Contrary to popular belief, no bridge system is truly safe from hackers.
Over the last few months, I have spoken to several radar manufacturers, software suppliers and end-users about the security of radar. Their responses reverberated like an industry echo chamber; “radar is cyber secure because it is physically separated from the internet”.
While true, this separation does not mean radar and other bridge systems are protected.
In a recent penetration test, Naval Dome’s ethical hacking experts demonstrated just how vulnerable radar and other bridge systems actually are.
Although some systems required a bit of determination to break, the Naval Dome team hacked its way into ECDIS, voyage data recorders and radar systems in separate, simulated cyber attacks, all in quick succession.
So how did they breach these systems?
During an initial probe, Naval Dome sent a virus-laden email over the ship’s satellite link to the captain’s computer, which is regularly connected to ECDIS for chart updates. During the very next chart update, the virus transferred itself to ECDIS where it immediately installed itself and began to go to work.
Once in place, the virus altered the vessel’s position during a night voyage, deceiving the officer of the watch. Crucial parameters involving the vessel’s position, heading, depth and speed were manipulated subtly enough so as not to arouse suspicion. Even with the subtlety, if unscrupulous individuals had been behind a similar attack, they could have easily grounded the vessel, initiated a collision or held the ship to ransom.
Of late, ECDIS vulnerabilities to malware and viruses have taken a greater share of discussions around cyber threats and so-called ‘cyber hygiene’.
Many manufacturers and shipping companies have sought to counteract the cyber threat by blocking ECDIS ports and introducing firewalls between ECDIS and other onboard IT. Nevertheless, as the attack showed, determined attackers can still get through.
And the second cyber attack that Naval Dome conducted in its penetration tests was even more worrying.
In this attack, Naval Dome used the local Ethernet switch interface that connects the radar to ECDIS, the voyage data recorder and bridge alert system to successfully enter the radar workstation.
After doing so, Naval Dome succeeded in deleting radar targets from the vessel’s bridge radar screen, effectively blindfolding the vessel.
This attack, too, was completed without raising suspicion from the officer of the watch. The system display showed the radar to be working correctly, including detection thresholds, which were presented as perfectly normal throughout the duration of the attack.
This is what frightens me most about the attack.
The ship was blindfolded, and no suspicions were aroused. But why would they be in an industry that is effectively blind to this cyber threat?
The potential loss of life and environmental harm that could come if ill-meaning hackers were in control here instead of ethical hacker is, again, devastating to imagine.
Shipmanagers must ensure that precautions are put in place and shipping companies and regulators need to heed the work of these ethical hackers.
The vulnerabilities these groups reveal must take priority and be addressed in order that more secure links and better standards can be applied to protect these vital components and systems of safe navigation.
And to avoid being blindsided, the same type of work is needed to assess vulnerabilities on other bridge systems that may – at first glance – appear to be cyber safe.
Our European Maritime Cyber Risk Management Summit in London in mid-June promises to offer further discussion and insight into the challenges of keeping vessels and crew safe from cyber attacks.