“He who lets the sea lull him into a sense of security is in very grave danger.” – Hammond Innes

Does the same hold true for cyber threats and the maritime domain?
Alone and Unafraid?

In the days of sail, life at sea was the ultimate in isolation.  Short of visual and audio communications — semaphore, flashing lights, bells and whistles, ships were out of contact for the extent of their voyage.  The advent of wireless communications changed that, suddenly “connecting” ships to shore during most of their time at sea.  Today, ships are more connected than ever.  Voice, data, navigation, remote monitoring systems, and IP services all flow freely to and from ships at sea.  Of course, this connectivity adds risk, specifically in the cyber domain, as those same systems become increasingly vulnerable to malware and cyber attacks.

The maritime industry is well aware of the problem.  The website gCaptain, a leading maritime and offshore website, reports the following:

The growing complexity of ships, and their connectivity with services provided from shore side networks via the internet, makes onboard systems increasingly exposed to cyberattacks. In this respect, these systems may be vulnerable either as a way to deliver a cyberattack, or as a system affected because of a successful cyberattack. According to experts, stand-alone systems will be less vulnerable to cyberattacks compared to those attached to uncontrolled networks or directly to the internet.

It is recommended that companies should develop, and ships should have access to, appropriate contingency plans in order to effectively respond to cyber incidents. Without a contingency plan, decisions and actions may be made that inadvertently make recovery work more difficult and compromise evidence.

The Threat Manifested

How real is the threat?  From a Reuters news article published in April, 2014:

Hackers recently shut down a floating oil rig by tilting it, while another rig was so riddled with computer malware that it took 19 days to make it seaworthy again; Somali pirates help choose their targets by viewing navigational data online, prompting ships to either turn off their navigational devices, or fake the data so it looks like they’re somewhere else; and hackers infiltrated computers connected to the Belgian port of Antwerp, located specific containers, made off with their smuggled drugs and deleted the records.”

The article goes on to discuss potential vulnerabilities to ships and offshore platforms…

There are few reports that hackers have compromised maritime cyber security. But researchers say they have discovered significant holes in the three key technologies sailors use to navigate: GPS, marine Automatic Identification System (AIS), and a system for viewing digital nautical charts called Electronic Chart Display and Information System (ECDIS).”

And again, from gCaptain:

“Marco Balduzzi and colleagues at anti-virus vendor Trend Micro last month showed that an attacker with a $100 VHF radio could exploit weaknesses in AIS – which transmits data such as a vessel’s identity, type, position, heading and speed to shore stations and other ships – and tamper with the data, impersonate a port authority’s communications with a ship or effectively shut down communications between ships and with ports.”

Addressing the Challenge

The shipping industry has taken notice, and is addressing the threat.  A consortium of international shipping organizations, to include BIMCO, ICS, INTERCARGO, CLIA, and INTERTANKO released free guidelines on cyber security at sea.

As always, however, the devil is in the details.  As the demand for increased connectivity grows, so too does the challenge to maintain system security.  Old systems must be made secure, while new systems should be delivered with a security plan already in place.  And, as always, the average operator must be given the proper training to ensure they don’t inadvertently put systems at risk.

As it turns out, the term phishing has an entirely new connotation at sea…