The attack had been years in the making, but the sailors on the USS Wayne E. Meyer (DDG-108) had no way of knowing it. For the bridge team, time seemed to grind to a halt. Amid the myriad alarms and the captain shouting at everyone, the officer of the deck knew only that the ship seemed to have suffered a catastrophic power failure in the middle of the South China Sea.1 Down in the combat information center, the scene was dark—literally. A few sailors managed to turn on flashlights and battle lanterns, but the darkness was foreboding.
The chiefs and first-class petty officers were paralyzed. The ship had drilled for damage control and power casualties, but never for such a complete power loss. Sailors fumbled their way about the ship, trying to get diesel generators and gas turbine engines started.2 Nothing seemed to work right. Diesels started, but the electrical switchgear was inoperable. The gas turbines would not start at all. Little did the crew know that their sister ships across the Navy were fighting the same battle. Back on the bridge, the officer of the deck silently prayed that this would not be the time China decided to start a war. But it was just beginning.
The attack did not start on the Wayne E. Meyer but in a program office on the Washington Navy Yard more than a decade prior, with a seemingly innocent request from a General Dynamics employee for access to a design drawing database supporting the Arleigh Burke program. The request was not uncommon, and administrators quickly approved it—China was in. The request had been spoofed, pulling personal profile data from employees on LinkedIn coupled with spear phishing attacks on government and contractor employees.3 But once access was issued, the attackers from Unit 61398 of the People’s Liberation Army (PLA) were able to move quickly through the patchwork of cyber protections on the government and contractor networks, exfiltrating a treasure trove of technical information and identity credentials, including administrator and root certificates, and leaving behind numerous backdoors to facilitate later access.4 Similar attacks occurred in the ensuing years, targeting program offices for the Navy’s weapon systems, shipboard networks, communication systems, industrial control systems—anything they could get away with.5 U.S. program managers believed their deployed systems were safe because they were air-gapped from the internet.6
The seemingly unfettered access to these networks emboldened the Unit 61398 hackers, and they started injecting code changes and dormant programs into the software of the Aegis combat system, shipboard networks, and industrial control systems. They even managed to begin routine testing of updating code to deployed ships, leveraging the quarterly preventive maintenance system updates. Their malicious code both updated itself and reported back to the PLA that it had access to all the necessary components on the ship to carry out future attacks.7
Unit 61398’s sister units began infiltrating and compromising the Navy’s supply chains, which got easier as the microelectronics foundries in the United States closed down.8 Like the cyber operations, the PLA started with counterfeit hardware that would fail, but later with more sophisticated counterfeits that provided Chinese leaders a means to remotely execute the attacks for which Unit 61398 was laying the groundwork.9
The attack hit every ship with an LM2500 gas turbine engine nearly simultaneously, crippling the surface fleet.10 Some ships fared better than others in restoring some power, mostly through the actions of a few sailors who knew their systems so thoroughly that they figured out ways to manually bypass inoperable switchgear and programmable logic controllers.11 But a few struggling crews went days without power.
While sailors struggled to get their ships back online, U.S. and Navy senior leaders found themselves reeling under the tsunami of news. The stock market seemed gripped by a flash crash.12 Chinese hackers seized the internet switches controlling service to the Pentagon, erasing the firmware and rendering the Pentagon devoid of information and communications.13 Botnets in China usurped control of social media platforms and news services, exploiting the algorithms that push the trending and viral posts, to project AI-generated videos and images—deepfakes—and news stories of chaos in the United States.14 In all the major West Coast Navy ports, families reeled as they watched the names of loved ones scrolling across a screen, with the implication that their ships had been sunk.
Other fake news streamed across networks, broadcasting problems with nuclear power plants in Calvert Cliffs, Maryland, and near Chicago, Illinois; a ruptured oil terminal on the Texas coast spilling crude into the Gulf of Mexico; and a terrorist bomb threat to the Port of Long Beach. Any news reporting the movements of the Chinese military in the western Pacific were promptly overwhelmed by distributed denial-of-service attacks and taken down. China’s disinformation campaign was staggering and crippling.
The ships that did manage to get emergency communications running could not get through to their squadrons—family calls demanding information inundated the call lines. As individual ships restored some communications, they began to learn of similar occurrences all along the waterfronts and of the panic sweeping the ports back home. Many crews found themselves alone and afraid, drifting on an endless ocean.
