What are the cyber threats to shipping?
Across the world, nations rely on the maritime sector for vital supplies – and if they are not able to get materials and goods at the time it is needed, it could result in major issues for the country and its people. Cyber attackers can disrupt this flow in several ways, through theft, preventing access (e.g. for ransom), or destroying goods (e.g. to drive up prices in black markets).
Preventing this is especially important nowadays since most things are supplied with a “just in time” (JIT) supply chain. JIT saves a lot of money because there is less spent on holding things in stock, but leaves us vulnerable if shipments are delayed or lost.
Millions of tons of goods are transported every day, but thousands of passengers also use maritime transport daily. In that sense, the main worry would be loss of life (through ransom again, or terrorism), however identity theft is still a big issue and when people travel their data should ideally be as safe as they are physically.
One other thing we have seen a rise in as well is blackmail – including some documented events in the military of people on ships using unsecure connections, being “overheard” and then blackmailed.
Some ships do use firewalls and systems run on top of traditional devices (Windows or something similar) which might have some basic virus protection, and some of the best protection ships have are air-gaps. But as they become more connected that safety gap is quickly disappearing and we aren’t seeing much effort to “replace” that air-gap security.
What damage could cyber criminals do?
This definitely depends on the system(s) they have infiltrated and to what level. Looking at the myriad of system configurations, it is very difficult to point to exactly what an attacker can do with access to ship systems.
As most of the “sophisticated” technology on a ship focuses around navigation, we (and many others) have done research on different ways of misdirecting or taking over navigation to influence the ship’s course and possibly even cause a collision.
Monitoring systems are important in protecting cargo, and we have also looked into how theft and smuggling can be achieved by taking over monitoring and cargo handling systems. Communication systems can also be targeted and while, separately, these systems are a big target we could see a sophisticated attack having both navigation and communication elements – the first to get access to a ship, the second to prevent the ship from calling out for help.
So, it depends on the type of system, and how much access the attackers achieved. Low level access to a navigation system may not allow the attacker to misdirect a ship, but it may allow them to deny access to charts.
Covid-19 and the shipping industry
As a result of the current pandemic, there have been reports about the nature of shipping movements changing. Cargo sailings are going up while oil and passenger voyages are going down and due to the shift in demands, shipments are focusing on essential things.
This changes the risk in subtle ways, with routes to China have apparently also decreased, meaning the value of certain stocks has gone up (cargo) and down (oil).
These are changes that could affect the level of risk, but from a cyber-security point of view we don’t yet know exactly what the impact will be, especially with the level of information we have right now.
Cyber crime during the pandemic
From fake coronavirus infection tracking websites to smartphone applications, cyber criminals are increasing the chance of a malware infection by tapping into the public’s concern and interest in the subject.
People desperate to look for cures and prevention medicines are targets for fraud and black markets, and the increase in such activity will likely mean more theft (possibly even targeting ports) and unsafe knock offs.
Fraud of all sorts is happening across the world. There have been reports in the media recently about fake emails purporting to be from the World Health Organisation and trying to get finance details/access.
In the maritime sector, container shipping company MSC did confirm that an outage it experienced over Easter was caused by a cyber attack, and the situation is constantly changing. But one of the big problems we have seen – both now and more generally – is that a lot of cyber crime on ships is likely to be mislabelled as human or system error instead of an intentional attack by a third party.
Part of the research we are trying to do is to better determine what is actually going on out there.
The International Maritime Organisation has released guidance designed to encourage greater cyber risk awareness, and aimed at ensuring basic cyber hygiene starts in 2021. This is definitely a good step forward and a real advance on where things were before.
It is also promoting advice issued by other bodies, including the World Shipping Council. However, we still think there will be some issues going forwards and that is also a big part of the research.
Has COVID-19 put ships at greater risk?
Being stationary offshore might make ships an easier target for physical attack, but if they are not in port, they probably aren’t connected to port systems. And if they are near shore, there is probably sufficient protection to deter a lot of physical attacks that may happen in dangerous straits or the open sea.
Probably the biggest increase in risk, I think, is if crew/passengers get “bored” or fearful and deviate from normal internet usage. That can leak information accidentally (or occasionally on purpose), or they can become victims of fraud or accidentally install malware. We have seen cases of ship equipment being infected in such a way, and current thinking might suggest there is probably a higher chance of social engineering than sophisticated cyber-attack.
The Cyber-SHIP Lab – a game changer in maritime security
- understand the threat and what the vulnerability landscape looks like for ships and ports;
- improve systems to make them more cyber secure
- develop/suggest new technological solutions when appropriate; and
- when a risk is better mitigated with people, design and provide training to mariners and cyber-security professionals.
The big thing will hopefully be that we better understand the cyber risks of individual systems, but also the whole configuration present on various ships. There are cascading effects we don’t fully understand yet, but the Cyber-SHIP Lab can help us understand that with the level of realism we are aiming for.
With this we will know better what the different outcomes can be and how severe they would be. That is more defensive though, and as we do more testing we hope to build a database of vulnerabilities and knowledge to begin mitigating risks more proactively.
We also hope to start building technological solutions and designing training solutions, and we want the lab to be somewhere new systems and security solutions can be tested more thoroughly, and improved before being on the shelf, hopefully preparing the sector before the next event.
The research we are undertaking through the Maritime Cyber Threats Research Group and in particular the Cyber-SHIP Lab – will be looking at the issue of maritime cyber security holistically and we have several key aims. We want to:
The Maritime Cyber Threats Research Group
The group has been formed to bring together leading-edge multidisciplinary research and practical expertise in the core areas of cyber-security and maritime operations together with psychology researchers, and maritime law and policy experts