork of military operations in the region is likely to be a major cause of the interruptions. That itself is a result of rapidly rising tensions north of Egypt and off the coast of Syria.
“The eastern Mediterranean is extremely busy militarily,” MARCOM officials wrote in a report in October. “There are numerous warships operating in the region all with high powered transmitting devices.”
In fact, the East Med disruptions began before March, according to a specialist on the region, citing NATO intelligence.
Reports of disruption were heard in 2017, says Hans Tino Hansen, the CEO of Copenhagen-based maritime risk consulting firm Risk Intelligence, who published a report on GPS disruptions based on anecdotal reports from clients.
Those disruptions are likely a result of both military operations by the Egyptian army, who are fighting militants in the Sinai, and Russian warships off the coast of Syria.
“The GPS spoofing and jamming in [Port] Said and Suez is a byproduct … from a military operation that has nothing to do with the ships,” says Hansen.
GPS jamming technology is now accessible enough for jamming to be the work of “rogue” individuals, says Todd Humphreys, director of the Radionavigation Laboratory at the University of Texas at Austin.
But experts agree that in the East Med, the location and sheer scale of the interruptions points towards the work of nation states.
As a result, the potential risks of a vessel losing the ability to navigate, or drifting off course without realizing, are countless.
“The political situation in the East Med is so tense, everyone is at each other’s throats,” says Sebastian Bruns, head of the Center for Maritime Strategy and Security at the University of Kiel. “Just imagine if a Turkish freighter ran aground and spilled oil all over the Israeli coast.”
The Eastern Mediterranean is just one of the latest hot spots in an expanding list of regions that have seen interruptions rise alongside geopolitical tension.
The US-based Resilient Navigation and Timing Foundation reported in 2017 that hundreds of vessels in the Black Sea saw their GPS locations disrupted. Many saw their locations at an inland Russian airport. Anecdotal reports of interruptions in the Black Sea date to at least 2016, multiple experts say.
Recurring, large scale disruptions have been reported off the Korean peninsula, in Lapland in northern Finland, and on the northern Norwegian border with Russia during NATO military drills, which Norway’s Foreign Ministry blamed on Russian forces in a comment to the Associated Press. Russian officials denied involvement.
Last October, one report was logged in the Strait of Hormuz, off Iran, and two more were logged at the Saudi Arabian port of Jeddah, in the Red Sea, prompting another advisory from MARAD.
GPS disturbances are just one element in an expanding list of threats to cyber infrastructure, affecting everything from banks to social media websites and consumer utility grids. Cyber-attacks have already affected the shipping industry. In 2017, Maersk suffered an attack to its central networks that disabled the company for 10 days and cost the company an estimated $250-$300 million.
Meanwhile, GPS interruptions have continued in the East Med. In November, interruptions were reported at the Israeli port of Haifa, and from near the eastern tip of Cyprus.
“We have encountered more severe than normal GPS interference tonight,” read the November 4 report. “Thank goodness for paper charts.”
Costly misadventure, existential risks
The risks from GPS jamming and spoofing are countless – accidents, collisions, confusion, and other costly mistakes – not to mention the risk of straying into contested waters and military conflicts.
Take the Suez Canal. One of the world’s key transit choke points, the canal forms a crucial link from Europe to Asia. In 2017, nearly 780 million barrels of crude passed through the canal, or about 2.13 million b/d, according to the Suez Canal Authority.
“A spoofing or jamming attack in a congested shipping lane in poor weather could cause a collision between large ships similar to the collision between the USS Fitzgerald and the ACX Crystal,” says Humphreys. That incident, between a US naval ship and a Philippine container ship off the coast of Japan in June 2017, caused seven deaths.
But the largest risk would not be in a canal – where other visual cues exist – but at open sea, where spoofing might not be immediately detected, and other forms of navigation are more difficult.
The larger risk, however, goes beyond a one-off disaster. As conflict increasingly takes the form of “hybrid warfare” involving cyber attack, the digitized commercial trade faces huge risks.
Outside of navies, few vessels have full back-up systems to GPS, or robust crew training in purely analogue navigation methods that haven’t been widely used in decades.
“Virtually all large non-military seagoing vessels… have only standard single-frequency GPS receivers onboard, with no special protection against jamming and spoofing,” says Humphreys.
Analogue methods and extensive back-up systems have been maintained by navies, and the risk of GPS disruption is widely known in military circles. This is not the case in commercial shipping.
No ship owners contacted for this article said they were aware of involuntary disruptions of GPS in the East Mediterranean.
Taking attention away from just operating a large vessel, even when everything is going smoothly, also presents a challenge to improving the industry’s resilience to potential GPS disturbance.
“Unless a big accident [occurs] that can be traced to GPS spoofing, the attention of [the crew] will be elsewhere,” says Sebastian Bruns, head of the Center for Maritime Strategy and Security at the University of Kiel.
Tech and training needed
There are practical ways to limit the risk of jamming or spoofing. But to really safeguard the satellite systems on which we have come to rely, governments will have to provide back-up.
The first step needs to be an awareness among crews that GPS can be purposely disrupted, and why. Planning for an outage requires preparing crew to navigate using alternate, often traditional methods, particularly at open sea, where there are no obvious visual cues to help with navigation.
Hardware can also help, from GPS receptors that only point to the sky – making it more difficult for them to receive interrupting signals by land – to counterjamming technology, largely used by navies.
“These civilian ships, they have no defense for these kinds of attacks, or these kinds of effects. So they are much, much more vulnerable than a naval ship would be,” says Hans Tino Hansen, the CEO of Risk Intelligence.
Those efforts all present their own challenges in an industry with paper-thin margins, where shipowners are already struggling to adapt to the costs associated with the 2020 IMO regulations on the shift to cleaner bunker fuels.
Governments have the ability to provide a further safety net, by creating land-based navigation networks, known as eLoran systems, which have stronger signals and as such are more difficult to disrupt. Whether they will step up is another question.
Both China and Russia still maintain such regional systems, and the US government has repeatedly pledged to create a reinforced transmission system, too. One is now expected to arrive: in December, a law was signed to establish a back-up system to GPS, under the National Timing Resilience and Security Act of 2018. That system is due for completion by December 2020.
China's import basket (including both merchandise and services trade) reveals this reliance on foreign technology. China's largest goods import by value is semiconductors accounting for over 12% of total imports, a broadly similar share to that in 2006 (10). Semiconductor imports are about twice as large as those of crude oil.
But even if it passes, progress could be slow – the system will not get funding until the 2020 budget, at the earliest.
“The technology is solved. The policy is solved. It’s just a matter of nations implementing the policies and the technology,” says Goward. “It is really just a willingness and a leadership problem.”