Remote Monitoring of Containers: How Secure is it from Being Hacked

2012

The ability to monitor the condition of container-refrigerated cargo on ships many nautical miles off coastlines is changing the way liner companies and cargo owners can operate. They can be reassured that cargo is kept in refrigerated conditions and not spoilt by the time it reaches its destination. But can owners and ship operators rely on the remote link not being hacked or affected by malware?

System requirements:

The technology to monitor the condition of reefer cargo involves sensors inside the container, a GPS positioning unit, a modem and a SIM card. It also needs a global satellite constellation using L-band frequencies to transmit data from the container to a shore office.

This is essentially machine-to-machine technology that has been developed over the last decade for onshore applications. It has been adjusted for maritime and offshore operations over the years and is being used by container ship operators such as Maersk Line.

Security a major concern after malware attack:

Indeed, it is Maersk Group’s cyber attack at the end of June that brings forward the question of whether container monitoring systems are secure.

On the positive side, Maersk Line said it has saved millions of dollars of refrigerated cargo through its remote container monitoring systems. It said the system has alerted the company to more than 4,500 incorrect temperature settings on refrigerated containers. The information enabled technicians to change the container temperature settings and save the cargo.

Through the service, customers can track and monitor reefers around the world and receive updates on the reefer’s location, temperature, atmospheric conditions inside and the power status at all times during the voyage.

Secure until physically tampered:

It is good information to have, but is it secure and accurate? Looking at the container sensor equipment, this is secure as long as nobody physically tampers with it.

However, the GPS signal to the transceiver for locating the container can be jammed or spoofed by some relatively cheap equipment available on the open internet. But if the GPS signal to the container sensors are affected, then it is likely that the ship’s positioning will also be impacted.

This is a maritime-wide issue that ship captains can overcome by having redundancy in the positioning sensors and using dead reckoning techniques. Container sensor GPS will likely not have this redundancy, unless someone wants to develop it.

The satellite link, whether it is using Orbcomm, Iridium, Inmarsat or Globalstar constellations would generally be secure, although hackers could find a way through the security if they really wanted to.

Onshore office touted to be least secure:

The least secure side, in my opinion, would be at the onshore office where the data first lands and is analysed. June’s cyber attack of Maersk demonstrated the vulnerability of electronic platforms and onshore computer systems to malware. If these systems are not kept secure through patching software, updated antivirus programs and enhanced firewalls, then the data could be extracted, deleted or blocked.

Issue of hackers:

There is a risk that the data could be used by others for tracking cargo and monitoring its condition, perhaps for criminal needs. What would be a real worry, however, is whether the data link works both ways and hackers would be able to change the container conditions remotely. Technology that enables remote access to the container temperature and pressure controls would need to be totally secure if liner operators do not want cargo spoiled by a hacker while en route to the destination port.

Did you subscribe for our daily newsletter?

It’s Free! Click here to Subscribe!

Source: Marine Electronics & Communications