Skip to main content
USNI Logo USNI Logo USNI Logo USNI 150th Anniversary
Donate
  • Cart
  • Join or Log In
  • Search

Main navigation

  • About Us
  • Membership
  • Books & Press
  • USNI News
  • Proceedings
  • Naval History
  • Archives
  • Events
  • Donate
USNI Logo USNI Logo USNI Logo USNI 150th Anniversary
Donate
  • Cart
  • Join or Log In
  • Search

Main navigation (Sticky)

  • About Us
  • Membership
  • Books & Press
  • USNI News
  • Proceedings
  • Naval History
  • Archives
  • Events
  • Donate

Sub Menu

  • Essay Contests
    • About Essay Contests
    • CNO Naval History - Midshipmen and Cadets
    • CNO Naval History - Professional Historian
    • CNO Naval History - Rising Historian
    • Naval Intelligence
  • Current Issue
  • The Proceedings Podcast
  • U.S. Naval Institute Blog
  • American Sea Power Project
  • Contact Proceedings
    • Submission Guidelines
    • Media Inquiries
  • All Issues
cyber attack
In 2017, NotPetya, a strain of malware attributed to the Russian military, left a trail of irreversibly scrambled computers, including those of Maersk—the world’s largest shipping company. Naval intelligence must have the ability to protect seaborne commerce.
Public Domain

Sub Menu

  • Essay Contests
    • About Essay Contests
    • CNO Naval History - Midshipmen and Cadets
    • CNO Naval History - Professional Historian
    • CNO Naval History - Rising Historian
    • Naval Intelligence
  • Current Issue
  • The Proceedings Podcast
  • U.S. Naval Institute Blog
  • American Sea Power Project
  • Contact Proceedings
    • Submission Guidelines
    • Media Inquiries
  • All Issues

To Master the Cyber Threat, Naval Intelligence Should Remember Its Undersea Domain Roots

By Lieutenant Commanders Sean B. Margot and Tyson Meadors, U.S. Navy
June 2021
Proceedings
Vol. 147/6/1,420
Nobody Asked Me, But . . .
View Issue
Comments

Over the past two decades, U.S. global naval superiority has been progressively eroded by Russian and Chinese technological advancements in speed, range, stealth, and sheer tonnage. As devastating as hypersonic and antiship ballistic missiles, ultra-quiet submarines, and massive shipyards can be, they distract from another peril of unlimited range, speed-of-light velocity, and invisibility to the most advanced sensors—a threat already responsible for the most significant attacks against Western maritime interests this century.

With the last major fleet engagement 76 years astern, growing evidence points to the pivotal engagements of the 21st century looking very different from the naval battles of the 1900s. Mahanian principles appear to have finally been overtaken by technological advancement. His theories have remained relevant through past revolutions in military affairs brought about by radars and radios, submarines and aircraft carriers, but his emphasis on the “great thoroughfares of the world’s traffic” has taken on a new perspective.1

The strategic maritime terrain of cyberspace has become just as essential as the straits, canals, and coaling stations of Mahan’s time, yet so much of this new domain remains uncharted territory. Many of the most strategic and decisive maritime events of the past decade, especially those that have most disrupted the naval pecking order, have originated from this unsurveyed theater. Thus, great power competition priority number one for naval intelligence should be to become the world’s best maritime cyber cartographers.

Lessons from the Deep

Naval intelligence has overcome the challenges of the uncharted margins before. The Navy’s steep learning curve in the initial characterization of the undersea domain during the 20th century highlights several important lessons for present day maritime cyber operations.

The Navy’s early undersea Sound Surveillance System (SOSUS) stations became operational in the Caribbean in 1954, and for almost eight years, SOSUS’s acoustic signature library “blacklist” was insufficient to detect adversary submarines. Prior to the Cuban Missile Crisis of 1962, the only corroborated acoustic detections of Soviet diesel submarines were of boats operating on the surface that exhibited drastically different acoustic characteristics than submerged submarines. It was only after the ensuing U.S. naval blockade reduced the acoustic noise floor that SOSUS was able to pinpoint acoustic anomalies and correlate them with Soviet submarines by process of elimination. By 1964, collection stations were expanded to the Norwegian Sea where collects of high-volume Soviet submarine traffic developed superior understanding of the undersea environment and adversary characteristics, a cornerstone of U.S. undersea domain advantage ever since.

