Welcome
Summary
Course
Exam
Certificate
Library
News
Verify
Support
My Account

Profiled Partners

  • Navarino
    The Maritime Industry's Most Advanced Communications & Connectivity Company
  • CSO Alliance
    The World's First Global Members Alliance of Maritime Company Security Officers (CSO)
  • Be Cyber Aware at Sea
    Start the Course now!
  • Be Cyber Aware At Sea
    A Global Maritime & Offshore Initiative.
 

 
 

Ships are already under cyber attack

Marinemec.com, April 2017 
June 26th 2017
Marinemec.com, April 2017
This article by Martyn Wingrove is based on a conversation he had with George Ward of Ecdis Ltd. It succinctly explains why the very fact of shipping become more technology based is increasing its risk of cyber attack. Read the online article here.


Shipowners and managers are unaware that their fleets are already in the firing line of cyber attackers

Ship operators might not know they have already been hacked and cyber attacks are more widespread than the shipping industry realises. However, the sector is still waiting for the first major and highly-damaging attack, although there has been at least one on an offshore support vessel.

One fear in the shipping community is a cyber attack would be aimed directly at a ship system that is essential for safe navigation. However, Ecdis Ltd project support George Ward predicts that the first catastrophic maritime cyber incident will not be the result of a direct attack on a safety critical specific piece of equipment. “It will be the result of an infection on a random computer,” he commented. “Perhaps an unassuming email to a crew member, whose personal computer is either connected to the vessel's internal network, or he transmits the infection internally while it lies dormant.”

Hackers could hide their viruses in crypto-locker, or ransomware software, which are easily available to download on the dark web, Mr Ward explained. “They may not necessarily attack the equipment they infect. They can lie dormant and infect connected equipment when nobody suspects.” 

Mr Ward thinks the maritime industry is ill prepared for cyber attacks because of its slow trend towards digitisation. “The industry has a dismal record in its slow and painful transition from paper and analogue methods of shipping to new innovative technologies when compared to industry rivals like aviation,” he explained. “Some seafarers are not even evolved enough to be talking about it yet, let alone implementing new cyber procedures on board ships.”

Seafarers could be accidental initiators of cyber attacks by unconsciously accepting a generic phishing email that goes on to attack their computers. Therefore, the first damaging attack in shipping might not be a deliberate or strategic hack. Mr Ward thinks such an attack could cause disruption to trade worth billions of dollars to the industry and damage reputations. Hacking could also lead to the loss of sensitive information or grounding of a ship.

“There is a real threat for cyber activists to start gaining and changing sensitive shipping data from our onboard equipment,” said Mr Ward. “Such as changing the vessel’s route to cause a grounding, gaining access to digitally controlled enginerooms and causing alarm mute while an engine fails or even catches fire due to a manual overload caused by the hacker.”

The maritime industry has to face that its threat level from cyber security has risen from non-existent just a few years ago to high alert this year. Mr Ward explained that this is because hackers are starting to realise shipping’s huge potential as a target. “Attacks now have the capability to obtain sensitive ECDIS, AIS and GPS data, to name but a few, so it is vital that the correct procedures and processes are in place to stop the worst from happening,” he commented.

Technology expands cyber threats to shipping

The development speed of technology, such as super-computers, 3D printing and nano-electronics, is also a factor for rising threat levels. A danger comes when one technology is put into operation while the next generation of more powerful technics is being produced. “This is creating an always expanding, developing and aggressive cycle. But, due to the speed of production, this process can lead to an unstable, unsecure and untrusted platform, as it is not able to keep up with ever-changing threats.”

After years of this method of development, technology companies are starting to adapt to the issue by developing and applying software updates weekly. These manage security flaws within the software, while changes to future developments can help manage the constantly increasing cyber-crime threat.

Some maritime software manufacturers have used a physical security method of locking-out their systems to intercept physical security threats. However, this increases the complication of applying security software updates and a shipping company’s decision to have an integrated bridge system, due to issues with syncing and communication between different software manufacturers. This also means only specialised engineers and trained software technicians are allowed to apply updates.

“Restrictions like these could mean that ship systems are 80 per cent more susceptible to cyber threats,” Mr Ward commented.

He thinks shipping companies need to invest in cyber security to prevent them from being attacked, or being unaware of any hacking: “The solution is simple, but it will cost you, which no one likes unless it is necessary,” he said. “Only some companies feel that cyber security is important enough to invest in. In reality, if you spend as much on coffee as you do on cyber security measures, you will be hacked.”

Solutions will be costly

The first move is ensuring everybody is educated in cyber security awareness. “Preferably starting from the top and working down so the entire seafaring community can spot a cyber attack and know what action to take in response,” Mr Ward added. “Countless companies are missing the correct procedures when it comes to security. A robust IT security policy is highly recommended, as this allows employees and users of all IT equipment to be clear as to how company data and information should be used on IT equipment.”

He continued: “It is recommended that a company appoints a cyber security chief to implement and respond to all cyber security-related issues or system flaws that may be found.” This person would have ultimate responsibility for implementing and maintaining all cyber security measures within the company.

Shipping companies should also ensure employees are aware that attacks come from other sources than just the internet. “A lack of physical security can also be a major factor in the cause of industry changing attacks,” said Mr Ward.

“Attacks occur due to people not taking the correct measures to keep IT equipment safe, which is another reason why we need everyone to be aware of what is coming”

Hacking could begin when an infected USB memory stick is inserted into a ship network. It could be infected with multiple viruses that might allow someone else complete control of an entire network, thereby destroying it. Mr Ward explains: “Shipping companies have some form of internal networked server that allows their computers to communicate and send and save files between them, and therefore also connect to the internet. “With improper procedures in place it could be easy for anyone keen to infect an auxiliary piece of equipment that connects to the primary network.” These could include random software updates, engineroom sensor tests or linking non safety-critical bridge equipment to the internet. “We often concentrate and develop robust procedures purely for the few safety-critical pieces of equipment, but the attack will take place on a tertiary system that is connected to it,” said Mr Ward.