Skip to main content
USNI Logo USNI Logo USNI Logo
Donate
  • Cart
  • Join or Log In
  • Search

Main navigation

  • About Us
  • Membership
  • Books & Press
  • USNI News
  • Proceedings
  • Naval History
  • Archives
  • Events
  • Donate
USNI Logo USNI Logo USNI Logo
Donate
  • Cart
  • Join or Log In
  • Search

Main navigation (Sticky)

  • About Us
  • Membership
  • Books & Press
  • USNI News
  • Proceedings
  • Naval History
  • Archives
  • Events
  • Donate

Sub Menu

  • Essay Contests
    • About Essay Contests
    • Innovation for Sea Power
    • Marine Corps
    • Naval Intelligence
  • Current Issue
  • The Proceedings Podcast
  • American Sea Power Project
  • Contact Proceedings
    • Submission Guidelines
    • Media Inquiries
  • All Issues
watchstander
A watchstander on the bridge of the Arleigh Burke–class guide-missile destroyer USS Ross (DDG-71). In the scenario, Ross is the target of a sophisticated Chinese information warfare attack that forces the destroyer into port.
U.S. Navy (Kyle Steckler)

Sub Menu

  • Essay Contests
    • About Essay Contests
    • Innovation for Sea Power
    • Marine Corps
    • Naval Intelligence
  • Current Issue
  • The Proceedings Podcast
  • American Sea Power Project
  • Contact Proceedings
    • Submission Guidelines
    • Media Inquiries
  • All Issues

The Navy Must Hide in Plain Sight

Information Warfare Essay Contest—Second Prize
Sponsored by Booz Allen Hamilton

China has been infiltrating U.S. networks for years. A comprehensive, preemptive cyber attack on the U.S. Navy is not hard to imagine.
By Lieutenant Commander Ryan Hilger, U.S. Navy
July 2021
Proceedings
Vol. 147/7/1,421
Featured Article
View Issue
Comments
Body

The attack had been years in the making, but the sailors on the USS Wayne E. Meyer (DDG-108) had no way of knowing it. For the bridge team, time seemed to grind to a halt. Amid the myriad alarms and the captain shouting at everyone, the officer of the deck knew only that the ship seemed to have suffered a catastrophic power failure in the middle of the South China Sea.1 Down in the combat information center, the scene was dark—literally. A few sailors managed to turn on flashlights and battle lanterns, but the darkness was foreboding.

The chiefs and first-class petty officers were paralyzed. The ship had drilled for damage control and power casualties, but never for such a complete power loss. Sailors fumbled their way about the ship, trying to get diesel generators and gas turbine engines started.2 Nothing seemed to work right. Diesels started, but the electrical switchgear was inoperable. The gas turbines would not start at all. Little did the crew know that their sister ships across the Navy were fighting the same battle. Back on the bridge, the officer of the deck silently prayed that this would not be the time China decided to start a war. But it was just beginning.

The attack did not start on the Wayne E. Meyer but in a program office on the Washington Navy Yard more than a decade prior, with a seemingly innocent request from a General Dynamics employee for access to a design drawing database supporting the Arleigh Burke program. The request was not uncommon, and administrators quickly approved it—China was in. The request had been spoofed, pulling personal profile data from employees on LinkedIn coupled with spear phishing attacks on government and contractor employees.3 But once access was issued, the attackers from Unit 61398 of the People’s Liberation Army (PLA) were able to move quickly through the patchwork of cyber protections on the government and contractor networks, exfiltrating a treasure trove of technical information and identity credentials, including administrator and root certificates, and leaving behind numerous backdoors to facilitate later access.4 Similar attacks occurred in the ensuing years, targeting program offices for the Navy’s weapon systems, shipboard networks, communication systems, industrial control systems—anything they could get away with.5 U.S. program managers believed their deployed systems were safe because they were air-gapped from the internet.6

