Over the past two decades, U.S. global naval superiority has been progressively eroded by Russian and Chinese technological advancements in speed, range, stealth, and sheer tonnage. As devastating as hypersonic and antiship ballistic missiles, ultra-quiet submarines, and massive shipyards can be, they distract from another peril of unlimited range, speed-of-light velocity, and invisibility to the most advanced sensors—a threat already responsible for the most significant attacks against Western maritime interests this century.
With the last major fleet engagement 76 years astern, growing evidence points to the pivotal engagements of the 21st century looking very different from the naval battles of the 1900s. Mahanian principles appear to have finally been overtaken by technological advancement. His theories have remained relevant through past revolutions in military affairs brought about by radars and radios, submarines and aircraft carriers, but his emphasis on the “great thoroughfares of the world’s traffic” has taken on a new perspective.1
The strategic maritime terrain of cyberspace has become just as essential as the straits, canals, and coaling stations of Mahan’s time, yet so much of this new domain remains uncharted territory. Many of the most strategic and decisive maritime events of the past decade, especially those that have most disrupted the naval pecking order, have originated from this unsurveyed theater. Thus, great power competition priority number one for naval intelligence should be to become the world’s best maritime cyber cartographers.
Lessons from the Deep
Naval intelligence has overcome the challenges of the uncharted margins before. The Navy’s steep learning curve in the initial characterization of the undersea domain during the 20th century highlights several important lessons for present day maritime cyber operations.
The Navy’s early undersea Sound Surveillance System (SOSUS) stations became operational in the Caribbean in 1954, and for almost eight years, SOSUS’s acoustic signature library “blacklist” was insufficient to detect adversary submarines. Prior to the Cuban Missile Crisis of 1962, the only corroborated acoustic detections of Soviet diesel submarines were of boats operating on the surface that exhibited drastically different acoustic characteristics than submerged submarines. It was only after the ensuing U.S. naval blockade reduced the acoustic noise floor that SOSUS was able to pinpoint acoustic anomalies and correlate them with Soviet submarines by process of elimination. By 1964, collection stations were expanded to the Norwegian Sea where collects of high-volume Soviet submarine traffic developed superior understanding of the undersea environment and adversary characteristics, a cornerstone of U.S. undersea domain advantage ever since.
Second, the pronounced difference in acoustic signature between a submarine transiting the surface and lurking at periscope depth conveys another lesson for intelligence support to cyber. The malleable nature of cyber-terrain can quickly render painstakingly constructed cyber maps useless.In a conflict, when the network maze reconfigures—whether because of environmental factors or adversary action—it will be up to naval intelligence to understand the adversary’s doctrine and tendencies. Analysts must be able to leverage experience in surveying cyber-terrain to anticipate how such shifts will shape the enemy’s posture and behavior, and re-arm and reorient their commanders with the most complete cyber charts first.
Last, naval intelligence’s undersea intelligence success also demonstrates how proactive investment and innovation can secure lasting advantages in emergent environments. In the 20th century, Navy leaders recognized the strategic importance of submarines and drove naval intelligence forebears to develop accurate maps of the world’s oceans. Before SOSUS, the Office of Naval Research sponsored multiple research projects by elite oceanographic institutes and universities, advancing sonar technology and pioneering the fields of seafloor mapping and bathymetry.
The dynamic nature of the ocean makes for an apt comparison to the cyber domain where dynamic features like current, sea state, and thermocline all have significant impacts to operations. Even today, the Navy operates six Pathfinder-class oceanographic survey ships responsible for advanced surveys of the ocean environment to “improve technology in undersea warfare and enemy ship detection.” Naval intelligence must likewise invest in capabilities that can map maritime networks at scale, measure and assess change, and rapidly orient commanders to how to best maneuver for advantage.
The Code that Stopped a Thousand Ships
Recent history has demonstrated the risks and dangers that the uncharted cyber portions of the maritime domain present. In June 2017, NotPetya, a particularly virulent strain of malware attributed to the Russian military, cascaded globally across corporate networks via Ukrainian accounting software and unpatched Windows devices. NotPetya left a trail of irreversibly scrambled computers in its wake en route to becoming the most costly cyberattack in history with more than $10 billion in assessed damages. While Ukraine was the intended target, collateral damage had devastating effects in unexpected sectors.
