Shipowners and managers are unaware that their fleets are already in the firing line of cyber attackers
Ship operators might not know they have already been hacked and cyber attacks are more widespread than the shipping industry realises. However, the sector is still waiting for the first major and highly-damaging attack, although there has been at least one on an offshore support vessel.
One fear in the shipping community is a cyber attack would be aimed directly at a ship system that is essential for safe navigation. However, Ecdis Ltd project support George Ward predicts that the first catastrophic maritime cyber incident will not be the result of a direct attack on a safety critical specific piece of equipment. “It will be the result of an infection on a random computer,” he commented. “Perhaps an unassuming email to a crew member, whose personal computer is either connected to the vessel's internal network, or he transmits the infection internally while it lies dormant.”
Hackers could hide their viruses in crypto-locker, or ransomware software, which are easily available to download on the dark web, Mr Ward explained. “They may not necessarily attack the equipment they infect. They can lie dormant and infect connected equipment when nobody suspects.”
Mr Ward thinks the maritime industry is ill prepared for cyber attacks because of its slow trend towards digitisation. “The industry has a dismal record in its slow and painful transition from paper and analogue methods of shipping to new innovative technologies when compared to industry rivals like aviation,” he explained. “Some seafarers are not even evolved enough to be talking about it yet, let alone implementing new cyber procedures on board ships.”
Seafarers could be accidental initiators of cyber attacks by unconsciously accepting a generic phishing email that goes on to attack their computers. Therefore, the first damaging attack in shipping might not be a deliberate or strategic hack. Mr Ward thinks such an attack could cause disruption to trade worth billions of dollars to the industry and damage reputations. Hacking could also lead to the loss of sensitive information or grounding of a ship.
“There is a real threat for cyber activists to start gaining and changing sensitive shipping data from our onboard equipment,” said Mr Ward. “Such as changing the vessel’s route to cause a grounding, gaining access to digitally controlled enginerooms and causing alarm mute while an engine fails or even catches fire due to a manual overload caused by the hacker.”
The maritime industry has to face that its threat level from cyber security has risen from non-existent just a few years ago to high alert this year. Mr Ward explained that this is because hackers are starting to realise shipping’s huge potential as a target. “Attacks now have the capability to obtain sensitive ECDIS, AIS and GPS data, to name but a few, so it is vital that the correct procedures and processes are in place to stop the worst from happening,” he commented.
Technology expands cyber threats to shipping
The development speed of technology, such as super-computers, 3D printing and nano-electronics, is also a factor for rising threat levels. A danger comes when one technology is put into operation while the next generation of more powerful technics is being produced. “This is creating an always expanding, developing and aggressive cycle. But, due to the speed of production, this process can lead to an unstable, unsecure and untrusted platform, as it is not able to keep up with ever-changing threats.”
After years of this method of development, technology companies are starting to adapt to the issue by developing and applying software updates weekly. These manage security flaws within the software, while changes to future developments can help manage the constantly increasing cyber-crime threat.
Some maritime software manufacturers have used a physical security method of locking-out their systems to intercept physical security threats. However, this increases the complication of applying security software updates and a shipping company’s decision to have an integrated bridge system, due to issues with syncing and communication between different software manufacturers. This also means only specialised engineers and trained software technicians are allowed to apply updates.
“Restrictions like these could mean that ship systems are 80 per cent more susceptible to cyber threats,” Mr Ward commented
He thinks shipping companies need to invest in cyber security to prevent them from being attacked, or being unaware of any hacking: “The solution is simple, but it will cost you, which no one likes unless it is necessary,” he said. “Only some companies feel that cyber security is important enough to invest in. In reality, if you spend as much on coffee as you do on cyber security measures, you will be hacked.”
Solutions will be costly
The first move is ensuring everybody is educated in cyber security awareness. “Preferably starting from the top and working down so the entire seafaring community can spot a cyber attack and know what action to take in response,” Mr Ward added. “Countless companies are missing the correct procedures when it comes to security. A robust IT security policy is highly recommended, as this allows employees and users of all IT equipment to be clear as to how company data and information should be used on IT equipment.”
He continued: “It is recommended that a company appoints a cyber security chief to implement and respond to all cyber security-related issues or system flaws that may be found.” This person would have ultimate responsibility for implementing and maintaining all cyber security measures within the company.
Shipping companies should also ensure employees are aware that attacks come from other sources than just the internet. “A lack of physical security can also be a major factor in the cause of industry changing attacks,” said Mr Ward.
“Attacks occur due to people not taking the correct measures to keep IT equipment safe, which is another reason why we need everyone to be aware of what is coming”
Hacking could begin when an infected USB memory stick is inserted into a ship network. It could be infected with multiple viruses that might allow someone else complete control of an entire network, thereby destroying it. Mr Ward explains: “Shipping companies have some form of internal networked server that allows their computers to communicate and send and save files between them, and therefore also connect to the internet. “With improper procedures in place it could be easy for anyone keen to infect an auxiliary piece of equipment that connects to the primary network.” These could include random software updates, engineroom sensor tests or linking non safety-critical bridge equipment to the internet. “We often concentrate and develop robust procedures purely for the few safety-critical pieces of equipment, but the attack will take place on a tertiary system that is connected to it,” said Mr Ward.
Cyber security is not an issue that should be ignored. There are direct and indirect threats to shipping companies and vessels that the industry needs to be aware of and invest to repel. The industry can hear about the latest threats and cyber security solutions at a Riviera Maritime Media event in London in June. Riviera’s European Maritime Cyber Risk Management Summit will be held in association with Norton Rose Fulbright on 20 June, see the full programme here.