The seemingly unfettered access to these networks emboldened the Unit 61398 hackers, and they started injecting code changes and dormant programs into the software of the Aegis combat system, shipboard networks, and industrial control systems. They even managed to begin routine testing of updating code to deployed ships, leveraging the quarterly preventive main­tenance system updates. Their malicious code both updated itself and reported back to the PLA that it had access to all the necessary components on the ship to carry out future attacks.7

aircraft carrier
The aircraft carrier USS Theodore Roosevelt (CVN-71) transits the channel into Joint Base Pearl Harbor–Hickam at Pearl Harbor, Hawaii. A plausible cyber-attack scenario could involve the grounding of a Chinese-owned merchant ship in such a channel, preventing U.S. Navy ships from leaving during a crisis. Credit: U.S. Navy (Jessica Blackwell)

Unit 61398’s sister units began infiltrating and compromising the Navy’s supply chains, which got easier as the microelectronics foundries in the United States closed down.8 Like the cyber operations, the PLA started with counterfeit hardware that would fail, but later with more sophisticated counterfeits that provided Chinese leaders a means to remotely execute the attacks for which Unit 61398 was laying the groundwork.9

The attack hit every ship with an LM2500 gas turbine engine nearly simultaneously, crippling the surface fleet.10 Some ships fared better than others in restoring some power, mostly through the actions of a few sailors who knew their systems so thoroughly that they figured out ways to manually bypass inoperable switchgear and programmable logic controllers.11 But a few struggling crews went days without power.

While sailors struggled to get their ships back online, U.S. and Navy senior leaders found themselves reeling under the tsunami of news. The stock market seemed gripped by a flash crash.12 Chinese hackers seized the internet switches controlling service to the Pentagon, erasing the firmware and rendering the Pentagon devoid of information and communications.13 Botnets in China usurped control of social media platforms and news services, exploiting the algorithms that push the trending and viral posts, to project AI-generated videos and images—deepfakes—and news stories of chaos in the United States.14 In all the major West Coast Navy ports, families reeled as they watched the names of loved ones scrolling across a screen, with the implication that their ships had been sunk.

Other fake news streamed across networks, broadcasting problems with nuclear power plants in Calvert Cliffs, Maryland, and near Chicago, Illinois; a ruptured oil terminal on the Texas coast spilling crude into the Gulf of Mexico; and a terrorist bomb threat to the Port of Long Beach. Any news reporting the movements of the Chinese military in the western Pacific were promptly overwhelmed by distributed denial-of-service attacks and taken down. China’s disinformation campaign was staggering and crippling.

The ships that did manage to get emergency communications running could not get through to their squadrons—family calls demanding information inundated the call lines. As individual ships restored some communications, they began to learn of similar occurrences all along the waterfronts and of the panic sweeping the ports back home. Many crews found themselves alone and afraid, drifting on an endless ocean.

China capped off the coup de main at Pearl Harbor. A Chinese Ocean Shipping Company container ship running with spoofed Automated Identification Service information veered left as it approached the shipping terminal at Honolulu, running hard aground on shoals just south of buoys 3 and 4 in the Pearl Harbor channel.15 Scuttling charges quickly followed, and a few muffled explosions inside the ship sent containers spilling into the water. Similar incidents occurred at Yokosuka and Sasebo, but Pearl Harbor was particularly problematic, with the Rim of the Pacific exercise ending the week prior. Multiple ships were in port, both in Hawaii and in San Diego, California, and Everett, Washington. In the aftermath, Navy leaders were relieved China had opted only to immobilize ships rather than destroy the gas turbines, with the loss of life and collateral damage that would bring. They knew all too well that it was possible.16

Winning without Fighting

In this fictional vignette, China managed to disable the vast majority of the U.S. surface fleet and bottle up its bases in the Pacific in just a few hours. The cyberattack created freedom of movement for the Chinese government to immobilize the U.S. Navy without significant loss of life. In the international arena, the United States would be hard pressed to find a proportional and appropriate response that would not embroil two nuclear-armed nations in a war with the potential to rapidly escalate. At any rate, the sudden and overwhelming attack, including paralysis of national decision-makers through the disinformation campaign, would prevent the United States from attempting any response in real time. China would be free to achieve its objectives without fear of an immediate U.S. response. A fait accompli.17   

When the United States regained its footing and decision-making capacity, it would find itself in a highly disadvantaged position. Given the widespread disinformation campaign, the accuracy and authenticity of any information would be questionable. A major portion of the Navy would not be able to respond to orders until ships restored power and command-and-control networks were operational—to say nothing about opening the Pearl Harbor channel. Were operational units, mainly submarines and land-based aircraft squadrons, given orders to attack PLA targets, the United States would be put in the position of spilling first blood.