China capped off the coup de main at Pearl Harbor. A Chinese Ocean Shipping Company container ship running with spoofed Automated Identification Service information veered left as it approached the shipping terminal at Honolulu, running hard aground on shoals just south of buoys 3 and 4 in the Pearl Harbor channel.15 Scuttling charges quickly followed, and a few muffled explosions inside the ship sent containers spilling into the water. Similar incidents occurred at Yokosuka and Sasebo, but Pearl Harbor was particularly problematic, with the Rim of the Pacific exercise ending the week prior. Multiple ships were in port, both in Hawaii and in San Diego, California, and Everett, Washington. In the aftermath, Navy leaders were relieved China had opted only to immobilize ships rather than destroy the gas turbines, with the loss of life and collateral damage that would bring. They knew all too well that it was possible.16
Winning without Fighting
In this fictional vignette, China managed to disable the vast majority of the U.S. surface fleet and bottle up its bases in the Pacific in just a few hours. The cyberattack created freedom of movement for the Chinese government to immobilize the U.S. Navy without significant loss of life. In the international arena, the United States would be hard pressed to find a proportional and appropriate response that would not embroil two nuclear-armed nations in a war with the potential to rapidly escalate. At any rate, the sudden and overwhelming attack, including paralysis of national decision-makers through the disinformation campaign, would prevent the United States from attempting any response in real time. China would be free to achieve its objectives without fear of an immediate U.S. response. A fait accompli.17
When the United States regained its footing and decision-making capacity, it would find itself in a highly disadvantaged position. Given the widespread disinformation campaign, the accuracy and authenticity of any information would be questionable. A major portion of the Navy would not be able to respond to orders until ships restored power and command-and-control networks were operational—to say nothing about opening the Pearl Harbor channel. Were operational units, mainly submarines and land-based aircraft squadrons, given orders to attack PLA targets, the United States would be put in the position of spilling first blood.
So, how might a counterattack play out?
The U.S. Response
It had been a week since the attack. The commander of U.S. Second Fleet in Norfolk surveyed the ships resting at their piers. With most of the Pacific Fleet out of action, she knew her ships, coming from East Coast ports, would be leading whatever counterattack the President ordered. Through herculean efforts of the crews, the maintenance facilities, and supporting contractors, about half the surface fleet in Norfolk and Mayport had been restored and made ready for wartime service. Crews had been working around the clock. The Defense Logistics Agency had set up a rapid shuttle service to bring repair parts, as well as contractors to support repairs and load the ships with food and other stores. The information technology logic and switchgear controllers were carefully removed, packaged, and shipped for forensic analysis. Working parties from other ships pulled parts from inactivated ships in Pearl Harbor, Puget Sound, and Philadelphia and rushed them to the waterfronts.
The command-and-control communications took longer to restart, given the intricate web of temperamental, aging systems. As a result, war orders for Second Fleet arrived via aircraft from Washington, D.C., about ten days after the attack: Execute the standing operational plan against China with available forces. The commander of the U.S. Indo-Pacific Command would sort out what he wanted to do with the ships she would send.
China had stolen the operational plans many years prior. Beijing assumed a lack of ingenuity and bureaucratic inertia would cause the plans to change little, even though the PLA lost access to those systems shortly after exfiltrating the plans. Not that it mattered. The PLA’s military imagery satellites and business arrangements through Chinese state-run enterprises with DigitalGlobe, SpaceSense, and European Space Imaging meant it had extensive coverage of U.S. forces, along with a trail of breadcrumbs broadcast by every ship from malicious code insertions.18 The Chinese could see the ships coming from the moment they left their ports. Despite the hype around dynamic force employment, the fastest way to the western Pacific was still the shortest route, and China was ready for that.
Because of the Navy’s penchant for sweeping and transformational changes across multiple platforms to deploy new technology, most of the latest in the technology sphere—5G, laser communications, artificial intelligence—was still years from making a difference at the tip of the spear. Second Fleet’s ships sortied toward the western Pacific with the same technologies they had been using for the past two decades. As the USS Ross (DDG-71), the first Rota-based destroyer to sortie, transited the Strait of Gibraltar, the global positioning system started degrading. It never returned; the jamming was too intense.19 As the Ross passed through the Suez Canal and into the Red Sea, PLA drones from the base in Djibouti were waiting, ready to broadcast signals toward the destroyer and begin degrading Ross’s readiness for combat.20
The Aegis combat system started acting up first by dropping tracks, displaying phantom contacts, and experiencing power surges that degraded the main array. It eventually shut down. Sailors scrambled to get the system restored—the Ross was approaching the Bab el-Mandab Strait, a natural chokepoint for the busy shipping traffic. Their fueling stop in Aden, Yemen, was canceled after port authorities reported technical issues with the pipelines and fueling systems—real or not. On board, other systems began faltering, but the final straw came as the Ross transited past Socotra island: A drone activated a dormant cyber payload that launched four SM-2 surface-to-air missiles from the forward missile magazine.21 The Fifth Fleet commander ordered the Ross to change course and head for Bahrain for troubleshooting—she clearly was not combat ready. Similar incidents played out all over the world as the Navy sent its ships toward the western Pacific. None made it.
Hide in Plain Sight
Whether safely moored at the pier in Norfolk or transiting the Taiwan Strait, U.S. Navy ships and sailors are on the front lines of the cyber and information war. In fact, the war already has started. As former Commandant of the Marine Corps General Robert Neller stated, “We’re at war right now in cyberspace. We’ve been at war for maybe a decade. They’re pouring oil over the castle walls every day.”22 China and Russia have spent two decades honing this type of warfare while the United States focused elsewhere, overly reliant on its existing military power and aging operational concepts.23 The Navy is especially vulnerable to information warfare, as it has essentially the same force structure and operational concepts it did 20 years ago, with the same legacy program offices and defense contractors.
