A US Navy petty officer has been demoted for allowing an insecure WiFi network to be installed on a USS. Manchester (LCS-14) is, IndependenceA -class littoral combat ship (LCS) belonging to the United States Navy’s Surface Forces Pacific (SURFPA), part of the United States Pacific Fleet.
Former Command Chief Grisel Marrero was tried and convicted in March, Navy Times reported. Marrero was demoted to E-7. A SURFPA spokesman said in a statement that Marrero was relieved of his command of the ship last September due to a “loss of confidence.” The indictment alleges that he failed to protect the ship from operational security risks by installing an illegal WiFi network.
“Navy senior enlisted personnel are held to high standards in their personal and professional conduct. They are expected to maintain the highest standards of responsibility, reliability and leadership, and the Navy will hold them accountable when they fail to meet those standards,” the spokesman added.
At a special court-martial earlier this year, Marrero pleaded guilty to willful dereliction of duty, and later admitted to trying to conceal the existence of the network from the captain.
Commander Matthew Yokeley, vice commander of LCS-14’s Gold Crew, was also relieved of his duties for unrelated matters.
The Dangers of WiFi
It is unclear who accessed the WiFi network or for what purpose, but it was reportedly connected to the ship’s Starlink system – unsecured networks that are typically banned on U.S. warships due to security concerns.
“This is problematic for two reasons,” said Roger Entner, technology industry analyst at Recon Analytics.
“First, any device connected to an insecure WiFi network is an attack vector that can be hacked,” Entner told ClearanceJobs. “Second, if a vessel shuts off all communications and sails quietly, WiFi network communications could reveal the vessel’s location.”
In other words, WiFi access points provide access to more than just those who want to chat with family at home on their mobile devices, stream popular TV series, or download images or videos of a certain nature.
The problem, as mentioned above, is that adversaries can also exploit the network.
“Cybersecurity engineers work hard to ensure that access to authorized points is tightly controlled, but fake Wi-Fi like this one is an uncertainty,” warned Dr Jim Partiro, an associate professor of computer science at the University of Maryland.
“It publicizes your location and actions and also opens a backdoor to all sorts of potential malicious activity. If they had an active uplink to the outside, even if they didn’t have access to the inside, an adversary could use the connection information to track the ship, which could be fatal in some cases,” Partiro told ClearanceJobs.
Partiro added that the threat posed by insecure networks has become very clear in recent years.
“The Ukraine conflict has provided the world with a master class in how simple signals can act as effective links in a kill chain,” he explained. “If carelessly set up, Russian access points could attract missiles in real time, even to combat ships at sea.”