So, how might a counterattack play out?

The U.S. Response

It had been a week since the attack. The commander of U.S. Second Fleet in Norfolk surveyed the ships resting at their piers. With most of the Pacific Fleet out of action, she knew her ships, coming from East Coast ports, would be leading whatever counterattack the President ordered. Through herculean efforts of the crews, the maintenance facilities, and supporting contractors, about half the surface fleet in Norfolk and Mayport had been restored and made ready for wartime service. Crews had been working around the clock. The Defense Logistics Agency had set up a rapid shuttle service to bring repair parts, as well as contractors to support repairs and load the ships with food and other stores. The information technology logic and switchgear controllers were carefully removed, packaged, and shipped for forensic analysis. Working parties from other ships pulled parts from inactivated ships in Pearl Harbor, Puget Sound, and Philadelphia and rushed them to the waterfronts.

The command-and-control communications took longer to restart, given the intricate web of temperamental, aging systems. As a result, war orders for Second Fleet arrived via aircraft from Washington, D.C., about ten days after the attack: Execute the standing operational plan against China with available forces. The commander of the U.S. Indo-Pacific Command would sort out what he wanted to do with the ships she would send.

China had stolen the operational plans many years prior. Beijing assumed a lack of ingenuity and bureaucratic inertia would cause the plans to change little, even though the PLA lost access to those systems shortly after exfiltrating the plans. Not that it mattered. The PLA’s military imagery satellites and business arrangements through Chinese state-run enterprises with DigitalGlobe, SpaceSense, and European Space Imaging meant it had extensive coverage of U.S. forces, along with a trail of breadcrumbs broadcast by every ship from malicious code insertions.18 The Chinese could see the ships coming from the moment they left their ports. Despite the hype around dynamic force employment, the fastest way to the western Pacific was still the shortest route, and China was ready for that.

Chinese Military Intelligence Unit
Part of the building of the Chinese military intelligence Unit 61398 on the outskirts of Shanghai. Unit 61398 is believed to be behind many of the cyber attacks against the United States and would likely play a key role in an attack against the U.S. Navy. Credit: Reuters

Because of the Navy’s penchant for sweeping and transformational changes across multiple platforms to deploy new technology, most of the latest in the technology sphere—5G, laser communications, artificial intelligence—was still years from making a difference at the tip of the spear. Second Fleet’s ships sortied toward the western Pacific with the same technologies they had been using for the past two decades. As the USS Ross (DDG-71), the first Rota-based destroyer to sortie, transited the Strait of Gibraltar, the global positioning system started degrading. It never returned; the jamming was too intense.19 As the Ross passed through the Suez Canal and into the Red Sea, PLA drones from the base in Djibouti were waiting, ready to broadcast signals toward the destroyer and begin degrading Ross’s readiness for combat.20

The Aegis combat system started acting up first by dropping tracks, displaying phantom contacts, and experiencing power surges that degraded the main array. It eventually shut down. Sailors scrambled to get the system restored—the Ross was approaching the Bab el-Mandab Strait, a natural chokepoint for the busy shipping traffic. Their fueling stop in Aden, Yemen, was canceled after port authorities reported technical issues with the pipelines and fueling systems—real or not. On board, other systems began faltering, but the final straw came as the Ross transited past Socotra island: A drone activated a dormant cyber payload that launched four SM-2 surface-to-air missiles from the forward missile magazine.21 The Fifth Fleet commander ordered the Ross to change course and head for Bahrain for troubleshooting—she clearly was not combat ready. Similar incidents played out all over the world as the Navy sent its ships toward the western Pacific. None made it.

