Keeping the fleet sailing during Covid-19

What are the cyber threats to shipping?

Across the world, nations rely on the maritime sector for vital supplies – and if they are not able to get materials and goods at the time it is needed, it could result in major issues for the country and its people. Cyber attackers can disrupt this flow in several ways, through theft, preventing access (e.g. for ransom), or destroying goods (e.g. to drive up prices in black markets).

Preventing this is especially important nowadays since most things are supplied with a “just in time” (JIT) supply chain. JIT saves a lot of money because there is less spent on holding things in stock, but leaves us vulnerable if shipments are delayed or lost.

Millions of tons of goods are transported every day, but thousands of passengers also use maritime transport daily. In that sense, the main worry would be loss of life (through ransom again, or terrorism), however identity theft is still a big issue and when people travel their data should ideally be as safe as they are physically.

One other thing we have seen a rise in as well is blackmail – including some documented events in the military of people on ships using unsecure connections, being “overheard” and then blackmailed.

What damage could cyber criminals do?

This definitely depends on the system(s) they have infiltrated and to what level. Looking at the myriad of system configurations, it is very difficult to point to exactly what an attacker can do with access to ship systems. 

As most of the “sophisticated” technology on a ship focuses around navigation, we (and many others) have done research on different ways of misdirecting or taking over navigation to influence the ship’s course and possibly even cause a collision.

Monitoring systems are important in protecting cargo, and we have also looked into how theft and smuggling can be achieved by taking over monitoring and cargo handling systems. Communication systems can also be targeted and while, separately, these systems are a big target we could see a sophisticated attack having both navigation and communication elements – the first to get access to a ship, the second to prevent the ship from calling out for help. 

So, it depends on the type of system, and how much access the attackers achieved. Low level access to a navigation system may not allow the attacker to misdirect a ship, but it may allow them to deny access to charts.

Cyber crime during the pandemic

From fake coronavirus infection tracking websites to smartphone applications, cyber criminals are increasing the chance of a malware infection by tapping into the public’s concern and interest in the subject.

People desperate to look for cures and prevention medicines are targets for fraud and black markets, and the increase in such activity will likely mean more theft (possibly even targeting ports) and unsafe knock offs.

Fraud of all sorts is happening across the world. There have been reports in the media recently about fake emails purporting to be from the World Health Organisation and trying to get finance details/access.

In the maritime sector, container shipping company MSC did confirm that an outage it experienced over Easter was caused by a cyber attack, and the situation is constantly changing. But one of the big problems we have seen – both now and more generally – is that a lot of cyber crime on ships is likely to be mislabelled as human or system error instead of an intentional attack by a third party.

Part of the research we are trying to do is to better determine what is actually going on out there.

• understand the threat and what the vulnerability landscape looks like for ships and ports;
• improve systems to make them more cyber secure
• develop/suggest new technological solutions when appropriate; and
• when a risk is better mitigated with people, design and provide training to mariners and cyber-security professionals.

The big thing will hopefully be that we better understand the cyber risks of individual systems, but also the whole configuration present on various ships. There are cascading effects we don’t fully understand yet, but the Cyber-SHIP Lab can help us understand that with the level of realism we are aiming for.

With this we will know better what the different outcomes can be and how severe they would be. That is more defensive though, and as we do more testing we hope to build a database of vulnerabilities and knowledge to begin mitigating risks more proactively.

We also hope to start building technological solutions and designing training solutions, and we want the lab to be somewhere new systems and security solutions can be tested more thoroughly, and improved before being on the shelf, hopefully preparing the sector before the next event.