To survive on the digital battlefield, the Navy must embrace the cyber principle of steganography—hiding in plain sight.24 Digital warfare commands an observe-orient-decide-act (OODA) loop that runs at light speed; faster than any human can process or control.25 The ubiquity of sensors and enormous computational power—military and commercial—give adversaries the ability to know more about U.S. warships and plans than Navy leaders may even know themselves.
Fighting in the digital domain requires a fundamental shift in the Navy’s identity and how it projects power and wins combat at sea. The Navy must refocus on its ability to camouflage ships and programs in both the cyber and physical domains to hide in plain sight.26 This will require rearchitecting combat systems for greater software agility, resiliency, and faster technology insertion, enhancing security of cyber-physical systems, reducing network dependence, and giving ships the ability to deter and degrade adversary surveillance and reconnaissance efforts, including with distributed unmanned systems. Efforts have started in some of these areas, but they are not sufficiently widespread nor urgent enough to protect sailors or deter adversaries.
Despite the Navy and nation’s seemingly singular focus on the number of ships in the fleet, the Navy fights first in the digital domain, ready or not. A future conflict will be won or lost in this realm long before a destroyer casts off lines, and China and Russia are already using it for lethal targeting. But the Navy does have a fighting chance if it does the work to disappear.
1. T. Christian Miller, Megan Rose, Robert Faturechi, and Agnes Chang, “Collision Course,” ProPublica, 20 December 2019.
2. CDR Kirk Lippold, USN (Ret.), Front Burner: Al Qaeda’s Attack on the USS Cole (New York: PublicAffairs, 2013).
3. James Cook, “How a Chinese Agent Used LinkedIn’s ‘Relentless’ Algorithm to Find Targets,” The Telegraph, 27 July 2020.
4. Alex Weinert, “Your Pa$$word Doesn’t Matter,” Microsoft.com, 9 July 2019; Secretary of the Navy, Cybersecurity Readiness Review, 4 March 2019; “APT1: Exposing One of China’s Cyber Espionage Units,” Mandiant, 19 February 2013.
5. Ellen Nakashima and Paul Sonne, “China Hacked a Navy Contractor and Secured a Trove of Highly Sensitive Data on Submarine Warfare,” Washington Post, 8 June 2018.
6. Maria Korolov, “New Malware Makes Air-Gapped Data Center Networks Less Bulletproof,” Data Center Knowledge, 8 June 2020; Kim Zetter, Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon (New York: Crown Publishing Group, 2015).
7. Andy Greenberg, “The Untold Story of NotPetya, the Most Devastating Cyberattack in History,” Wired, 22 August 2018.
8. Mark Lapedus, “A Crisis In DoD’s Trusted Foundry Program?” Semiconductor Engineering, 22 October 2018.
9. Jordan Roberston and Michael Riley, “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” Bloomberg BusinessWeek, 4 October 2018.
10. Gregory Slabodkin, “Software Glitches Leave Navy Smart Ship Dead in the Water,” GCN, 13 July 1998.
11. Greenberg, “The Untold Story of NotPetya.”
12. Brandon Keim, “Nanosecond Trading Could Make Markets Go Haywire,” Wired, 16 February 2012.
13. Danny Palmer, “Hacking Attacks on Your Router: Why the Worst Is Yet to Come,” ZDNet, 3 January 2019.
14. Peter Pomeratsev, This Is Not Propaganda: Adventures in the War against Reality (New York: PublicAffairs, 2019).
15. Mark Harris, “Ghost Ships, Crop Circles, and Soft Gold: A GPS Mystery in Shanghai,” MIT Technology Review, 15 November 2019.
16. Andy Greenberg, “How 30 Lines of Code Blew Up a 27-Ton Generator,” Wired, 23 October 2020.
17. Sun Tzu, The Art of War, trans. Samuel Griffith (London: Oxford University Press, 1963).
18. H. I. Sutton, “The Realities of Tracking Aircraft Carriers with Civilian Satellites,” Forbes, 7 May 2020; “Anatomy of a Firmware Attack,” Eclypsium, 20 December 2019.
19. Paul Tullis, “GPS Is Easy to Hack, and the U.S. Has No Backup,” Scientific American, 1 December 2019.
20. H. I. Sutton, “Satellite Images Show that Chinese Navy Is Expanding Overseas Base,” Forbes, 10 May 2020.
21. “The Launching of the Oops-Missile,” Fregatten Peder Skram; David E. Sanger and Thom Shanker, “N.S.A. Devises Radio Pathway into Computers,” New York Times, 14 January 2014.
22. Secretary of the Navy, Cybersecurity Readiness Review.
23. David Kilcullen, The Dragons and the Snakes: How the Rest Learned to Fight the West (New York: Oxford University Press, 2020).
24. Lily Hay Newman, “Hacker Lexicon: What Is Steganography?” Wired, 26 June 2017.
25. Mark Pomerleau, “When Information Moves Fast, Who Has Time to Make a Decision?” C4ISRnet, 13 November 2020.
26. Josef Koller, “U.S. Forces Can’t Hide from Ubiquitous Satellites. They Need to Fool Them,” DefenseOne, 16 December 2019.