Hide in Plain Sight

Whether safely moored at the pier in Norfolk or transiting the Taiwan Strait, U.S. Navy ships and sailors are on the front lines of the cyber and information war. In fact, the war already has started. As former Commandant of the Marine Corps General Robert Neller stated, “We’re at war right now in cyberspace. We’ve been at war for maybe a decade. They’re pouring oil over the castle walls every day.”22 China and Russia have spent two decades honing this type of warfare while the United States focused elsewhere, overly reliant on its existing military power and aging operational concepts.23 The Navy is especially vulnerable to information warfare, as it has essentially the same force structure and operational concepts it did 20 years ago, with the same legacy program offices and defense contractors.

To survive on the digital battlefield, the Navy must embrace the cyber principle of steganography—hiding in plain sight.24 Digital warfare commands an observe-orient-decide-act (OODA) loop that runs at light speed; faster than any human can process or control.25 The ubiquity of sensors and enormous computational power—military and commercial—give adversaries the ability to know more about U.S. warships and plans than Navy leaders may even know themselves.

Fighting in the digital domain requires a fundamental shift in the Navy’s identity and how it projects power and wins combat at sea. The Navy must refocus on its ability to camouflage ships and programs in both the cyber and physical domains to hide in plain sight.26 This will require rearchitecting combat systems for greater software agility, resiliency, and faster technology insertion, enhancing security of cyber-physical systems, reducing network dependence, and giving ships the ability to deter and degrade adversary surveillance and reconnaissance efforts, including with distributed unmanned systems. Efforts have started in some of these areas, but they are not sufficiently widespread nor urgent enough to protect sailors or deter adversaries.

Despite the Navy and nation’s seemingly singular focus on the number of ships in the fleet, the Navy fights first in the digital domain, ready or not. A future conflict will be won or lost in this realm long before a destroyer casts off lines, and China and Russia are already using it for lethal targeting. But the Navy does have a fighting chance if it does the work to disappear.

1. T. Christian Miller, Megan Rose, Robert Faturechi, and Agnes Chang, “Collision Course,” ProPublica, 20 December 2019.

2. CDR Kirk Lippold, USN (Ret.), Front Burner: Al Qaeda’s Attack on the USS Cole (New York: PublicAffairs, 2013).

3. James Cook, “How a Chinese Agent Used LinkedIn’s ‘Relentless’ Algorithm to Find Targets,” The Telegraph, 27 July 2020.

4. Alex Weinert, “Your Pa$$word Doesn’t Matter,” Microsoft.com, 9 July 2019; Secretary of the Navy, Cybersecurity Readiness Review, 4 March 2019; “APT1: Exposing One of China’s Cyber Espionage Units,” Mandiant, 19 February 2013.

5. Ellen Nakashima and Paul Sonne, “China Hacked a Navy Contractor and Secured a Trove of Highly Sensitive Data on Submarine Warfare,” Washington Post, 8 June 2018.

6. Maria Korolov, “New Malware Makes Air-Gapped Data Center Networks Less Bulletproof,” Data Center Knowledge, 8 June 2020; Kim Zetter, Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon (New York: Crown Publishing Group, 2015).

7. Andy Greenberg, “The Untold Story of NotPetya, the Most Devastating Cyberattack in History,” Wired, 22 August 2018.

8. Mark Lapedus, “A Crisis In DoD’s Trusted Foundry Program?” Semiconductor Engineering, 22 October 2018.

9. Jordan Roberston and Michael Riley, “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” Bloomberg BusinessWeek, 4 October 2018.