Second, the pronounced difference in acoustic signature between a submarine transiting the surface and lurking at periscope depth conveys another lesson for intelligence support to cyber. The malleable nature of cyber-terrain can quickly render painstakingly constructed cyber maps useless.In a conflict, when the network maze reconfigures—whether because of environmental factors or adversary action—it will be up to naval intelligence to understand the adversary’s doctrine and tendencies. Analysts must be able to leverage experience in surveying cyber-terrain to anticipate how such shifts will shape the enemy’s posture and behavior, and re-arm and reorient their commanders with the most complete cyber charts first.

Last, naval intelligence’s undersea intelligence success also demonstrates how proactive investment and innovation can secure lasting advantages in emergent environments. In the 20th century, Navy leaders recognized the strategic importance of submarines and drove naval intelligence forebears to develop accurate maps of the world’s oceans. Before SOSUS, the Office of Naval Research sponsored multiple research projects by elite oceanographic institutes and universities, advancing sonar technology and pioneering the fields of seafloor mapping and bathymetry.

The dynamic nature of the ocean makes for an apt comparison to the cyber domain where dynamic features like current, sea state, and thermocline all have significant impacts to operations. Even today, the Navy operates six Pathfinder-class oceanographic survey ships responsible for advanced surveys of the ocean environment to “improve technology in undersea warfare and enemy ship detection.” Naval intelligence must likewise invest in capabilities that can map maritime networks at scale, measure and assess change, and rapidly orient commanders to how to best maneuver for advantage.

The Code that Stopped a Thousand Ships

Recent history has demonstrated the risks and dangers that the uncharted cyber portions of the maritime domain present. In June 2017, NotPetya, a particularly virulent strain of malware attributed to the Russian military, cascaded globally across corporate networks via Ukrainian accounting software and unpatched Windows devices. NotPetya left a trail of irreversibly scrambled computers in its wake en route to becoming the most costly cyberattack in history with more than $10 billion in assessed damages. While Ukraine was the intended target, collateral damage had devastating effects in unexpected sectors.

As a result of NotPetya, Maersk, the world’s largest shipping company responsible for 76 international ports and almost 800 commercial vessels, was “dead in the water.” In an instant, Maersk’s entire network of 4,000 servers and 45,000 computers controlling the company’s complex global logistics was flotsam. The company was forced to revert to mobile phone communications and paper records for almost two weeks and took more than two months to regain capacity—at an estimated revenue cost of more than $300 million. Fortunately for Maersk—and the international maritime community as a whole—the malware did not have a viable “thoroughfare” to the vessels themselves, inadvertently avoiding catastrophic safety and environmental impacts.

Traditionally, the network posture of a foreign commercial company is not the bailiwick of naval intelligence, and yet NotPetya exposed a soft underbelly in a critical pillar of U.S. sea power—the ability to protect seaborne commerce and maintain order at sea. Approximately 80 percent of the global economy is transported by sea with an ever-increasing portion of U.S. trade conveyed by foreign shipping cartels such as Maersk and Chinese government-owned COSCO.

Similarly, the Department of Defense has come to depend on chartered and occasionally foreign-flagged vessels to supplement the dwindling Military Sealift Command and outdated Ready Reserve Fleets for transportation of sustainment goods and military equipment. To compound matters, the number of U.S-flagged commercial vessels has fallen by more than 80 percent since 1990, and a 2019 U.S. Transportation Command assessment concluded “surge sealift capability was unreliable and could lead geographic combatant commanders to make incorrect assumptions.”

The incidental yet profound impacts of NotPetya to global shipping is evidence that naval intelligence’s efforts to achieve maritime cyberspace situational awareness must extend beyond exclusively military networks.

Blooming Conflicts

Ocean Lotus is a publicly known cyber group, affiliated with operations that support the intelligence and security interests of Vietnam. In particular, cybersecurity researchers have consistently linked Ocean Lotus to cyber operations against Chinese maritime interests in the South China Sea. Beginning in 2014, Ocean Lotus has launched multiple cyber espionage campaigns targeting a range of Chinese institutions, companies, and government agencies involved in the commercialization of the SCS.

Whereas traditional naval confrontation by Vietnamese and Chinese maritime forces has been negligible since China consolidated its claim to the Spratly Islands during the Johnson South Reef Skirmish of 1988, Vietnam-aligned cyber actors appear to be far less hesitant to challenge Chinese maritime cyberspace interests.

