Maritime navigation under threat: GNSS spoofing raises security concerns
9 October 2023
Contemporary maritime transportation relies heavily on Global Navigation Satellite Systems (GNSS) for accurate navigation, but these systems are vulnerable to spoofing attacks. Recent incidents have shown that even low-cost equipment can execute spoofing attacks. Russian cargo vessels are using GNSS spoofing to evade sanctions. Countermeasures exist, but complete protection remains impossible.
By Justus Joachim Imkampe, Security Analyst Intern
Contemporary maritime transportation heavily depends on accurate navigation provided by the Global Navigation Satellite System (GNSS). The high-precision GNSS receivers installed on modern vessels are generally regarded as reliable, but technological advancements and malicious activities have eroded this assumption. The attackers’ motivation ranges from industrial espionage and economic sabotage to piracy and terrorism. Unmanned vessels relying on GNSS lacking real-time human intervention face heightened risks from spoofing attacks, as they may struggle to verify their positions and react promptly, increasing the chances of accidents.
Multiple instances of GNSS signal spoofing have been reported frequently, and recent incidents have illustrated that such manipulations can be executed even with inexpensive equipment and minimal expertise, reducing the threshold for malicious attacks with potentially severe repercussions. Attacks have the potential to go undetected and consequently pose significantly greater threats. In such an attack, a malicious actor produces counterfeit signals that closely resemble legitimate ones, making it challenging to differentiate between them.
An illustrative example of how GNSS spoofing is used involves Russian cargo vessels attempting to evade sanctions. In 2022, a Russian oil tanker attempted to distort its location by manipulating its Automated Information System (AIS) to generate a deceptive representation of its location. While the tanker’s location was displayed in the Aegean Sea, it was most likely unloading and reloading cargo in Malta. This is evidence that Russian operators possess the capabilities to undermine sanctions. Other sanctioned countries like Venezuela and Iran also use covert techniques to conceal the vessel’s real location.
Another recent case concerns the Russian far East port of Kozmino, which evolved into a hotspot for departing tankers to spoof their signals once they reach the Sea of Japan. There are growing concerns regarding the compliance of tankers transporting crude oil and Western companies operating within the blue economy being involved. Other cases involve the smuggling of illegal cargo, such as drugs.
The widespread availability of GNSS spoofing technologies poses significant risks to protecting commercial ships from pirate attacks. Disturbing signals can cover extensive distances, and once a vessel deviates from its intended route, it becomes vulnerable to piracy. In addition, when the vessel calls for help, the location it transmits may not be accurate.
Appropriate countermeasures exist, but some methods can only be applied to existing receivers with expensive hardware upgrades or replacements. These are usually evaluated as uneconomical compared to the risks posed by such threats. Research on alternative and less costly mitigation methods has identified software-based upgrades to navigation systems. One way to detect spoofing attacks is the MAritime Nmea-based Anomaly detection method (MANA) according to National Marine Electronics Association (NMEA) standards. This is a new framework consisting of methods that consistently monitor and analyse data obtained from GPS transmitter in the form of NMEA sentences utilising the maritime network.
Nevertheless, it should be noted that there will never be a complete guarantee for detecting spoofing attacks unless navigation systems are fundamentally transformed.
RELATED CONTENT:
Discover further insights into GNSS spoofing, which is an ongoing concern for the maritime industry. Analyst Katie Zeng Xiaojun provides background and recommendations for this threat in her briefing.
RISK ASSESSMENT REPORTS:
There are several Risk Intelligence reports that can help you assess the risk of a specific route, or provide further background for decision-making in the form of a threat assessment
Risk Intelligence’s risk assessment reports feature in-depth analyses of current or forecasted threats for specific client operations - a region or a route - and serve as a foundation for decision-making.