As they currently exist, cyber forces are viewed by operational commanders as little more than offsite defenders of large-scale service networks. To upend this view requires a shift in scope, with exploitation and offensive effect capabilities gaining parity with defense. Focus must be on achieving tactical level utility, with specialists at the scene or in the responsible command center. Commanders then could leverage them for real time operations and include cyber forces as a regular element of any operational plan.
Exploiting electronic devices and provides utility at the tactical level. A boarding team that interdicts a smuggling vessel is expected to, at a minimum, secure the vessel’s GPS receiver to exploit its track history and any waypoint lists that could identify its departure, landing, or rendezvous points. Accessing this information requires specific actions to avoid deleting or overwriting data and to meet evidentiary requirements for any prosecution efforts. Boarding teams comprised of operational ratings may employ process guides or job aids to complete this task, but usually they simply seize the hardware until it can be transferred to information technology professionals ashore, who download the data, plot it on a preferred Geographic Information System (GIS), and package it for review.
A cyber specialist deployed with a boarding team or embarked on the parent ship could accomplish this while under way, allowing real-time exploitation of networked systems that could lead to near-term interdictions at sea and investigations ashore. Regularly exploiting GPS data is one example, but well-trained cyber forces also would be capable of obtaining data from other electronic systems on board suspect vessels, whether stand-alone laptops or a series of devices connected by National Marine Electronics Association (NMEA) or traditional networks.
Offensive cyber effect operations at the tactical level would be a true game-changer. Targeted denial, disruption, and destruction of electronics and networks employed on vessels at sea is a readily achievable goal. Technology to counter unmanned aerial vehicles (UAV) is one example of cyber effect capability where for cyber forces can bolster their operational utility at a tactical level. Equipment that detects Wi-Fi and radio control signals associated with UAVs is within the scope of cyber forces, as are the radio frequency and GPS jammers, spoofers, and hacks required to counter UAV incursions into maritime security zones and other limited-access areas. The technology exists and, with limited training, current cyber specialists could employ it to desired effect. The specialist embarked on a cutter charged with enforcing a security zone on, over, and under the waters surrounding a high-value asset would become a service legend the minute they force the first UAV out of the sky during a real world operation.
Though counter-UAV actions provide inroads to tactical level involvement, for cyber forces with a maritime focus priority should be given to any capability able to effect NMEA networks that touch critical marine electronics, including GPS, AIS, RADAR, radios, chart plotters, multidisplays, autopilots, and engine controls. Envision a ship arriving at a domestic port after completing a series of port calls to nations that sponsors of terrorism. A boarding is ordered for the minute it moves within range of U.S. surface assets, who will determine if its crew or cargo present a threat. Today, analysts ashore run queries through national databases on the vessel and her known crew for prior history and current intelligence. Much of the information produced is dated and speculative. An overflight along the ship’s track provides imagery of its deck, but by the time the photos are delivered to mission planners they’re dated. A patrolling cutter is diverted to shadow the vessel from a hull-down vantage, and though monitoring its movements visually and with AIS and RADAR, can determine nothing about what is occurring below deck.
In the future, during a mission briefing to discuss courses of action, the member of the newly created cyber rating embarked on the cutter at the start of its patrol, proposes that if assets get within range of a Wi-Fi or Bluetooth signal from the suspect ship, its on-board network can be infiltrated, filling gaps in the current assessment and providing additional options to gain control of its steering and propulsion. The mission commander agrees to try and, under cover of darkness, a small boat launches from the cutter and comes close aboard the suspect vessel. When several hundred yards from the quarter of the ship, the cyber specialist detects an unsecured Wi-Fi network. He then connects to the network and identifies other connected devices, which include both personal devices and those of several multifunction displays used to navigate the ship and control and monitor its engineering and propulsion systems.
The specialist uploads and runs several scripts on the ship’s network that automatically pull and sort desired data into a searchable database on his own laptop. Soon after, the specialist ghosts the screen of the ship’s main navigation display and discovers he has full control over its steering and propulsion. The developments are reported to the mission commander and, before the sun rises, the suspect ship is brought to a halt remotely through the Wi-Fi connection and a boarding team is embarked without incident. The cyber specialist is brought on board to conduct real-time exploitation of the ship and personal electronics, setting the stage for rapid follow on actions that disrupt other underway shipments and active terror cells on shore.
These are the tactical-level cyber capabilities operational commanders will value and seek out for future missions. Forward-thinking leaders must widen the purview of cyber forces and the scope of responsibilities from defensive actions. There is a need to consolidate existing cyber-related exploitation and effect capabilities into the capabilities of cyber command units. Many of these capabilities will demand the physical presence of specialists on board ships, cutters, or boats, making them available to operational commanders and relevant to accomplishing mission objectives. For cyber forces to make a difference, they must integrate physically into the action at sea.
Chief Null currently is a lead underway instructor at the U.S. Coast Guard's Boatswain's Mate 'A' School in Yorktown, Virginia.