10. Gregory Slabodkin, “Software Glitches Leave Navy Smart Ship Dead in the Water,” GCN, 13 July 1998.

11. Greenberg, “The Untold Story of NotPetya.”

12. Brandon Keim, “Nanosecond Trading Could Make Markets Go Haywire,” Wired, 16 February 2012.

13. Danny Palmer, “Hacking Attacks on Your Router: Why the Worst Is Yet to Come,” ZDNet, 3 January 2019.

14. Peter Pomeratsev, This Is Not Propaganda: Adventures in the War against Reality (New York: PublicAffairs, 2019).

15. Mark Harris, “Ghost Ships, Crop Circles, and Soft Gold: A GPS Mystery in Shanghai,” MIT Technology Review, 15 November 2019.

16. Andy Greenberg, “How 30 Lines of Code Blew Up a 27-Ton Generator,” Wired, 23 October 2020.

17. Sun Tzu, The Art of War, trans. Samuel Griffith (London: Oxford University Press, 1963).

18. H. I. Sutton, “The Realities of Tracking Aircraft Carriers with Civilian Satellites,” Forbes, 7 May 2020; “Anatomy of a Firmware Attack,” Eclypsium, 20 December 2019.

19. Paul Tullis, “GPS Is Easy to Hack, and the U.S. Has No Backup,” Scientific American, 1 December 2019.

20. H. I. Sutton, “Satellite Images Show that Chinese Navy Is Expanding Overseas Base,” Forbes, 10 May 2020.

21. “The Launching of the Oops-Missile,” Fregatten Peder Skram; David E. Sanger and Thom Shanker, “N.S.A. Devises Radio Pathway into Computers,” New York Times, 14 January 2014.

22. Secretary of the Navy, Cybersecurity Readiness Review.

23. David Kilcullen, The Dragons and the Snakes: How the Rest Learned to Fight the West (New York: Oxford University Press, 2020).

24. Lily Hay Newman, “Hacker Lexicon: What Is Steganography?” Wired, 26 June 2017.

25. Mark Pomerleau, “When Information Moves Fast, Who Has Time to Make a Decision?” C4ISRnet, 13 November 2020.

26. Josef Koller, “U.S. Forces Can’t Hide from Ubiquitous Satellites. They Need to Fool Them,” DefenseOne, 16 December 2019.

Lieutenant Commander Ryan Hilger, U.S. Navy

Lieutenant Commander Hilger is an engineering duty officer stationed in Cape Canaveral, Florida. He has served on board the USS Maine (SSBN-741), as chief engineer of the USS Springfield (SSN-761), ashore at the CNO Strategic Studies Group XXXIII in Newport, Rhode Island, and at OPNAV N97 in Washington. He holds a master’s degree in mechanical engineering from the Naval Postgraduate School.

More Stories From This Author View Biography

Related Articles

Press Conference
P Featured Article

Canceled in Combat: Get Ready for Smear War

By Captain Don Gomez, U.S. Army
June 2021
Information Warfare Essay Contest–First Prize. Information warfare will play a decisive role in the next high-intensity conflict.
Missile-3 launch
Commentary

The Reality of War Should Define Information Warfare

By Commander Mike Dahm, U.S. Navy (Retired)
March 2021
The Department of Defense does not have an established definition for information warfare, nor does it have operational theories for information warfare.
Information Warfare WTI Graduation
Commentary

Navy and Marine Corps Must Integrate in the Information Warfare Domain

By Lieutenant Commander Todd Moulton, U.S. Navy
November 2020
If properly combined, Navy and Marine Corps’ integrated knowledge and capabilities could be much greater than the sum of their parts.

Quicklinks

Footer menu

  • About the Naval Institute
  • Books & Press
  • Naval History
  • USNI News
  • Proceedings
  • Oral Histories
  • Events
  • Naval Institute Foundation
  • Photos & Historical Prints
  • Advertise With Us
  • Naval Institute Archives

Receive the Newsletter

Sign up to get updates about new releases and event invitations.

Sign Up Now
Example NewsletterPrivacy Policy
USNI Logo White
Copyright © 2025 U.S. Naval Institute Privacy PolicyTerms of UseContact UsAdvertise With UsFAQContent LicenseMedia Inquiries
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram
×

You've read 1 out of 5 free articles of Proceedings this month.

Non-members can read five free Proceedings articles per month. Join now and never hit a limit.