AIS and GPS Spoofing: Can it Happen on the West Coast?

Image: Ernie Hayden/Canva.

Imagine this scenario.

Your ship is operating out of Long Beach, Calif. It’s a sunny day with calm winds and a flat sea. Suddenly your Electronic Chart Display and Information System (ECDIS) and Automatic Identification System (AIS) show your vessel off the coast of Nigeria. 

What happened?

Well, this scenario isn’t that farfetched. In June 2019, the offshore supply boat Princess Janice was operating from a Nigerian oil terminal when the AIS abruptly showed the ship circling above Point Reyes, Calif. and then eventually deviating to above Utah. This false AIS reading lasted for almost 400 hours.

On that same day, a total of 12 ships’ AIS positions appeared to be thousands of miles from their actual positions. Reports said that the AIS on these vessels showed them traveling in circles. often over land and land-locked cities such as Madrid, Spain.

Over five years later experts and government officials still don’t know who or what caused this Global Navigation Satellite System (GNSS) /AIS anomaly.

In this article, we’ll explore concerns raised about faulty or fraudulent AIS signals. However, before we continue, we need to survey GNSS, GPS and AIS to better understand their use, application and differences.

Comparing GNSS, GPS and AIS

GNSS is a term referring to the International Multi-Constellation Satellite System that provides autonomous geo-spatial positioning with global coverage. It includes systems like the Global Positioning System (GPS), GLONASS (Russia), Galileo (European Union), BeiDou (China), QZSS (Japan), KPS (South Korea) and NavIC (India). 

GNSS receivers can use signals from any positioning satellite, not just the ones in the GPS system. Also, because GNSS has access to multiple satellite systems, GNSS receivers are more reliable and accurate than using GPS alone.

GNSS is used for a wide range of applications requiring precise positioning and timing, such as transportation, agriculture, construction and scientific research.

GPS is a satellite navigation system owned by the U.S. government and operated by the U.S. Space Force. GPS consists of a network of satellites that continuously transmit coded information thus allowing GPS receivers to determine their location, speed, direction and time. GPS is primarily used for personal and vehicle navigation, surveying and timing applications. Of note, GPS receivers only can use signals from satellites in the GPS system.

AIS uses GNSS receivers to obtain a ship’s position, which is then broadcast. AIS broadcasts a vessel’s position, speed, course and navigational status via Very High Frequency (VHF) radio at regular intervals.

It’s an open, unencrypted and unprotected radio system. This data is then received by other vessels and shore-based systems and displayed on screens or chart plotters. AIS is primarily used for maritime navigation, collision avoidance and vessel traffic monitoring. Overall, AIS complements GPS and GNSS by providing additional information for improved situational awareness by other ships and organizations, such as port authorities and coast guards.

In U.S. waters, GPS provides the important data feed to AIS.

One other term of art to be aware of in this discussion is Position, Navigation and Timing (PNT) services. PNT is provided by GPS, but it is a mariner’s biggest on-going cyber vulnerability. Thus, if PNT is wrong, then AIS is wrong.

Why is Reliable and Valid AIS Data Important?

A reliable and accurate AIS signal significantly enhances maritime safety through several key functionalities:

  1. Collision avoidance – This is especially important in congested waters or in poor visibility.
  2. Automated alerts – AIS can calculate the Closest Point of Approach (CPA) and generate collision alarms, thus alerting mariners to potential risks and enabling timely evasive actions.
  3. Enhanced situational awareness – AIS facilitates exchange of vital information between vessels and shore stations, including navigational status and vessel details. This collection of data creates a clearer picture of maritime traffic thus improving situational awareness for ship crews, maritime authorities, etc. Also, AIS can be integrated with radar and electronic charts, providing a consolidated view of the maritime environment.
  4. Marine traffic management – AIS supports management of vessel traffic in ports and harbors thus ensuring efficient berth allocation and smooth traffic flow. In some instances, container cranes also use GPS for positioning.
  5. Search-and-rescue operations – The ability of AIS to quickly identify distressed vessel location is a critical safety feature. Here, AIS signals provide precise location data to rescue teams, improving response times and potentially saving lives and reducing material loss. 
  6. Regulatory compliance and monitoring – Under international regulations, AIS is mandated for certain vessels. This allows for effective monitoring and identifying a significant portion of marine traffic. Here again, AIS provides a significant level of situational awareness across the maritime environment.

