McCain Collision Investigation a Test Case for Navy Cyber Experts

FacebookXPinterestEmailEmailEmailShare

Almost immediately after news broke Aug. 21 that the destroyer USS John S. McCain had collided with a civilian tanker in the Pacific, the second such deadly collision in months, speculation began to swirl that the crash was the result of some kind of enemy cyber attack.

The same day, while maintaining that no evidence or indicators pointed to such an attack, Chief of Naval Operations Adm. John Richardson confirmed that Navy investigators were examining such a possibility as part of the larger investigation into causes of the collision.

What has emerged since is that the Navy cyber team sent to investigate the McCain collision -- led by the commander of the U.S. 10th Fleet, Vice Adm. Michael Gilday -- is the first of its kind, and for the service, a step into the uncharted future of warfare.

While the cyber team is still capturing and analyzing data from the McCain to probe for anomalies or evidence of an attack, it is also working to determine how to make analysis of possible cyber intrusion "a normal part" of future mishap investigations, Vice Adm. Jan Tighe told an audience at a U.S. Naval Institute-sponsored event in Washington, D.C., on Thursday.

No parallel investigation is taking place with regard to the destroyer USS Fitzgerald, which collided with a civilian container ship in June.

Tighe, deputy chief of Naval Operations for Information Warfare and director of naval intelligence, said there wasn't public speculation about a cyber threat with the Fitzgerald, and thus no cyber investigation was ordered.

While she did not mention this, some of the speculation about the McCain collision was driven by unconfirmed reports that the ship had suffered from an unexplained steering failure before it collided with the Liberian-flagged tanker east of the Strait of Malacca.

"It is something that we think about a lot, and we've got to have both the authorities and the human capital built that's ready to respond to these types of events," she said.

At a hearing before panels of the House Armed Services Committee last week, Vice Chief of Naval Operations Adm. Bill Moran also asserted that the measures being taken for the McCain are part of a new way of doing business for the Navy.

"This is the first time we've done this, and we're not stopping," he said at the hearing. "This is to try to institutionalize doing cyber as part of any mishap, aviation, submarine, you name it. We need to go look at it as an order of business and not hand wave it to, 'It's cyber.' So that's where we're headed."

Tighe said normalizing such an investigation began with isolating the engineers within Navy systems commands who represent the technical authority on various mechanical, weapons and control systems and aviation platforms, and ensuring they have a thorough knowledge on the kinds of threats to which their equipment is vulnerable.

"The systems commands have been building that kind of expertise within each of their warfare centers and those kind of people we think would be the ones that we would tap into," she said.

" ... So that they are capable of being part of the investigation and they have the full knowledge of their systems that they're the technical authority for and can look for any signs of cyber intrusion or malicious malware," she added.

Because the McCain investigation is the first of its kind, Tighe said it's not clear how long the cyber team will continue its work.

"It rather depends on if and when we find anything that looks suspicious, and how we will go about determining whether it is actually suspicious or not," she said. "It could be weeks; it could be months. I don't think it's years. It very much depends on if we find anything we cannot explain."

Story Continues
US Navy Topics DefenseTech