Electronic bridge technology that combines radar and electronic charts and positional information is easily undermined at the transmission, reception and signal-processing levels, where software and firmware updates are delivered directly, via remote transmission, or with data updates. Security relies upon the integrity of the update process used by the original equipment manufacturers (OEM). These processes have proved to be far from secure. In complex engineering and control environments, nation states have recently sponsored two significant attacks that have undermined industry confidence in OEM updates.
In 2014, an aggressive piece of malware called Havex was identified. Thousands of occurrences of the malware were subsequently discovered, some of which had been in company networks for more than 18 months. Havex targets industrial control systems, the software that instructs equipment that is central to marine machinery control, and command and control systems. It had been accidently distributed by the control system OEM vendors and was updated unknowingly shortly afterwards with a new form, known as BlackEnergy.
At present, industry simply cannot guarantee the security of software and firmware that is delivered to vessels, either remotely or directly. For vessels that are between major maintenance and refit periods, this covers every update for every critical marine electronics and communications system.
In the UK, the three general lighthouse authorities are so concerned about the vulnerability of the Global Navigation Satellite System (GNSS) that they are actively investigating alternative back-up systems, notably eLoran, a low-frequency option for terrestrial navigation. Recently, the US Navy reintroduced celestial navigation to the naval officers curriculum to ensure that new cadets have the skills to cope with any loss of GNSS signals, or sudden evidence that their data or charts may no longer be trustworthy.
It is possible that a covert attack on a remote update of an electronic chart or a satellite receipt could be manipulated to introduce a pool of errors that would endanger shipping and navigation in a vital trade lane, the economies dependent on that trade, and seafarers aboard those ships. Exploiting the weaknesses in GNSS systems is not technically challenging. Most current systems are vulnerable to the simple introduction of amended data, or the implantation of a virus from a memory stick.
© 2023 Riviera Maritime Media Ltd.