Insight: Cyber threats to shipping grow in East Mediterranean


In the first part of this double feature, Katherine Dunn investigates an emerging security risk for the shipping industry, as maritime authorities report a rising number of GPS failures

Early one Sunday in mid-March, a ship in Port Said, the northern gateway to Egypt's Suez Canal, suddenly and inexplicably lost all connection to GPS on board.

"All of them affected," the vessel's crew wrote in a March 18 report to the US Navigation Centre of Excellence (NAVCEN), after a total of seven receivers lost connection to GPS. "Disturbance still continuous."

The cause of disruption, after an investigation by NAVCEN, was listed as "unknown interference."

In the following days, vessels in and around Port Said and the Suez Canal reported sudden and unexplainable outages in their GPS, some lasting days, and referenced dozens of vessels in the area experiencing the same problem.

The disruptions were concentrated around the Canal, but also extended north along a strip of sea, from just east of Cyprus to the Lebanese coast. NATO has also reported disruptions off the south coast of Turkey. While the GPS mostly just disappeared, the reports noted, sometimes it placed the vessels somewhere they were not: in one case, a vessel in Port Said appeared on GPS to be west of Alexandria, more than 150 nautical miles to the west.

US and NATO officials were paying attention, with good reason. The region has seen military tensions escalate in recent years, particularly off the coast of Syria. It is also a vital trade route: in March, 1,450 vessels of all sizes transited the waterway, about a third of which were oil tankers or LNG ships, according to data from the Suez Canal Authority. Those vessels were carrying about 61 million barrels of crude oil alone, or nearly 2 million b/d.

By March 23, just five days after the first report, the US Maritime Authority (MARAD) released an alert warning vessels of possible GPS interference in the East Mediterranean. By the summer, the incidents had drawn an alert from NATO's Allied Maritime Command (MARCOM).

"In recent months, several electronic interferences have been detected, particularly GPS and AIS interference, as well as possible GPS jamming in the East Mediterranean," a July 31 advisory warned.

Altogether, 16 individual reports of GPS interruptions were made between March 18 and November 4, all with the cause listed as unknown. In October, a NATO official from MARCOM said they were still investigating.

Cheap tricks

The Global Positioning System, or GPS, underpins most of the world's digital systems for determining location, time, and communication - on everything from your mobile phone, to the world's largest commercial vessels.

"For so many years we were used to using [only] GPS," says Chronis Kapalidis, an expert in maritime security and the East Mediterranean at Chatham House.

It has always been possible to disrupt GPS, but doing so is now easier and cheaper than ever, experts say.

That has meant an explosion of both GPS "jamming" - when GPS is interrupted - and "spoofing" - when a receptor is tricked into believing it is somewhere it is not.

Disruption can come from civilians, who can now buy cheap jammers on the internet. It also comes from states, appearing in geopolitical hot spots alongside a new wave of cyber conflict.

Experts say many large vessels have no back-up to GPS, and crew often lack awareness that it is even vulnerable to disruption. Without back-up, an increasingly digital generation of commercial vessels risks getting caught in the crosshairs.

States or rogue elements?

There is no official explanation for why GPS is being disrupted in the East Mediterranean, but a patchwork of military operations in the region is likely to be a major cause of the interruptions. That itself is a result of rapidly rising tensions north of Egypt and off the coast of Syria.

"The eastern Mediterranean is extremely busy militarily," MARCOM officials wrote in a report in October. "There are numerous warships operating in the region all with high powered transmitting devices."

In fact, the East Med disruptions began before March, according to a specialist on the region, citing NATO intelligence.

Reports of disruption were heard in 2017, says Hans Tino Hansen, the CEO of Copenhagen-based maritime risk consulting firm Risk Intelligence, who published a report on GPS disruptions based on anecdotal reports from clients.

Those disruptions are likely a result of both military operations by the Egyptian army, who are fighting militants in the Sinai, and Russian warships off the coast of Syria.

"The GPS spoofing and jamming in [Port] Said and Suez is a byproduct ... from a military operation that has nothing to do with the ships," says Hansen.

GPS jamming technology is now accessible enough for jamming to be the work of "rogue" individuals, says Todd Humphreys, director of the Radionavigation Laboratory at the University of Texas at Austin.

But experts agree that in the East Med, the location and sheer scale of the interruptions points towards the work of nation states.

As a result, the potential risks of a vessel losing the ability to navigate, or drifting off course without realizing, are countless.

"The political situation in the East Med is so tense, everyone is at each other's throats," says Sebastian Bruns, head of the Center for Maritime Strategy and Security at the University of Kiel. "Just imagine if a Turkish freighter ran aground and spilled oil all over the Israeli coast."

Geopolitical tensions

The Eastern Mediterranean is just one of the latest hot spots in an expanding list of regions that have seen interruptions rise alongside geopolitical tension.

Last year, the US-based Resilient Navigation and Timing Foundation reported that hundreds of vessels in the Black Sea saw their GPS locations disrupted. Many saw their locations at an inland Russian airport. Anecdotal reports of interruptions in the Black Sea date to at least 2016, multiple experts say.

Recurring, large scale disruptions have been reported off the Korean peninsula, in Lapland in northern Finland, and on the northern Norwegian border with Russia during NATO military drills, which Norway's Foreign Ministry blamed on Russian forces in a comment to the Associated Press. Russian officials denied involvement.

In October, one report was logged in the Strait of Hormuz, off Iran, and two more were logged at the Saudi Arabian port of Jeddah, in the Red Sea, prompting another advisory from MARAD.

GPS disturbances are just one element in an expanding list of threats to cyber infrastructure, affecting everything from banks to social media websites and consumer utility grids. Cyberattacks have already affected the shipping industry. Last year, Maersk suffered an attack to its central networks that disabled the company for 10 days and cost the company an estimated $250-$300 million.

Meanwhile, GPS interruptions have continued in the East Med. In November, interruptions were reported at the Israeli port of Haifa, and from near the eastern tip of Cyprus.

"We have encountered more severe than normal GPS interference tonight," read the November 4 report. "Thank goodness for paper charts."