Thursday, September 14, 2017

USS McCain Cyber Attack Investigation

The Navy is investigating the possibility that cyber hacking was involved in the recent collision between the USS McCain and a merchant ship (1).  The Navy is doing this as a cyber warfare test case exercise rather than because anyone believes that cyber hacking occurred.  I so often criticize Navy leadership but this deserves accolades.  This is an excellent opportunity to do a live warfighting test of the Navy’s counter-cyber capabilities and to begin establishing procedures.  Who knows, maybe there was hacking involved?  Until you do the investigation, you won’t know.  Therefore, treat it like there was an attack until you prove otherwise.  That said, please don’t misconstrue what I’m saying.  I’m not even remotely suggesting that a cyber attack occurred.

One interesting aspect of this incident that the article points out is that a cyber attacker would have been more likely to hack the merchant ship’s systems, causing it to steer into the McCain, than to try hacking the destroyer’s systems.  That presents a challenge from an investigative perspective, in trying to get access to the merchant ship’s systems.  That, in itself, is a lesson learned, already!

I would also hope that the investigation might uncover cyber vulnerabilities, as they proceed, even they weren’t exploited.  There is nothing but good that can come from this.

This needs to become routine and, indeed, it appears that it will be.

“The Navy is making cyber investigations automatic after any mishap, starting with the at-sea collision that killed 10 sailors aboard the USSMcCain.”

That’s outstanding, if overdue.  We know that China, Russia, NKorea, and Iran are conducting cyber attacks on US systems routinely – and that’s only from the incidents that have been made public!  There are, undoubtedly, many more that have not been publicized.

I cannot say enough good about the Navy’s action on this.  In fact, the only negative is how long it has taken the Navy to initiate this investigation.  They should have been on the case immediately but, hey, this is the first test case so I’ll cut them some slack.

Well done, Navy!


(1)Breaking Defense website, "Was The Merchant Ship Hacked? McCain Collision Is First Run For Navy Cyber Investigators",Sydney J. Freedberg, Jr., 14-Sep-2017,


  1. Even if the MV was hacked i think the "hackers" would be in a vessel near by , because after they supposedly take a virtual hold on the MV they have to be able to steer it to ram the US ship.

    1. There maybe electronic trickery involved, but we limited ability to control a Tesla outside certain highways, let alone a ship on the high seas.
      Planes have auto pilots as do ships and I would have thought that was a more useful place for an enemy to have remote control

    2. yeah, but if its long distance remote hacking even if they take control of the autopilot they still have to be able to see what the MV's X band or S band radars display in order to steer the MV to ram..
      I think it would be easier if the hackers were in a nearby vessel to easily steer the hijacked vessel

    3. The ship tracking records in both collisions show the MVs werent really changing course

  2. And lets look at the two vessels that struck the USN destroyers, for merchant standards they are neither the newest build ( that is to say with the latest electronics ) and the're mid-weight

  3. I can’t agree that this is a likely hack.

    One would have to assume a destroyer had a watch standing (they apparently didn’t, but they should have)

    Even if you took the destroys GPS and continually fed them into the Civvi ship, you would assume that someone would see it coming and evade. They would have at least squarked at each other, and this simply does not appear to have happened.

    A Burke can EASILY out pace and out manoeuvre a cargo barge of that size, but they were hit directly amidships. At what appear to be approximately 90 degrees on.

    That can only realistically happen is you weren’t even trying to avoid.

    This attempt to muddy the waters around what is clearly incompetence again is poor.

    Very poor, at best. Fess-up. Then put your house to rights.

    Trying to imply this was the work of a foreign enemy make it worse not better from a PR point of view. It was just an accident in congested waters, and 2 crews too slack to pay attention!


    1. Nobody, not the article, not the Navy, and not me, even remotely suggested that hacking was involved. Reread the article and post! Even the commenters are only talking about a theoretical hack methodology.

    2. Someone should give Dick Marcinko a call. Sounds like we need to startup the Red Cell program again.


Comments will be moderated for posts older than 30 days in order to reduce spam.