publications full of ideas
CyberSecurity Concerns
Hackers, The Seventh Fleet And Human Error

8.25.2017

When the USS John S. McCain collided with the tanker Alnic MC near Singapore, it was the third such collision this summer. The ship sustained damage at the waterline, flooding a crew sleeping area. Such incidents are mercifully rare, but the incident was the fourth one involving a United States warship this year.

In June, the USS Fitzgerald suffered a similar collision with the ACX Crystal near Japan. That tragedy cost the lives of seven sailors. In May, a South Korean trawler hit the cruiser USS Lake Champlain. In January, the guided-missile cruiser USS Antietam suffered damage to its propellers navigating Tokyo Bay.

Initial reports in the wake of the Fitzgerald tragedy blamed human error. The Navy relieved two senior officers and the ship’s highest ranking enlisted man of command. However, the number of accidents is apparently prompting reconsideration. The Chief of Naval Operations, Admiral John Richardson stated that while he had seen no indications of cyber-sabotage, the Navy’s investigation would “consider all possibilities.”

The incidents occurred on some of the world's most congested waterways. A third of the planet’s shipping passes through the waterways. Ship captains and crews tend to be alert as a consequence, with computer aided navigation and radar assisted by manual lookouts. The rash of incidents has spawned speculation about the possibility of cyber sabotage. Itay Glick, a former cyber-warfare specialist who went on to found cyber security firm Votiro explained that given the numbers, “I don’t believe in coincidence.”

Glick noted that the Seventh Fleet could have suffered a malware attack that would have blinded its ships to other traffic. He also considered a GPS attack to be a possibility, citing reports of similar incidents in the Black Sea. Other experts dismissed GPS spoofing (misdirection) as a remote possibility, noting that the GPS attack would affect a larger area, rather than a single ship. Civilian crews detected GPS interference in the Black Sea; United States Navy personnel encountering similar interference would certainly have noticed something amiss.

But the possibility of human error does not negate cyber-sabotage. Crew rotations and shift changes necessitate wide-spread access to ship computers. And opportunities for a viral infiltration through an apparently mundane channel proliferate with crews increasingly downloading movies, games, and books for long deployments at sea. In cybersecurity, the critical link in the chain continues to be the human component.

A recent spate of electronic-wallet thefts illustrates the problem. Hackers were able to drain digital wallets by taking control of the corresponding device. They did so by the relatively simple stratagem of flooding customer support centers with calls asking to transfer control of the electronic-wallet phone to a different device. If customer support refused the request, they simply repeated the process with another agent. In one case they tried 13 times. Phone companies and customers ran up against the eternal defender’s dilemma: defense has to run the table each time. The attacker needs to succeed only once.

Saad Gul and Mike Slipsky, editors of NC Privacy Law Blog, are partners with Poyner Spruill LLP. They advise clients on a wide range of privacy, data security, and cyber liability issues, including risk management plans, regulatory compliance, cloud computing implications, and breach obligations. Saad (@NC_Cyberlaw) may be reached at 919.783.1170 or sgul@poynerspruill.com. Mike may be reached at 919.783.2851 or mslipsky@poynerspruill.com.

Physical Address: 301 Fayetteville Street, Suite 1900, Raleigh, NC 27601

related information

what's new at the firm

Two Poyner Spruill Attorneys Help Work for Tomorrow through Mentor Program at UNC Law

2/20/2018

RALEIGH, NC – Founded in 2016, the McIntyre-Whichard Legal Fellows Program is now in its second year of existence at the University of North Carolina School of Law. The program was founded by two UNC Law School alums and is co-sponsored by the North Carolina Study Center and the UNC Christian Legal Society. The program is named after Poyner Spruill partner and former U.S. Congressman Mike McIntyre and former N.C. Supreme Court Justice Willis Whichard, who are both alums of the university and serve as program mentors.

Poyner Spruill Diversity Committee to host panel discussion with key leaders in the legal field to celebrate Black History Month

2/12/2018

The Poyner Spruill Diversity Committee is celebrating Black History Month by hosting an intimate panel discussion with key leaders who have been successful in the legal field.

Twenty-three Poyner Spruill Attorneys Honored by Super Lawyers in 2018

2/5/2018

RALEIGH, NC – Poyner Spruill is pleased to announce that 16 of its attorneys have been recognized as 2018 North Carolina Super Lawyers and 7 were named as 2018 North Carolina Rising Stars by North Carolina Super Lawyers Magazine.

Poyner Spruill’s Client Service & Strategy Manager to Present at the 2018 Festival of Legal Learning

1/23/2018

RALEIGH, NC – Poyner Spruill’s Manager of Client Service & Strategy, Brandi Hobbs, has been invited to present at the University of North Carolina School of Law’s 2018 Festival of Legal Learning. The festival will take place February 9-10 at The William & Ida Friday Continuing Education Center in Chapel Hill.

Poyner Spruill files amicus brief with U.S. Supreme Court on behalf of European business organizations

1/12/2018

RALEIGH, NC — Led by partner Saad Gul, the law firm of Poyner Spruill LLP filed an amicus curiae brief on behalf of five European business organizations, asking the U.S. Supreme Court to uphold a lower court’s ruling preventing officials from accessing specific private emails housed on a server in Ireland.