Page 23: of Maritime Reporter Magazine (June 2015)

those risks, take this threat seriously, and ing threats and vulnerabilities as equip- work together to improve defenses. ment have become accessible to outside entities.

Security and Survival at Sea As vessels continue to increase in size,

Will the next hacker chess match take the crewing continues to decrease, with place on the high seas with oil tankers, the paramount shift in vessel operations, container ships and other specialized ship owners and yards have increasingly vessels that transport approximately 90 added more automation and remote mon- percent of the goods moved around the itoring systems to vessels. This has led to world? a dilemma, as more systems and devices

Many devices are connected online on vessels might enhance productivity which makes them more vulnerable to and safety on one hand, but on the other attack. As the maritime and offshore en- it presents more systems for hackers to ergy industries connect ships and oil rigs compromise and control. It is fairly well- to computer networks, they expose con- known that a signi? cant proportion of siderable weaknesses that hackers can ex- computing and network devices are con- ploit. For example, it was discovered that nected to the internet using serial ports pirates off the coast of Somalia and other with poor security. Devices range from key piracy areas hand pick their shipping simple traf? c items such as stop light targets by tracking online the navigation which have been proven that they can be track of the vessel through AIS, ECDIS controlled remotely by hackers, to com- and radar. In the oil industry, hackers plex items for the oil and gas industry that have committed much turmoil including monitor and control oil rigs. the tilting of an oil rig, causing it to be It has been reported that some ships

Vulnerable to Hacking shut down, as well as the penetration of switch off their AIS systems when pass- the networked computing systems on an- ing through waters where pirates are other rig with malware that took trained known to operate, or fake the data to personnel almost three weeks to clear. make it seem they’re somewhere else.

Other events have included smugglers Some shipping companies are now tak- hacking into networked systems to be ing cyber risks as true credible threats able to locate containers with drug con- and taking necessary measures to beef traband and cleanly con? scate the drugs up network and telecommunications se- without being detected. They even went curity. Recent studies of U.S. ports have so far as attempting to delete the data for determined that very few have conducted the shipment. While data on the extent cyber assessments and even fewer have of the maritime industry’s exposure to developed a response plan. Very little cyber-crime is hard to come by, a study federal money has been allocated to the of the related energy sector by insurance maritime industry for cyber security proj- companies recently indicates that much ects or training. of it maybe insurable. This lack of cyber security preparation

As the energy and oil industry has by U.S. ports actually carries over to the been targeted for some time, statistics shipping companies where it has been are available that indicate this is already discovered that most have substantial have a billion dollar impact on the world security issues. However the good point economy. In the maritime industry, the is that the maritime industry has had lim- number of known incidents appears to be ited compromising of its computing and low due to either the companies being un- network systems. This may be tied to aware of the cyber-attacks or because of the factor that they have not been a high the desire to keep such news from reach- priority and have not been on the radar ing the press with potential detrimental screen of hackers. business impact to the company. What should concern many in the mari-

There are few documented reports that time industry is that the main ship navi- hackers have compromised maritime cy- gation systems including GPS, AIS and ber security. But scientists indicate they ECDIS receive data via radio frequency have determined areas in three key sys- transmission at sea and as such are ex- tems that mariners use to navigate: GPS, tremely vulnerable to hacking. AIS and

Automatic Identi? cation System (AIS), ECDIS are now mandatory on larger and the system for viewing digital nau- commercial and passenger vessels per the tical charts Electronic Chart Display and recent IMO 2010 Manila Amendments.

Information System (ECDIS). This new requirement has increased the

Increasingly, the maritime domain and need for shipping companies to come energy sector has turned to technology with security measures and protocols to to improve production, cost and reduce protect these devices from intrusion by delivery schedules. These technological outside sources. changes have opened the door to emerg- It has also been known for some time www.marinelink.com 23

MR #6 (18-25).indd 23 MR #6 (18-25).indd 23 6/9/2015 10:02:20 AM6/9/2015 10:02:20 AM