How To Navigate A Ship Through Cyber Attacks?

886

Now a days, ships increase in size, while crews decrease, as more and more processes are becoming automated. In Maritime industry, ships are relying more on systems that utilize automation, digitization, and integration than ever before.

As this kind of technology continues to develop, it is crucial to ensure cyber risk management onboard ships is at the forefront.

What makes Cyber Security important in maritime?

  1. New technology, more automation and digitalization– They enabling our industry to be more efficient. At the same time, cyber security needs to be in place in order to handle the safety considerations and risks this new technology brings with it. 
  2. An increase in cyber incidents–  The higher number of integrated vessels comes new threats which can remotely attack your vessels and potentially gain access to or impact the vessel’s control systems.
  3. Regulations and laws-  Laws are being introduced that require owners, operators and managers to consider cyber risks, such as the IMO Guidelines on Maritime Cyber Risk Management.
  4. Commercial cyber requirements and risks– Like TMSA 3 and lack of insurance coverage, can impact the probability of getting a charter and may lead to significant financial risk.

System vulnerabilities in cyber attacks

  1. Cybersecurity of Automatic Identification System (AIS)– A large study on AIS security was conducted by researchers and results were presented at the Black Hat Asia 2014 conference. Two attack vectors were considered: the first – against AIS providers collecting data from AIS gateways installed on the coasts to collect AIS information and then to provide commercial and free services in real time. 

The second type of attack is at the radio transmission layer, that is, the AIS protocol itself. The attack on the protocol was carried out using SDR (software-defined radio). 

These cyber attacks changes in ship data, including its position, course, cargo information, speed and the ability to make an existing vessels “invisible”.

  1. Cybersecurity of ECDIS (navigation system)- On March 3, 2014, the NCC Group released a report on the security of ECDIS systems. It is noted that the majority of systems of this class are a set of applications installed on a workstation running Windows operating systems (often XP) and located on the bridge of the ship. 

Other systems are connected to the workstation with ECDIS, via the on-board LAN network, from which the Internet is most often available: NAVTEX, AIS, radars and GPS equipment, as well as other sensors and sensors.

Correct operation of the ECDIS system is very important, its compromise can lead to the most unfavorable consequences – injuries and even death of people, environmental pollution and large economic losses.

  1. Cybersecurity of Voyage Data Recorder (VDR)– On February 15, 2012, Marines aboard the Italian private tanker Enrica Lexie, tasked with protecting the vessel from a possible pirate attack, mistakenly opened fire on an Indian fishing vessel and killed two Indian citizens. The tanker’s flight recorder lost data from sensors and voice recordings for the period of time when the incident occurred.

There were two of the reason for what happened: the overwriting of data by the VDR itself and the deliberate destruction of evidence. The loss of data naturally complicated the investigation, which gave rise to a diplomatic conflict between India and Italy and ended only on August 24, 2015.

If attackers have the ability to edit data on the recorder and substitute them, there is a high probability of organizing a fraud, which will send the investigation into the wrong direction.

  1. Cybersecurity of Port Management and Terminal Operating System– The most famous port cyber security incident occurred in the port of Antwerp in 2012. The short scheme, according to which the smuggling was delivered to Europe, was as follows: in the containers in which registered and duly issued goods arriving from Latin America were transported, smuggled goods (mainly drugs and weapons) were loaded at the port of departure. 

Upon arrival in Europe, the gang’s “IT department” intercepted the 9-digit PIN codes used to conduct container operations on DP World systems. These codes are required for handling port loading and unloading systems. After the smuggled container arrived in Antwerp, the smugglers, connected to one of the port’s wireless networks, instructed the loading systems to move the “charged” container onto their truck before the owner arrived. 

Complaints from companies about the periodic loss of containers, led to a series of searches and raids.

  1. Cybersecurity of CTS, GPS and satellite communication systems– Satellite communication systems (SATCOM), including those connecting vessels via the Internet with each other and with the mainland, contain a large number of vulnerabilities, according to the IOActive report. Inspection of satellite terminals used in shipping  revealed critical security holes such as devices using unsecured or even undocumented protocols , factory-set up accounts, the ability to exploit the password reset function, backdoors. 

Another significant case of satellite systems being compromised occurred in July 2013. Students from the University of Texas at Austin were able to divert a yacht worth $ 80 million from course using equipment that did not cost more than $ 3,000.Using a GPS signal simulator, duplicating the signal of a real satellite and by gradually increasing the power, they were able to “persuade” the ship’s navigation system to accept the spoofing device’s messages and discard the signal of the real satellite as interference. After the navigation system began to orient itself according to the data of two satellites and the attacking device, the researchers managed to deviate the vessel from the original course.

Did you subscribe to our daily newsletter

It’s Free! Click here to subscribe!

Source: Marine digital