March 09, 2012

GPS and ECDIS- two warnings and a funeral.

Two stark warnings caught my attention recently. These were not new, but there are new reasons why we should take them seriously.

The first came from Bob Cockshott of the British ICT Knowledge Transfer Network, which is a setup funded by the UK's national innovation agency. Referring to the spoofing of GPS signals at a London conference, Mr Cockshott said that there were now serious concerns "that we are going to see a disaster" in the English Channel within the next decade. "We have moved on from a potentially threatening situation to a real danger that we must address now," Cockshott said.

The second caution was on the implementation of the ECDIS regime, but it was no less blunt, coming as it did from somebody who  helped design the ECDIS back in the 80's and early 90's. Saying that ECDIS implementation was suffering from "political interests", this is what Master Mariner and computer scientist Gert B. Büttgenbach is quoted in Marine Cafe as saying: “Tear it down to the fundamentals and start fresh before it causes chaos", adding, “The sclerotic organisations ruling international shipping dislike reviewing the standards that I once helped to establish.”

I think that the spoofing of GPS signals- creating fake GPS signals that change user perceptions of time or location- has resurfaced now because an Iranian engineer claimed last December that he had spoofed a US drone into landing in Iran. The engineer said that false coordinates had been fed to the drone that fooled it into thinking it was close to 'home.' in Afghanistan instead of over Iran. It is immaterial to civilian maritime navigation that many scoffed at this claim, pointing out that military hardware- including GPS guided missile systems or smart bombs- use robust encryption code. The fact is that civilian GPS systems do not; they are supposed to be freely accessible by all users in the coverage area.

Spoofing a GPS signal is an insidious step ahead of jamming the signal, of course, and that is bad enough. In 2010, an experiment with low-level jamming in the English Channel saw ships going off course without operator's knowledge, sending out false AIS signals and communications systems failures. Jamming is akin to a virus on your computer shutting it down; your GPS receiver just stops working. Spoofing is akin to somebody hijacking your computer and feeding you compromised data without your knowledge. Your position- in time and date- is whatever the spoofer wants it to be. "It looks exactly like a real GPS signal," says one expert. "Everything looks completely normal, but the spoofer is controlling your position in time and space." 

Satellite navigation systems have been at risk from criminals, terrorists, criminals or even bored teenagers for a long while, but any incidents have involved jammers that are available even off the internet at sixty dollars apiece, give or take. Criminals have hijacked vans carrying high value goods after jamming their GPS and cell phone systems. Signals at traffic intersections have been jammed in the US. However, jamming is old news; spoofers are the new kids on the block.

Although built and tested by researchers three years ago, spoofers were hitherto bulky and expensive to assemble. That has changed;  Todd Humphreys, a specialist in GPS technology from the University of Texas, told Reuters not long ago that he had developed the first GPS civilian spoofer, a "very powerful" device that cost under $1,000 to assemble. "It's not outside the capability of any other smart graduate student in GPS or GNSS across the world," he said. "And it's not outside the capability of any kind of sophisticated terrorist organisation." 

I think we are going to see a serious spoofing attack on GPS systems eventually. It may happen in a seemingly unrelated space. Perhaps in a stock market trading platform, where experts warn that a criminal can, by spoofing the displayed time by a few microseconds, make a killing in a trade. Perhaps it will be a terrorist attack instead. Life, especially in the West, is dependent on GPS systems to an extent not even dreamt of by ordinary  folk, medical, power and water infrastructure included. The future easy availability of GPS spoofers- and their illegal use- is a foregone conclusion. 

Ships, ports, coastlines and congested waterways will face extreme risk. This is not the turn of the century, when the Y2K scare (or the Y2K fraud, depending on your point of view) could be tackled with thoughtless drills and other nonsense. (Aside, my humour remained unappreciated in the office when I suggested on a ship that the drill involve only one step- switching off the damn GPS for a month) Today, however, we are in an era of integrated systems. The GPS feeds, amongst others, the ARPA, the AIS, the GMDSS and other communication systems- and the new rabbit out of the old hat- the ECDIS. 

Which brings me to Büttgenbach again. Unfortunately but expectedly, the rollout of this game changing and vital equipment has been chaotic, to put it mildly. He has many workable suggestions on how to fix this- for a start, he says, make electronic charts free, standardise equipment and user interfaces, purge IHO/IMO standards that stifle innovation- even one that says we should put the ECDIS on an IPad and make it intuitive.  

Equally unfortunately, I have zero faith that any of this will happen. The implementation and training of ECDIS has long degraded- again expectedly- into a confused and ill-calibrated commercial exercise; safer or more useful suggestions be damned because less money will be made. Nonetheless, I am aghast at the degradation. 

Also degraded in the new generation of mariners: basic position fixing and collision avoidance skills, thanks to a culture- both ashore and afloat- that promotes almost complete reliance on electronics during watchkeeping. We continue to go down this slippery slope with new proposals on COC examinations that, if implemented, will require lower skills from future navigators, especially lower celestial navigation skills. I disagree with this philosophy- the sextant is not the DF. 

Which is why nine out of ten navigators today will run and fuss over the GPS if there is a generator trip and a temporary loss in power; to hell with the immediate threat of a swinging ship in a busy lane that has temporarily lost its steering and gyro input. Which is why taking a visual bearing or using parallel indexing is a monthly event on many ships. Why double checking of the GPS position while coasting is non-existent. Why the course and speed of a target, and even its CPA , are sometimes read off the AIS. Meanwhile, paper charts are disappearing, encouraging a further disconnect with traditional navigation, so guess what will happen if somebody spoofs a modern navigator's GPS and the ECDIS becomes- unknown to him or her- an expensive piece of junk giving his ship's spoofed position in colour. 

What happens is this: In the absence of the habit of constantly double checking electronic positions with traditional means, today's navigator does not have the tools, temperament, experience or situational awareness to realise that something is wrong. He does not have the instinct to switch instinctively and comprehensively to non-electronic basics even after such a realisation. His basics are rusty in any case; some of them are even a mystery. 

You know, if I was a terrorist, I would load- on a foggy winter day - a briefcase sized spoofer on a fishing boat and take it near, say, off Texel in the North Sea.  I would prefer bad weather- there are enough days with near gale force winds and rough seas out there. On a busy day there would be close to a hundred vessels- ships and boats- in a six mile radius there. Many will be crossing or joining the many traffic lanes- fishing vessels too, heading for business in the many TSS' around.  The crews of most of these ships would be fatigued; coasters and others alike- Europe can be a killer run. Regardless of the COLREGS, ISM, and stuff, most will be proceeding at maximum speed in zero visibility; many will not have even doubled watches. In a few, the Captain will not even have taken the trouble to stay on the bridge.

So, if I were a terrorist, I would take my spoofer there. And I would switch it on. And- right up to the time disaster struck- most of those vessels would never even know what hit them. And this would happen because the pursuit of obscene profits has long overtaken any considerations for safety.

1 comment: said...

In the USA the current administration seemed to take delight in authorizing the teardown of LORAN. An enhanced LORAN would have been a suitable back-up for GNSS system and very difficult to jam, from what I have read. It actually is costing the government more to tear down LORAN than it would have to improved and maintained it. Perhaps after the first big incident with spoofed GPS signals this mistake will be corrected, and LORAN will return to use.