Ship equipment manufacturers must do more to secure critical vessel systems from cyber threats and GPS spoofing
Investing in insecure bridge equipment could result in financial loss, damage to assets and the environment and even threats to seafarer lives.
And it is the job of bridge systems manufacturers to improve the cyber security of their equipment to avoid leaving critical shipping systems vulnerable to state-backed and criminal-focused threats which include hacking, cyber incursion and spoofing global positioning and navigation systems.
These warnings from Naval Dome chief executive Itai Sela came after reports arose that critical satellite-based positioning equipment on UK-flagged tanker Stena Impero, seized by Iranian forces in July, had been spoofed to cause the vessel to shift its course into Iranian waters.
Mr Sela said the spoofing is indicative of how unprepared the maritime industry is for a cyber attack .
“There is no high-level cyber security on operational systems aboard ships, on offshore oil and gas platforms, or ports and terminals,” he said during a conference organised by the Maritime and Port Authority of Singapore (MPA).
“Few OEMs and system providers are supplying equipment with level 4 security, resulting in end-users being unable to get a true picture of the integrity of their critical systems. It is like driving with your eyes closed.”
Naval Dome analysts have noted an increase in GPS spoofing in the Middle East, Black Sea and in southeast Asia.
This occurs when the satellite signal is changed and manipulated to present spurious positional data and information. To the bridge team on a ship, this places the vessel in a different position to its reality.
“Spoofing is more common as it is more sophisticated, more effective – but we know jamming is taking place in Syria and Lebanon,” said Mr Sela. “Most spoofing is carried out by states, although in southeast Asia and the Red Sea, pirates are using rudimentary spoofing systems bought on the internet to direct ships to danger areas.”
He urges shipowners and OEMs to ensure critical onboard systems have effective solutions to prevent GPS spoofing or jamming impacting navigation.
Cyber threat response
“We recommend that all critical systems have in place a cyber defence system capable of anomaly detection, which will alert operators to odd jumps or drifts in position,” said Mr Sela, “based on previous and current positions, planned route and ship speed. This will provide an indication that the GPS may be compromised.”
Owners and shipmanagers should also train crew to identify GPS spoofing and respond to it.
“Once alerted to an anomalous event, seafarers need to cross-check position with speed and other sensors and the gyro compass,” said Mr Sela.
“AIS can also be used to detect other vessels in the area. However, if other vessel positions have jumped, then this can also indicate a problem with their GPS.”
IoT increases cyber threats
Other cyber issues can threaten ships with internet-of-things (IoT) technology as cyber security has not kept pace with autonomous, connected IoT-based systems. Shipowners and OEMs need appropriate high-level security to be prepared for attacks.
“We are becoming less secure and more vulnerable, with cyber events happening on a daily basis,” said Mr Sela.
“We have visited companies operating across the industry – shipping companies, cruise lines, oil and gas contractors, ports and terminals – and what we find is alarming,” said Mr Sela. “Typically, most companies are operating critical systems that are protected, at best, by only the most basic security solution.”
According to class type approval criteria and IEC 62443 standards security Level (SL) 1, the most basic, provides protection against casual or coincidental violation, Mr Sela explained.
SL2 to SL4 cover increases protection levels against intentional violation, depending on sophistication and the resources, motivation and skills of potential offenders. SL4 protects against highly motivated, highly sophisticated attacks.
“The obvious thing to do,” said Mr Sela, “is to ask your system provider what level of cyber security each of their systems are provided with and, if not SL4, request they upgrade or replace them.”
Port and terminal operators also need to review their cyber protection. Naval Dome has seen an increase in spoofing incidents at ports, especially those where container handling equipment, such as ship-to-shore cranes, reach stackers and straddle carriers, relies on GPS to move and transfer containers to specific locations.
“Typically, positional data is dependent on signals from three or more satellites, but if just one is compromised, then it will give a false reading,” said Mr Sela. “Any interference to the GPS signal is likely to result in significant port congestion.”
Naval Dome supplies cyber defence for bridge systems, such as ECDIS, to block attacks both internally – by preventing unauthorised devices being installed and connected and providing real-time anomaly detection and alerts – and externally – detecting and blocking malicious files, protecting data delivered to vessels and providing remote repair and alert facilities. It requires no changes to original software installations and does not alter OEM software or systems operation.