A United States Navy NCO has been demoted after she allowed an unsecured WiFi network to be set up on the USS Manchester (LCS-14), an Independence-class littoral combat ship (LCS), assigned to the United States Naval Surface Forces Pacific (SURFPA), a component of the U.S. Pacific Fleet.
The now-former Command Senior Chief Grisel Marrero was tried and convicted in March, the Navy Times reported. Marrero was reduced in rank to E-7. She was previously relieved of her leadership position aboard the warship last September, due to a “loss of confidence,” a SURFPA spokesperson said in a statement. According to the charge sheet, she failed to safeguard the warship against operational security risks by setting up an illicit WiFi network.
“Navy senior enlisted leaders are held to high standards of personal and professional conduct. They are expected to uphold the highest standards of responsibility, reliability and leadership, and the Navy holds them accountable when they fall short of those standards,” the spokesperson added.
At a special court-martial that was conducted earlier this year, Marrero pleaded guilty to willful dereliction of duty. In addition, she later confirmed that she had attempted to conceal from the ship’s commanding officer that the network had been set up.
The second-in-command of LCS-14’s gold crew, Commander Matthew Yokeley was also removed from his posting on an unrelated matter.
The Dangers of WiFi
It isn’t clear who exactly had access to the WiFi network, or what its purpose was – but it was reportedly connected to the ship’s Starlink system. Such unsecured networks are generally prohibited on U.S. warships due to security concerns.
“It’s a problem for two reasons,” said technology industry analyst Roger Entner of Recon Analytics.
“First, it is an attack vector for someone to hack into whatever devices were connected to the unsecured WiFi network,” Entner told ClearanceJobs. “And second, the transmission of the WiFi network could give away the location of the vessel if the vessel runs on silent with all transmissions cut.”
In other words, a WiFi access point offers access potentially far beyond just those who want to chat with loved ones at home on a mobile device, stream a popular TV series, or perhaps download images and videos of a particular nature.
The problem is that, as noted, an adversary could also exploit the network.
“Cybersecurity techs go to great lengths to ensure access on authorized points is strongly controlled, but a spurious WiFi like this poses a wild card,” warned Dr. Jim Purtilo, associate professor of computer science at the University of Maryland.
“It advertises where you are and what you’re doing, and it opens a back door to all manner of potential malicious activity as well. If they used an active uplink to the outside, then even without access internally an adversary might well use the connection information for tracking the ship, which in some cases could be fatal,” Purtilo told ClearanceJobs.
The threat that unsecured networks pose has been made all too clear in recent years, Purtilo added.
“The Ukraine conflict has offered the world a master class in how simple signals serve as effective links in the kill chain,” he explained. “A carelessly configured Russian access point will attract missiles in real-time. It would be no less so for a combat ship at sea.”