Imagine Ecdis and Positioning Systems Attacked!

2403

Experts warn about the seriousness of cyber security

Cyber

As ships get more sophisticated and more reliant on internet and satellite-based information exchange, “there is an increased risk [of cyber security issues] because there is a way in,” said Giles Noakes, chief maritime security officer at BIMCO.

Speaking to Marine Electronics & Communications during the Danish Maritime Days events in Copenhagen, he said that “the most important action we can take” is to build defensive measures into new buildings.  Not to do so, “knowing even as little as we know, would be criminal,” he added.

He had earlier addressed a conference exploring whether maritime security information adds value to the shipping community during which he had warned that one of the greatest security threats comes from items such as laptops and USB sticks that are brought on board by crew, visitors and passengers.

But he played down the potential damage from cyber-attacks by asking what could happen if ECDIS and positioning systems went down.  “In the middle of an ocean, not a lot,” he told delegates.  In a crowded waterway and if the pilot had not noticed that something has changed, things could be different, however.  “In a VLCC you are not going to be able to change direction and you are going to go aground, which could lead to a collision,” he said.

But he does not believe this is an intentional threat “for the average terrorist,” describing it instead as “an accidental threat that could happen.” Nonetheless, shipping companies need to make detailed contingency plans.  “You need to have identified a recovery plan [in case] you have an incident and we need to investigate cyber incidents so that we have a better understanding of the threats facing shipping,” he said.

To help gain that understanding, BIMCO conducted a survey of shipping companies in conjunction with the data specialist IHS to discover their experiences and concerns about cyber security.  One question asked them which onboard systems they believed were vulnerable to cyber-attacks.  Based on about 300 replies, more than 50 per cent named ECDIS and positioning systems, closely followed by engine controls and monitoring.

Addressing a separate event, Thomas Mellor, who chairs the International Hydrographic Organization’s ENC Working Group and is head of OEM technical support and digital standards at the UK Hydrographic Office (UKHO), agreed there are vulnerabilities arising from delivering ecdis updates via satellite.  “Every week, everyone knows that the UKHO will be sending out a package of data that the ECDIS system will have to ingest in some way … so there is a threat there that the ECDIS system could become infected.”

To counter this, some ECDIS manufacturers have introduced firewalls to check the downloaded data before it is used to update the navigation files.

But Mr Mellor echoed Mr Noakes by saying the greatest risk is often from the crew and cited an incident that occurred on a vessel when a crew member needed to charge his phone and plugged it into a USB port on the ECDIS, which he was updating at the time.  “Suddenly all the charts disappear, the shipping company had to get an engineer on board and the vessel could not sail.”

His advice was “to prepare for this and make sure you have policies and procedures” to address these risks.

Did you subscribe for our daily newsletter?

It’s Free! Click here to Subscribe!

Source: Marine Electronics and Communications Magazine