If AIS data is unreliable or inaccurate, most of the functions listed above cannot be fulfilled.

What are GPS Vulnerabilities?

The amplitude of the GPS and GNSS signals is quite weak. They can be easily disrupted by natural phenomena, by accident or intentionally by a nation-state or criminal actor, such as a pirate. For instance, GNSS signals can be spoofed or replaced by a false signal causing the AIS receiver to “believe” it is in a completely different location.

Here are some disruption scenarios resulting in blocked, invalid or erroneous GPS signals:

1. Natural disruptions – For instance, solar flares can temporarily overpower GPS signals, and if strong enough, permanently damage GNSS satellites. GPS signals can be blocked by heavy foliage or terrain. And GPS does not penetrate underwater due to its frequency and power level.

2. Accidental disruption – Malfunctioning electrical and electronic equipment can inadvertently jam or block GPS signals. Improperly installed TV antennas and ineffectively shielded telecommunications equipment, sparking motors and devices, have been determined to be sources of GPS interference.

3. Intentional jamming – This is the territory of nation states and transnational organized crime. For instance, militaries of most nations have the capability to jam GPS for their own purposes. Ukraine’s GPS reception is being jammed by the Russians as part of the current war.

In a U.S. Federal Bureau of Investigation Private Industry Notification (PIN), auto thieves shipping vehicles to China used GPS jammers placed in shipping containers.

The jamming devices were made in China and could be bought over the internet for about $14 USD. The use of the GPS jammers was an apparent attempt by thieves to thwart the tracking of the shipping containers (https://bit.ly/3Tm1XbF).

In a May report from GPS World, during March 23-24, widespread GPS jamming occurred in Eastern Europe that impacted more than 1,600 aircraft over the two days. The source of this massive jamming event was thought to be in Russia’s Kaliningrad exclave, between Lithuania and Poland.

In early June, dozens of merchant ships began transmitting AIS positions that put them at airports in the occupied Crimean Peninsula and the Russian Federation. As of June 4, nearly 50 vessels broadcast their location as the International Airport of Simferopol, Crimea and about 30 vessels at Gelendzhik Airport near Novorossiysk.

Though AIS spoofing is known to occur in the Black Sea region, an event of this magnitude is uncommon. It is highly likely that this event is correlated to the electronic warfare and jamming activities of the Russo-Ukrainian war taking place a few miles from these two locations (https://bit.ly/3B2lB6f).

Shipboard Impacts of Failed GPS/GNSS Signals

There have been some experiments performed when GPS/GNSS signals are not available or are jammed. These shipboard systems “… either fail completely, or, even worse, provide false misleading information.” (https://bit.ly/3XhdcmO)

These systems include:

  • Electronic chart displays (aka ECDIS)
  • Ship’s autopilot
  • Heli-deck stabilization system
  • Satellite voice and data communications
  • Maritime distress safety system
  • Radar
  • Gyro compass
  • Automatic Identification System (AIS)
  • Timing

GNSS jamming is also referred to as “brute force jamming” when an attacker generates noise-like signals at frequencies used by a GNSS system. Thus, authentic GNSS systems cannot be tracked.

But what if the signal has been “spoofed” or manipulated? Then, the GNSS signal could result in the following:

  • Vessel diverted into hostile or territorial waters.
  • Vessel redirected towards shallow waters and shoals.
  • Port activities disrupted by targeting automated container logistics.
  • Cargo in transit hijacked by disguising the true location of the container.
  • Don’t forget that by turning off the AIS on a vessel, nation-states and transnational organized crime could conceal vessels engaged in illicit trade, fishing or sanctions evasion. Even drug cartels are using GNSS spoofing to mask their activities and target smaller US drones.