The South China Sea is poised to figure prominently in 21st-century great power competition, and intelligence insight into the tactics and objectives of the relevant cyber actors will be critical for understanding the most active and contested margins of the theater. Charting and maintaining a robust cyber-terrain map of the South China Sea is a concrete step toward preventing international acceptance of a nine-dashed line.

Way Ahead

Naval intelligence must invest significantly more energy and resources in surveying and mapping maritime cyber networks; however, the foundational principles of operational intelligence will remain critical to success.

While not a mapmaking tool per se, modification of the doctrinal Joint Intelligence Preparation of the Environment (JIPOE) is well-suited for orienting both analysts and operators to the concept of cyber geography. Key terrain features are universal, and high ground, barriers, chokepoints, and lines of communication all have analogous equivalents in cyberspace. Naval intelligence analysts must be prepared to operate with imperfect information and rely on superior knowledge of cyber-terrain and the adversary to make rapid assessments and operational recommendations. Predictive intelligence analysis is critical to secure standing approvals and enable preplanned operations, “reminiscent of high-frequency trading,” instantaneously reacting to established set points to seize the decision advantage where operational advantages are measured in nanoseconds.

Despite its foundational utility, the JIPOE framework’s capacity to conceptualize intelligence and planning support to great power competition lacks the technical details required for tactical application and network mapping. The development and integration of automated mapping tools like the DARPA-initiated Plan X that employs machine learning to dynamically flag key cyber terrain to reduce noise and focus analytic bandwidth is an example of a critical next step for maritime cyber cartographers.

In this era of great power competition, cyberwarfare is tailormade to complement Chinese and Russian asymmetric efforts to offset U.S. naval warfare dominance enjoyed since the end of the Cold War. Cyber is proving to be low cost, effective, difficult to attribute, and confounding to traditional notions of proportionate response—making it the perfect tool for cross-domain, hybrid-warfare strategies to paralyze, undermine, and subdue a stronger foe before, or indeed without, coming to blows.

For the rest of the 21st century, the Navy will increasingly witness threats that strike from the uncharted territories of the maritime cyber domain so long as it lacks the willingness and ability to navigate and operate therein. Naval intelligence has risen to similar challenges in the past, creating lasting operational advantages by ensuring the Navy possessed superior situational awareness beyond the map’s edge.

1. Alfred Thayer Mahan The Influence of Sea Power upon History, 1660–1783 (New York: Little, Brown, 1890), 32.

Lieutenant Commanders Sean B. Margot

Lieutenant Commander Margot is a naval intelligence officer stationed at Navy Cyber Warfare Development Group in Suitland, Maryland.

More Stories From This Author View Biography

Lieutenant Commander Tyson Meadors, U.S. Navy

Lieutenant Commander Meadors is a cyber warfare engineer stationed at Navy Cyber Warfare Development Group in Suitland, Maryland.

More Stories From This Author View Biography

Related Articles

Laptop
Now Hear This

The Navy Needs a Real Cyber Warfare Community

By Lieutenant Patrick Casey, U.S. Navy
April 2021
The Navy needs a much bigger cyber warfare community—professionals with the skills and tools to make risk-based decisions in offensive and defensive cyber conflict.
Cyber Pearl Harbor
Now Hear This

Ahead of the Hack—A Plan to Combat Cyber Threats

By Lieutenant Bill Conway, U.S. Navy Reserve
May 2019
Is it going to take a cyber Pearl Harbor or a cyber 9/11—where the energy grid, water system, banks, and hospitals are attacked simultaneously—for the United States to develop a ...

Quicklinks

Footer menu

  • About the Naval Institute
  • Books & Press
  • Naval History Magazine
  • USNI News
  • Proceedings
  • Oral Histories
  • Events
  • Naval Institute Foundation
  • Photos & Historical Prints
  • Advertise With Us
  • Naval Institute Archives

Receive the Newsletter

Sign up to get updates about new releases and event invitations.

Sign Up Now
Example NewsletterPrivacy Policy
USNI Logo White
Copyright © 2023 U.S. Naval Institute Privacy PolicyTerms of UseContact UsAdvertise With UsFAQContent LicenseMedia Inquiries
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram
Powered by Unleashed Technologies
×

You've read 1 out of 5 free articles of Proceedings this month.

Non-members can read five free Proceedings articles per month. Join now and never hit a limit.