As a result of NotPetya, Maersk, the world’s largest shipping company responsible for 76 international ports and almost 800 commercial vessels, was “dead in the water.” In an instant, Maersk’s entire network of 4,000 servers and 45,000 computers controlling the company’s complex global logistics was flotsam. The company was forced to revert to mobile phone communications and paper records for almost two weeks and took more than two months to regain capacity—at an estimated revenue cost of more than $300 million. Fortunately for Maersk—and the international maritime community as a whole—the malware did not have a viable “thoroughfare” to the vessels themselves, inadvertently avoiding catastrophic safety and environmental impacts.
Traditionally, the network posture of a foreign commercial company is not the bailiwick of naval intelligence, and yet NotPetya exposed a soft underbelly in a critical pillar of U.S. sea power—the ability to protect seaborne commerce and maintain order at sea. Approximately 80 percent of the global economy is transported by sea with an ever-increasing portion of U.S. trade conveyed by foreign shipping cartels such as Maersk and Chinese government-owned COSCO.
Similarly, the Department of Defense has come to depend on chartered and occasionally foreign-flagged vessels to supplement the dwindling Military Sealift Command and outdated Ready Reserve Fleets for transportation of sustainment goods and military equipment. To compound matters, the number of U.S-flagged commercial vessels has fallen by more than 80 percent since 1990, and a 2019 U.S. Transportation Command assessment concluded “surge sealift capability was unreliable and could lead geographic combatant commanders to make incorrect assumptions.”
The incidental yet profound impacts of NotPetya to global shipping is evidence that naval intelligence’s efforts to achieve maritime cyberspace situational awareness must extend beyond exclusively military networks.
Ocean Lotus is a publicly known cyber group, affiliated with operations that support the intelligence and security interests of Vietnam. In particular, cybersecurity researchers have consistently linked Ocean Lotus to cyber operations against Chinese maritime interests in the South China Sea. Beginning in 2014, Ocean Lotus has launched multiple cyber espionage campaigns targeting a range of Chinese institutions, companies, and government agencies involved in the commercialization of the SCS.
Whereas traditional naval confrontation by Vietnamese and Chinese maritime forces has been negligible since China consolidated its claim to the Spratly Islands during the Johnson South Reef Skirmish of 1988, Vietnam-aligned cyber actors appear to be far less hesitant to challenge Chinese maritime cyberspace interests.
The South China Sea is poised to figure prominently in 21st-century great power competition, and intelligence insight into the tactics and objectives of the relevant cyber actors will be critical for understanding the most active and contested margins of the theater. Charting and maintaining a robust cyber-terrain map of the South China Sea is a concrete step toward preventing international acceptance of a nine-dashed line.
Naval intelligence must invest significantly more energy and resources in surveying and mapping maritime cyber networks; however, the foundational principles of operational intelligence will remain critical to success.
While not a mapmaking tool per se, modification of the doctrinal Joint Intelligence Preparation of the Environment (JIPOE) is well-suited for orienting both analysts and operators to the concept of cyber geography. Key terrain features are universal, and high ground, barriers, chokepoints, and lines of communication all have analogous equivalents in cyberspace. Naval intelligence analysts must be prepared to operate with imperfect information and rely on superior knowledge of cyber-terrain and the adversary to make rapid assessments and operational recommendations. Predictive intelligence analysis is critical to secure standing approvals and enable preplanned operations, “reminiscent of high-frequency trading,” instantaneously reacting to established set points to seize the decision advantage where operational advantages are measured in nanoseconds.
Despite its foundational utility, the JIPOE framework’s capacity to conceptualize intelligence and planning support to great power competition lacks the technical details required for tactical application and network mapping. The development and integration of automated mapping tools like the DARPA-initiated Plan X that employs machine learning to dynamically flag key cyber terrain to reduce noise and focus analytic bandwidth is an example of a critical next step for maritime cyber cartographers.
In this era of great power competition, cyberwarfare is tailormade to complement Chinese and Russian asymmetric efforts to offset U.S. naval warfare dominance enjoyed since the end of the Cold War. Cyber is proving to be low cost, effective, difficult to attribute, and confounding to traditional notions of proportionate response—making it the perfect tool for cross-domain, hybrid-warfare strategies to paralyze, undermine, and subdue a stronger foe before, or indeed without, coming to blows.
For the rest of the 21st century, the Navy will increasingly witness threats that strike from the uncharted territories of the maritime cyber domain so long as it lacks the willingness and ability to navigate and operate therein. Naval intelligence has risen to similar challenges in the past, creating lasting operational advantages by ensuring the Navy possessed superior situational awareness beyond the map’s edge.
1. Alfred Thayer Mahan The Influence of Sea Power upon History, 1660–1783 (New York: Little, Brown, 1890), 32.