How Music Could Be Used as a Weapon at Sea

Mmaxer via Shutterstock

AA Font size + Print

Cyber experts believe that malicious soundwaves could be deployed to paralyze a ship's electronic systems. By Aliya Sternstein

The next Cuban missile crisis could be resolved through the power of music rather than an armed standoff between nuclear powers, military officials and researchers speculate.

It is believed that sound waves can “jump the air gap” — or hack a machine that is not on a network — to paralyze a ship’s control systems. Instead of using a blockade or firing Tomahawk missiles to prevent Russia from delivering weapons to Cuba, the United States could use malicious tones. 

“This is where you talk about fleets coming to a stop. Our ships are floating SCADA systems,” retired Capt. Mark Hagerott, deputy director of cybersecurity for the U.S. Naval Academy, said at a summit in Washington organized by Government Executive Media Group. He was referring to supervisory control and data acquisition systems that control industrial operations. “That would disrupt the world balance of power if you could begin to jump the air gap,” Hagerott said. 

(Read the rest of the coverage from Defense One Summit here)

It’s conceivable sound waves can be transformed into malicious electrical signals. An air disruption causes the diaphragm of a speaker to create an electrical signal made up of ones and zeros. Targeted ones and zeros can override a computer-driven ship. 

Taking down a SCADA system “gives you a nonlethal warfare capacity at sea,” Peter Singer, a Brookings Institution national security analyst, said in an interview after speaking at the Defense One Summit. A president could say, for example: “Don’t let this enemy fleet seize these island chains but also don’t let it turn into a shooting war.” It would warn the adversary that if it crosses a certain boundary, the United States will flip the switch. “Now their ship is floating but you haven’t killed anyone,” Singer said. 

Even the Stuxnet virus, an alleged U.S.-Israel creation that breached an air-gapped Iranian nuclear production system, required more proximity. Someone inserted an infected jump drive that made the nuclear centrifuges go haywire. 

Onboard, “you think you are secure. You didn’t put a flash drive in. There’s no wires,” Hagerott said. 

This story has been updated to include more specific details.

(Image by Mmaxer via Shutterstock)

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.