The shipping industry is unprepared for any serious and lengthy cyber attacks. Shipowners, operators and managers may feel they are ready for malware infections on their ships because they employ antivirus software. But they would not be prepared for a well-thought-out attack from a strong-willed hacker.
Delegates at this week’s Riviera Maritime Media’s Maritime Cyber Risk Management Summit said they did not think the shipping industry understood the full threats they could face. Around three-quarters of delegates agreed that the industry was not prepared for a comprehensive cyber attack. They voted during an interactive session where PA Consulting security expert Andrew Wadsworth went through the five stages of a cyber attack. He asked delegates at each stage whether their organisations would be prepared for an attack. Although some felt an intrusion could be contained, the deeper the violation went, the harder they felt this would be.
It was eye-opening to consider how a relentless hacker could infiltrate a shipping company in order to reach the objective – to command some aspect of a ship system or onboard equipment. Mr Wadsworth said the first stage of an attack was gathering information on the company and who worked within it. Hackers would learn the vulnerabilities and begin to get a general picture of where to focus an infiltration.
The second stage was targeting individuals to engineer a benign route into a company’s network. This could be as simple as sending an e-mail to an employee inviting that person to a football match. The third stage of the offensive would use this initial approach to install malware on a company’s network that could capture IP addresses, usernames, passwords, and to get through company firewalls.
According to Mr Wadsworth, the fourth stage of an attack is where the hacker could begin to do serious damage to a shipping company’s network. But if the ultimate goal is further in than this, then the hacker can retrieve more user information and credentials ready for the final assault. This leads to the fifth stage, which could be targeting a ship’s network, over the firewalls without any impedance as the move comes from within the company’s network using proper credentials. Once on the ship network, the hacker could access navigation, automation or dynamic positioning systems.
If this seems unlikely or excessive – think again. In an actual case in the second half of 2015, a hacker reached the control systems of a remotely operated vehicle (ROV) on an offshore support vessel. The hacker was able to send a command to the ROV, telling it to ignore any other commands from the onboard controllers. The ROV stopped working and sunk to the seabed, resulting in a US$500,000 salvage operation. Obviously this vessel owner did not detect any intrusion and was not prepared for the aftermath. Apparently, the company is not alone in this as the majority of shipping companies would be unaware of any hacking of this nature.
In the morning session, Inmarsat vice president for applications sales Gert-Jan Panken explained how prevalent cyber incidents on shipping were. And Plymouth University lecturer Robert Hone explained the pathways to delivering false information to ship systems.
In the afternoon session, Waterfall Security Solutions co-founder and chief executive Lior Frenkel explained how vessel owners should consider unidirectional gateways.