Open Source Naval Order of Battle
01/16/26
By: The Security Nexus
A naval order of battle used to be something you assembled with painstaking collection: port visits, a lucky periscope photo, signals intercepts you could not talk about, and a lot of informed inference. In 2026, a surprising amount of “who is where, doing what, with what” leaks into the commercial layer by default. Not because navies are sloppy, but because maritime safety systems, space-based sensors, and RF geospatial intelligence have created a kind of accidental transparency.
Thesis: An open source naval order of battle (OOB) is increasingly buildable from commercial SAR, AIS, and RF mapping. The strategic trick for states is not to pretend OSINT does not exist, but to counter it selectively, so they reduce adversary insight without choking themselves on overclassification and operational self-harm.
⸻
What “Open Source OOB” means now
An OOB is not just a ship list. It is posture: which hulls are active, which formations make sense, which routes are habitual, which deployments look “routine” until they are not. Open sources rarely give you perfect identification, but they increasingly give you patterns. That is often enough.
The modern OSINT stack at sea has three overlapping layers:
1. AIS (Automatic Identification System): a self-reported broadcast system designed for safety and traffic management. It carries identity and voyage-related metadata, but it is also vulnerable to tampering and spoofing. The literature is blunt: AIS broadcasts are generally not encrypted or authenticated, and the integrity of the data is not inherently verified. (Androjna et al. 2021)
2. Commercial SAR (Synthetic Aperture Radar): a space-based radar image that sees through weather and darkness. It does not need a cooperative transmitter. That alone changes the game for “silent” ships. Research on fusing SAR with AIS shows why: AIS can label and contextualize, SAR can catch the ships that do not want to be labeled. (Yan et al. 2022)
3. Commercial RF mapping: systems that geolocate emitters and infer behavior from transmission patterns. Even when a ship tries to “disappear” from AIS, other RF signatures can betray activity. One example discussed in the AIS spoofing literature is HawkEye360, described as providing maritime awareness through RF geospatial intelligence, including instances of vessels stopping AIS transmissions for hours. (Androjna et al. 2021)
Individually, each layer can be noisy. Together, they become a reality check machine.
⸻
What commercial sensors already reveal at sea
AIS reveals routine, affiliation, and sometimes intent
AIS is a gift to analysts because it provides both movement and metadata. It tells you who says they are there, what they say they are doing, where they say they are going, and how they say they are moving. This is gold for establishing baselines, spotting deviations, and building network maps around ports, corridors, and loiter areas.
The ugly part is that AIS is also susceptible to abuse. The research surveys spoofing and highlights that AIS can be jammed or intentionally spoofed, producing erroneous position information. (Androjna et al. 2021) The same paper notes how AIS depends on RF transmission and reception, which creates opportunities for malicious transmissions and manipulation. (Androjna et al. 2021)
So AIS tells you a lot, but it can also tell you lies with a straight face.
SAR reveals presence, regardless of cooperation
SAR is the “you cannot hide from physics” layer. It is widely used for maritime monitoring and can support ship classification, with researchers explicitly leveraging high-resolution SAR satellites such as Sentinel 1 and TerraSAR-X in this context. (Yan et al. 2022)
The deeper move is combining SAR and AIS. A key constraint in practice is that SAR imagery has limited semantic detail on its own, while AIS has rich attributes but suffers from loss, shutdowns, and spoofing. The fusion logic is straightforward: remote sensing detects the target, AIS provides identity, and mismatches become leads. (Li et al. 2025)
RF mapping reveals behavior, even when AIS goes dark
RF mapping is not just “signals intelligence” in the classic sense. Commercial RF geolocation products turn emitter activity into geospatial patterns, which can be integrated with imagery and AIS.
The AIS spoofing literature provides a useful illustration: it cites RF geospatial intelligence revealing suspicious behavior, including vessels that stopped transmitting AIS for extended periods and may have entered an EEZ. (Androjna et al. 2021) Even without taking that specific case as gospel, the analytic point stands: disappearance is itself a signature, and RF mapping can sometimes bound what happened during the gap.
⸻
The fusion move: building an OOB from inconsistencies
Open source OOB is not built from a single “perfect feed.” It is built from triangulation.
A practical fusion workflow looks like this:
1. Baseline: use AIS to establish normal patterns: route corridors, speeds, loiter areas, port call cycles.
2. Detection layer: ingest SAR detections in the same areas and compare “seen” versus “reported.”
3. Mismatch triage: prioritize cases where SAR sees ships with no AIS, or AIS claims ships where SAR does not see them, or where trajectories become physically implausible.
4. RF enrichment: check RF mapping for emitter activity during AIS gaps, especially around chokepoints, naval bases, or exclusion zones.
The research community is literally building methods around this mismatch logic. A 2025 Remote Sensing paper frames “dark ships” as vessels deliberately disabling AIS, and proposes a multi-feature association approach integrating satellite imagery and AIS, using oriented bounding boxes to better estimate course and improve association accuracy. (Li et al. 2025) This matters for OOB because course and formation inference is where much of the operational insight lies.
