An expanding nautical network
On modern vessels, more and more systems are connected to the internet—and with one another. Many vessels have already replaced analog equipment with integrated, digital systems that store important information, enable better communications with land-based personnel, and facilitate navigation. And with smart ships on the horizon, the amount of technology onboard is set to rise exponentially.
However, as soon as a system is connected to the internet, there is an inherent risk that it could be targeted by hackers. In fact, a technical report by the U.S. Department of Transportation highlighted 26 shipboard industrial control systems, all of which represent potential risks. Alongside internet connectivity, vulnerabilities include interdependency among systems and access being granted to increasing numbers of users.
Potential threats could slip through the net
So what kinds of threats could hackers pose? Back in 2013, researchers from the University of Texas carried out a GPS spoofing attack on a superyacht, successfully manipulating its course. Using a custom-made device, they covertly sent false signals to the ship, essentially gaining control of it. The experiment proved that such attacks can easily avoid triggering alarms and escape detection.
GPS spoofing is especially hard to detect—unlike signal jamming, it triggers no alarms.
There is also a risk that pirates could hack into cargo management systems to access or manipulate data concerning the ship inventories. Such information would allow them to identify and target vessels carrying valuable cargo. An attack of this kind has already been carried out on a global shipping company. Fortunately, due to several mistakes by the hackers, the company was eventually able to block the threat.
Shipping is waking up to the threats
While the number of high-profile cyberattacks on the maritime industry remains relatively low at present, digitization could open new doors for hackers. If cybercriminals start to recognize that shipping companies are underprepared, it will only be a matter of time before they target them.
Numerous organizations sense the urgency—and they are taking action. A group of shipping associations, including BIMCO, ICS, and CLIA, have collaborated to publish industry-wide guidelines for maritime cybersecurity, covering everything from cruise ships to tankers. The document provides recommendations on how to identify threats and vulnerabilities, assess and reduce risks, and effectively respond to cybersecurity incidents. It also proposes training courses for all onboard personnel to help them spot suspicious activity and prevent accidental security issues.
Additionally, the IMO has published its own interim guidelines on cyber risk management, in response to what it refers to as “the urgent need to raise awareness on cyber risk threats and vulnerabilities”. The paper sets out a five-stage practical approach and points toward industry standards and best practices.
Less risk, more reward
Ultimately, the shipping industry first needs to be aware of the importance of cybersecurity before it can protect against it. IT systems, automation, and connected technologies have already become essential for many vessels, so it is high time to secure them. By training personnel, developing protection measures, and defining responses and recovery plans, shipping companies can reap the benefits of digitization—without the risks.