Maritime security: 'Hacking a ship is just like hacking a Tesla but bigger'

Cyberattacks on shipping up 400-500% in five years, Lloyds List Intelligence

John Leonard
clock • 4 min read
Maritime security: 'Hacking a ship is just like hacking a Tesla but bigger'
Image:

Maritime security: 'Hacking a ship is just like hacking a Tesla but bigger'

The destruction of Francis Scott Key Bridge in Baltimore by Singapore-flagged container ship, the Dali recently drew immediate speculation that it may have been hacked. This was almost certainly not the case, said Mantas Marcinkevicuis, CISO at maritime information provider Lloyds List Intelligence.

"There is absolutely zero evidence, it's almost impossible that it could have been a cyberattack," he told the audience at Computing's recent Cybersecurity Festival. An investigation is ongoing, but the most likely scenario is that in this tragic case the ship simply lost power.

Nevertheless, along with recent attacks by Yemeni Houthi rebels, ships detained for straying into Iranian waters, tension in the South China Sea, accidents in the Suez Canal and blockades on grain from Ukraine, it was a timely reminder of the vulnerability of maritime transport, upon which 90% of global trade depends.

And it's not as if cyberattacks on ships are impossible. In fact, they happen all the time and have increased 400% - 500% in the last five years, in line with the rise in attacks on fintech and pharmaceutical companies.

Pirates don't just swarm a ship armed with Kalashnikovs any more. They plan ahead, using scanners with antennae, said Marcinkevicius. "They can see the inventory system so they know exactly which container contains diamonds or iPads."

Fortunately, ships' engines tend to be offline, so are much harder to hack, but as ships become more automated there are plenty of shipboard targets for hackers to engage, especially in autonomous vessels where the engine too may be vulnerable. Attackers armed with hacking tools can breach systems and disable defences, in the same way that thieves are able to make off with modern cars.

"It's like a floating factory. There's lots of systems that talk to each other, and they're not protected, usually there's no encryption or authentication. So if you can get anywhere near the ship, it's easy to hack individual systems. It's just like hacking a Tesla, except it's much bigger."

‘AIS is inherently flawed'

So, individual vessels are increasingly vulnerable. On a wider scale, though, a bigger problem comes from the communication protocols used. Ships use a system called Automatic Identification Signals (AIS) to identify and avoid other vessels at sea. AIS signals contain information about a vessel's identity, position, course, speed and other navigational data, the positional information being provided by satellite GPS.

Unfortunately, AIS is easily interfered with, accidentally or maliciously. "AIS is inherently flawed," said Marcinkevicius.

GPS signals can easily be blocked and identities spoofed, explained Thomas Briggs, data scientist at Lloyds List Intelligence. "When vessels can mimic each other's information points, they can besmirch the reputations of other vessels halfway around the world." They can also can get around trade sanctions, or implicate others in sanction-busting. It's possible to spoof locations to make vessels appear to be in a different place.

GPS jamming by adversaries in war zones can also spill over to affect civilian traffic, as seen currently in parts of the Baltic and the Red Sea. Jamming can hinder search and rescue efforts, and ships may also be deliberately diverted from their course – so-called "hands-free hijacking" - where attackers block the GPS signal then take control of the navigation systems remotely.

There are workarounds for most of these attacks, such as "looking out of the window", relying on physical maps, and using different radio frequencies, but at a time that maritime transport is becoming more and more connected and automated, including the advent of fully autonomous ships, this is hardly ideal.

New navigation tech

Recently experiments with quantum accelerators to extend the reach of satellite GPS have shown promise, including one by the Royal Navy and Imperial College, and this week the government announced the first commercial flight trials of "advanced quantum-based navigation systems that cannot be jammed or spoofed by hostile actors."

However, this is early-stage technology that will not be commercially available for some time.

The ransomware attack that hit shipping firm Maersk, the Ever Given container ship blocking the Suez Canal, disruption to shipping in the Black Sea and the Middle East and the cutting of subsea cables and gas pipelines being cut have shown just how vulnerable global supply chains and information systems can be.

Maritime may be bristling with OT and IT, but there are way fewer cybersecurity institutions and procedures compared to its terrestrial counterparts.

And, noted Marcinkevicius, few ships count a CISO among their crew, or even a cybersecurity specialist. "Apart from the really big ones, most ships don't have any security personnel."

Related Topics

You may also like
IT Essentials: Curtain call for irresponsible cyber

Management

IT Essentials: Curtain call for irresponsible cyber

With great pay comes great responsibility

clock 13 May 2024 • 2 min read
CISOs call to ditch the 'stigma of blame' in cybersecurity

Security

CISOs call to ditch the 'stigma of blame' in cybersecurity

Ditching ‘Humans are the weakest link’

clock 13 May 2024 • 2 min read
Cybersecurity Festival 2024: Four ways to cut your cyber insurance premiums

Finance

Cybersecurity Festival 2024: Four ways to cut your cyber insurance premiums

Certifications mean nothing without action

clock 08 May 2024 • 4 min read
John Leonard
Author spotlight

John Leonard

View profile
More from John Leonard

UK and allies reveal methodology of Russian GRU threat actor Unit 29155

Elastic returns to the open source fold

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Security

Microsoft offers advice on avoiding another CrowdStrike-style outage
Security

Microsoft offers advice on avoiding another CrowdStrike-style outage

Vendors should minimise use of kernel mode, customers should make full use of integrated Windows security features

John Leonard
John Leonard
clock 29 July 2024 • 3 min read
'Gay furry hackers' breach conservative US think tank behind Project 2025
Security

'Gay furry hackers' breach conservative US think tank behind Project 2025

Heritage Foundation calls group "degenerate perverts"

Tom Allen
Tom Allen
clock 11 July 2024 • 2 min read
Why 'change' for the UK must include cybersecurity
Security

Why 'change' for the UK must include cybersecurity

Labour needs to to get ahead and demonstrate a commitment to security from the outset

Rick Jones
clock 11 July 2024 • 4 min read