How Does GPS/GNSS Spoofing Work?

In the white paper “Above Us Only Stars,” (https://bit.ly/3XFAqEI), the authors review the vulnerabilities in GNSS/GPS and examine GNSS spoofing, the role of Russian GNSS spoofing for VIP protection and the use of Russian GNSS spoofing for strategic facilities protection. On page 7 of this report there is a graphic showing the process of GNSS spoofing. Remember GNSS includes the U.S. GPS system.

 A summary of this method is below:

Step 1 – GNSS satellites send navigation signals down to Earth.

Step 2 – GNSS receiver calculates the true location of a vessel based on navigation signals from authentic GNSS satellites. 

Step 3 – GNSS receiver sends accurate location information to the AIS

Step 4 – AIS sends information about the vessel’s true location and identity to the global AIS monitoring system.

Step 5 – [SPOOFED OPERATION] GNSS spoofing transmitter mimics authentic GNSS satellites and broadcasts false navigation signals.

This is viewed as a “Man-in-the-Middle” attack.

Step 6 – [SPOOFED OPERATION] GNSS receiver on the vessel calculates false information based on signals from GNSS spoofing transmitter.

Step 7 – [SPOOFED OPERATION] Vessel GNSS receiver sends false location information to AIS.

Step 8 – [SPOOFED OPERATION] AIS sends information about the vessel’s false location to the global AIS monitoring system.

As you can see, this process isn’t for your common criminal, but instead something a nation-state or more capable transnational organized criminal would do.

Guidance on GNSS/AIS Spoofing Response

Here are some suggestions from the U.S. Coast Guard and some EDCIS vendors on handling GPS/AIS spoofing.

1. The Coast Guard recommends exercising caution when underway. Plans for responding to GPS interruptions that affect safe navigation of vessels should be in place prior to getting underway. Such plans should be incorporated into company policy and safety management systems as appropriate and made readily available to vessel crew responsible for safe navigation of the vessel.” (MSCI Advisory, 2023-013-Various-GPS Interference and AIS Spoofing, Paragraph 3)

2. When a GPS outage occurs, incidents should be reported in real time. The Coast Guard NAVCEN and NATO Shipping Centre websites contain details on the reporting process for disruptions, requesting critical information such as:
• Location (latitude and longitude)
• Date
• Time
• Duration of outage/disruption
• Photographs/screen shots of equipment failures experienced.

3. One option for vessel captains is to resort to using paper charts and/or using dead-reckoning (DR) modes of their ECDIS with a radar overlay to accurately plot their positions. On some ECDIS you can select an option to “Manually Fix Position” and use bearings to Aids to Navigation if you are along a coastline.

What Does the Future Hold?

In an article in Space News dated May 21 (https://bit.ly/47rr1Uc), the author raises concern that the U.S. GPS system is the world’s oldest satellite navigation system and needs improvements for both security and performance. He observes that the Chinese BeiDou and European Galileo satnav systems are bigger and more modern than the GPS constellation.

Even the Galileo system uses anti-jamming/spoofing technology called Open Service Navigation Message Authentication (OSNA protocol). This is a step above the current GPS open/unencrypted operation.

The U.S. GPS system is out of date and needs to be upgraded. However, in September, Gen. Michael A. Guetlein, vice chief of space operations, U.S. Space Command, said, “I don’t think we’ll ever move fast enough…we could be doing more in this area.”

Guetlein noted that if GPS is disrupted for 15 minutes, the U.S. would face a $1 billion hit to its economy.

So, to answer the question in the headline, yes it can happen on North America’s West Coast.  

Ernie Hayden’s background includes management and technical roles focused on cyber and physical security since the 9/11 attacks. He was previously a U.S. Navy Nuclear and Surface Warfare Officer and has published a book, Critical Infrastructure Risk Assessment—The Definitive Threat Identification and Threat Reduction Handbook, that was named the 2021 ASIS Security Book of the Year. Please send your questions or suggested article ideas to enhayden1321@gmail.com.