DP ships potentially at risk from cyber attacks

Speaking at the 2014 European Dynamic Positioning Conference in London, Andy Davis, research director at UK-based NCC Group, described some of the threats facing owners and operators of DP vessels, incidents that he said could have been caused by cyber attack, and looked at short and longer-term solutions to enable vessel operators and the offshore oil and gas industry as a whole to enhance cyber security.

As he noted, control systems are becoming more and more complex, but older, less secure control protocols are being wrapped in IP. There is more of an expectation of remote access, and potential attackers are becoming more interested in non-conventional IT. Moreover, the technical competence of attackers is increasing.

Mr Davis highlighted potential targets for cyber attacks in the maritime field. He said that, apart from vessel control systems such as DP control, these also included office IT systems that are connected to the internet, automation identification system (AIS) gateways, industrial control systems and vessel traffic systems (VTS) that control the movement of vessels. He explained that vessels were vulnerable to cyber attack in a number of ways, including via their AIS receivers, IT systems that are connected to the internet, data sharing between systems using USB memory sticks and because of a lack of segregation between systems onboard. Systems such as electronic chart display and information systems (ecdis), the global navigation satellite system (GNSS), electronic charts and navigation systems such as eLoran were potentially vulnerable, he said. Likewise, rigs are also at risk from intentional interference with DP systems and malware inadvertently introduced during internet browsing or via USB memory sticks.

There are, he said, a number of anecdotes in the offshore oil and gas industry suggesting that cyber attacks had already taken place. He highlighted the case of IMCA Safety Flash 02/13 Serious DP Diving Incident in which a loss of all analogue and digital RBUS input/output (I/O) signals occurred, leading to a loss of positioning references and environmental signals and a subsequent loss of DP control, resulting in a vessel position drift-off. The problem was contained in the DP control system rather than the thrusters, power to DP was recycled and the vessel was able to return to full DP mode, but the vessel had drifted off a distance of 240m from the original position. An investigation determined that the RBUS jammed involving faults in one or more RBUS I/O modules in the DPC-3 cabinet. No definitive cause of the jamming was identified, and a firmware upgrade resolved the problem.

Mr Davis told the conference that active threats to DP systems should be identified through threat modelling. “If software/firmware can easily be fixed to mitigate vulnerabilities, this should be done,” he said. “More complex design-related vulnerabilities need to be contained using segregation technologies.”

In the medium term, he suggested, it was important that the industry make use of IEC standards and guidance development 61162-450:2011, which provides good guidelines on how to implement security into shipboard network infrastructure. Other useful sources include classification society DNV documentation and DNV Nautical Safety (Network Based Integration of Navigation Systems (ICS)) and the IEC TC80 standard.

In the longer term, he said, DP systems developers need to implement a secure development lifecycle (SDL). System components and fully integrated solutions should be regularly security tested, and the “bigger picture” should be considered when remote connectivity to any component is required.

“Effective cyber security starts with security awareness,” said Mr Davis. “Understanding the fundamentals can make a huge difference. You don’t need to be an expert to spot potential security risks. Processes need to be implemented to enable people to raise potential security issues/risks from systems development through to DP operations.

“Faster internet connections will facilitate cyber attacks against marine systems,” he said. “The potential impact of marine cyber attacks includes potential revenue loss, environmental damage and loss of life. Adherence to existing standards and guidelines is required, and more security testing of marine systems, networks, hardware devices and any associated software is required.

“The ultimate solution is to embed security into the development lifecycle of products and systems,” he concluded. “The most important step is to ensure staff are aware of cyber security threats through appropriate training so that they can be identified and reported.” OSJ