Poor security protocols in the use of container loading information could have potentially disastrous consequences, a leading security company has warned
Loading software is used to ensure efficient transfer and storage of containers on board vessels, as well as to ensure even distribution and good trim for the vessel. Given which, it is a frightening thought that hackers might easily interfere with this process.
This is the scenario that security company Pen Test Partners has outlined, pointing out that a lack of security in the way in which ship stowage plans are transferred could leave the vessels vulnerable to hackers.
The company warns of using USB sticks to transfer data between terminal and ship. There is a chance that the computer with the load-planning software is also used for email or web browsing, opening the potential for malware.
“Interoperability between the ship load plan and the hundreds of ports it may visit is essential – this leads to a race to the bottom in terms of securing and transmitting the load plan to the port. Simple = USB = vulnerable,” states the blog. “This is ripe for attack. The consequences are financial, environmental and possibly even fatal.”
The potential implications of such an attack, it makes clear, are huge. Disruption to the load plan creates chaos, with no one knowing what container is where. It could potentially mean that, instead of taking 24-48 hours to load and unload, it could take weeks to manually re-inventory the ship. This would, of course, be a particular problem in the case of reefers requiring cabling, potentially meaning spoiled cargo.
But the potential for economic damage is a relatively minor consideration given that load-planning software is used to place heavier containers toward the bottom of container stacks, and to prevent a stack from being overweight. This keeps the centre of gravity low and maintains stability. Further, the need for balance or trim of the ship means that heavy containers have to be distributed evenly.
‘Metacentric height’ is a calculation of the distance between the CoG and the metacentre. Think of it a little like a pendulum – a bigger distance gives a slower but bigger roll, more comfortable for passengers but more prone to overturning. A short distance gives a shorter but faster roll, which is less prone to upsets. A too-fast roll puts undue stress on the container, but rolling too far does as well. The metacentric height needs to be carefully controlled through loading.
Clearly, being out of balance represents a significant threat to the overall seaworthiness of the vessel. Incorrectly loaded containers could potentially be disastrous.
The company encourages all operators, ports and terminals to carry out a thorough review of their messaging systems to ensure that tampering is not possible, pointing out: “Already there is evidence of theft of valuable items from containers in port, potentially through insider access by criminals to load information. It doesn’t take much imagination to see some far more serious attacks.”
The company concludes that ship security has a long way to go to catch up with the level of security that is expected in corporate networks. They are remote, difficult to update and often offline for long periods, while IT hardware is often old and not well maintained.