A related 2025 Remote Sensing paper on small vessel identification emphasizes that SAR plus AIS approaches often overlook anomalies arising from mismatches in data and proposes a framework explicitly incorporating anomaly detection. (Chen et al. 2025)
This is the core OSINT reality: the adversary does not need your secrets if your patterns are stable and your inconsistencies are informative.
⸻
How states counter OSINT without over-classifying
Here is the trap: once leaders realize commercial OSINT is powerful, the reflex is often to clamp down on information. The result can be a bureaucracy that classifies the obvious, restricts internal sharing, and slows operational learning, while the adversary keeps buying data from commercial vendors anyway.
A smarter approach is selective, layered, and focused on denying inference rather than denying reality.
1. Treat commercial transparency as a baseline, then protect what adds marginal value
If commercial SAR can show a task group left port, classifying “departure happened” is mostly theater. The sensitive part is often why, how long, with what mission loadout, and what comes next. Protect the marginal value items.
Practical rule: classify the explanations and intent, not the observable movement.
2. Engineer emission discipline as a spectrum, not a vow of silence
Absolute EMCON is rarely sustainable. But disciplined emissions, timed windows, and mission-appropriate profiles can reduce the richness of RF pattern analysis.
The point is not to become invisible. The point is to avoid being predictably legible.
3. Harden AIS policy, but do not pretend AIS is trustworthy
AIS is a safety system, not a warfighting system. It is also vulnerable: messages are not generally encrypted or authenticated, and RF-based spoofing and data manipulation are well documented. (Androjna et al. 2021)
For state vessels, this suggests a policy distinction:
• In peacetime, maximize safety and compliance.
• In a crisis, define clear rules for AIS posture, including how to prevent friendly navigation hazards when AIS is reduced.
• Invest in internal tooling that flags spoofing clouds, implausible jumps, and VDL congestion artifacts, because attackers can also degrade the AIS channel itself. (Androjna et al. 2021)
4. Use deception sparingly, because deception becomes a signature, too
AIS spoofing and “virtual targets” can confuse short-term tracking, but large-scale manipulation can create detectable artifacts, especially when SAR and RF disagree. Over time, heavy deception can train analysts to treat your behavior as systematically untrustworthy, which is sometimes worse than being merely observed.
The best deception is usually small, local, and plausibly deniable. The worst deception is loud enough to become a dataset.
5. Do not over-classify internal fusion outputs
The most damaging form of overclassification is when your own analysts cannot share baselines, anomaly rules, and lessons learned across commands. Meanwhile, the commercial layer keeps getting better.
A practical governance move is to maintain an internally releasable “OSINT truth layer”: what commercial sources can show, how reliable they are, and the common pitfalls. This lets operators plan realistically without leaking mission-specific details.
6. Build resilience to “dark ship” logic, because adversaries will use it too
The same tools that help you map an OOB also help adversaries run illicit logistics, gray-zone fishing, or covert staging. The research on dark ship detection emphasizes that AIS shutdowns and spoofing create blind spots, and that multi-sensor methods are designed precisely to address them. (Li et al. 2025)
That is not just a maritime law enforcement problem. It is an OOB stability problem.
⸻
Bottom line
Commercial SAR, AIS, and RF mapping have pushed naval visibility into a new era: not perfect transparency, but enough persistent observation to make “pattern security” a real operational discipline. States that respond by overclassifying will mostly hurt themselves. States that respond by engineering selective denial, emission discipline, and smarter internal sharing will blunt OSINT inference while staying operationally agile.
⸻
Main takeaway
Open source OOB is now an inference game powered by mismatch detection. Counter it by denying inference and protecting intent, not by trying to classify the ocean.
Sources
Androjna, Andrej, Marko Perkovič, Ivica Pavić, and Jakša Mišković. 2021. “AIS Data Vulnerability Indicated by a Spoofing Case Study.” Applied Sciences 11 (11): 5015. https://doi.org/10.3390/app11115015.
Chen, Lihang, Zhuhua Hu, Junfei Chen, and Yifeng Sun. 2025. “SVIADF: Small Vessel Identification and Anomaly Detection Based on Wide Area Remote Sensing Imagery and AIS Data Fusion.” Remote Sensing 17 (5): 868. https://doi.org/10.3390/rs17050868.
Li, Fan, Kun Yu, Chao Yuan, Yichen Tian, Guang Yang, Kai Yin, and Youguang Li. 2025. “Dark Ship Detection via Optical and SAR Collaboration: An Improved Multi-Feature Association Method Between Remote Sensing Images and AIS Data.” Remote Sensing 17 (13): 2201. https://doi.org/10.3390/rs17132201.
Yan, Zhenguo, Xin Song, Lei Yang, and Yitao Wang. 2022. “Ship Classification in Synthetic Aperture Radar Images Based on Multiple Classifiers Ensemble Learning and Automatic Identification System Data Transfer Learning.” Remote Sensing 14 (21): 5288. https://doi.org/10.3390/rs14215288.
Rodger, M., and R. Guida. 2019. “Data Association Techniques for Near Contemporaneous SAR and AIS Datasets from NovaSAR 1.” In IGARSS 2019: IEEE International Geoscience and Remote Sensing Symposium, 700 to 703.
