Cyber World: Safer Seas via Phantom Ships

By Emil Muccin

Are we that far away from phantom fully autonomous vessels plying the world’s seas?  Not according to many in the know.  Many predict by 2020 that we will see this type of ship with a limited crew in smaller applications such as the marine highway short haul scenarios, local ferry service such as the Staten Island ferry and offshore supply boats in the Gulf of Mexico.

Phantom/drone unmanned ships reportedly would be safer, cheaper and less polluting for an industry that carries approximately 90 percent of the world trade.  However as with aircraft drones and on the horizon driverless auto’s, we must be concerned with regulatory and safety issues.  Of utmost importance is the safety factor as in most industries it fundamentally comes down to human or “pilot error.”  So if we can remove the mariner from the equation we have in theory made the shipping industry safer.  This factor along with the reduction in cost of crewing and finding competent mariners may make this option much more viable to shipping companies on the fence.

These sudden advances in technology will also bring with them the potential for intrusions via the cyber world so we must stay ever vigilant and “install plan by design measures” to thwart these potential infiltrations.  When we contemplate cybercrime and security many individuals think in a narrow focus of the hacking recently of the OPM database and the theft of personnel data as well as the Target chain credit card breach.

From a recent conference I attended in Brest, France it was indicated that cyber threats can come from three sources: internal, external, and sabotage/espionage. It was noted that external threats get the most publicity and news but that internal threats had the potential for being the most-costly and severe.  Each of these threat categories brings with it specific factors that must be addressed by the maritime community as we move forward in our quest to unmanned vessels.  This paradox has taken on a new meaning as we take leaps and bounds to compete with other industries that are successfully using autonomous technology.  These include aviation with drones and now automotive with Apple, Google and Tesla in the lead to be the first with a fully automated hands off the wheel automobile.  It truly is becoming a science fiction movie in a “Future World”.

How do we in the maritime and shipping industry stay ahead of the curve and plan for success when we fully do not have a solid grasp of the magnitude of cyber threats and crime banging on our portholes?

Although the technology is there many have not fully embraced it from both an evolutionary and defensive posture and much needs to be done before it can be fully implemented or combatted. If we do not move quickly the potential for a catastrophic event with major consequences increases proportionately.
Of utmost importance as we move forward in the autonomous world is the development of safeguards to Industrial Control Systems (ICS’s) aboard vessels.  This will be the primary intrusion mechanism for cyber-attacks via unauthorized access to the vessels control systems and networks utilizing communication channels.  Predominantly this will be accomplished via remote Radio Frequency (RF) interception unless the attack occurs on the vessel, most likely through a USB port or a serial port.

Intangible is a key word to look at in the wireless world as every wireless device is simplistically a radio that is constantly sending and receiving data and signals.  This makes them and all shipboard systems that require these transmissions extremely vulnerable.  A prime example of this vulnerability was the recent University of Texas GPS spoofing of a luxury yacht in the Gulf of Mexico.  Researchers, relatively easily with minimal cost, were able to divert this yacht off its intended track with no alarms being sounded.  It was truly a remarkable feat with little fanfare.  Imagine if a hacker had done this to a commercial vessel coming into New York Harbor?  Or what about a hacker getting into the ECDIS chart database and moving one buoy that could put a vessel at jeopardy of going aground or worse.

In our current cyber world these electromagnetic anomalies allow every onboard device that can receive these signals whether the GPS, AIS, ECDIS or a PLC to be a potential source and gateway for cyber criminals to connect to the ships systems.  Once inside the device or network, the hackers have the ability to do plenty of damage.

Another area of significant importance is the use and control aboard vessels of Programmable Logic Controllers (PLC’s).  Most non-technical personnel are not aware that a PLC is a type of computer that controls most devices and equipment in today’s world.  Not only does it control the equipment, it also troubleshoots it and acts as the brain of the device.  This maybe the Pandora’s box or Achilles’ heel of the PLC as it is the back door for someone to get in and control your equipment.  Engineers use remote PC’s to access the PLC to perform maintenance and troubleshoot the equipment.

Research and a recent survey have shown that a typical ship can have anywhere up to 36 PLC’s onboard.  It provides the opportunity for intrusion by the cyber hackers and relatively new hacktivists (foreign group of politically active hackers with anti-US motives) at multiple entry points.

What can a ship do to prevent this level of infiltration with the potential of losing control of all or some ship functions to an outside source?  Sources such as the U.S. Navy are in the process of developing a Resilient Hull, Mechanical and Electrical Security system (RHIMES) that will perform as a cyber protection system using plan by design measures to make its onboard mechanical and electrical control systems resilient and with the ultimate goal resistant to cyber-attacks.

Mechanical and electrical control systems have been previously attacked with the most famous being the Stuxnet virus and computer worm.  This cyber breach and sabotage attack occurred in 2010 via what is believed was an internally infected USB flash drive that attacked controllers at an Iranian power plant and took control of the nuclear centrifuges, eventually taking control of the PLC’s and causing the centrifuges to run at exceptionally high speeds to the point that they destroyed themselves.

It now is up to the maritime community to collaborate with the Navy and the major PLC manufacturers including Siemens, Rockwell, Mitsubishi and GE to safeguard their vessels now and as we move forward with the next generation of autonomous vessels.

How can we in the maritime industry bring these safeguards and technology together to make our business stronger and less vulnerable.  Although many may say we are over-regulated it just might be beneficial for the International Maritime Organization (IMO) or some other international body to step in and develop some rules and regulations for both maritime cyber security and autonomous vessels. For as we know they both impact each other greatly and now at the infancy of the later might be the most prudent time.

International conventions that set minimum crewing requirements do not at this time recognize unmanned/autonomous vessels as legal entities.  Their fore it falls on the country of registry to regulate these vessels within its own waters and enforce international rules.  IMO to this point hasn’t received any requests or proposals concerning unmanned or autonomous vessels.  This scenario could lead to a quagmire as without IMO rules pertaining to remote-control or drone type vessels would marine insurers find them seaworthy?

As we move forward we may find it prudent to bring subject matter experts together at an international forum to establish protocol, policy and procedures for designing (plan by design measures), developing and implementing our next “Future World” drone ship with a full cyber security suite.


The Author
Emil Muccin holds the current position of Assistant Department Head, Maritime Business Division of Marine Transportation Department and is also an Associate Professor of Nautical Science at the United States Merchant Marine Academy.  He previously was the Marine Transportation Department STCW Coordinator.  Additionally he is the Faculty Advisor to the Cyber Defense and Propeller Clubs.  Muccin graduated from the USMMA with a BS in Nautical Science and from Pace University with an MBA in Information Systems.  He sailed for many years as the Master of paddle wheelers on the Hudson River.

* The views expressed in this article are the author’s own and not those of the U.S. Merchant Marine Academy, the Maritime Administration, the Department of Transportation or the United States government.
 

(As published in the January 2016 edition of Maritime Reporter & Engineering News - http://magazines.marinelink.com/Magazines/MaritimeReporter)

Maritime Reporter Magazine, page 20,  Jan 2016

Read Cyber World: Safer Seas via Phantom Ships in Pdf, Flash or Html5 edition of January 2016 Maritime Reporter

Other stories from January 2016 issue

Content

Maritime Reporter

First published in 1881 Maritime Reporter is the world's largest audited circulation publication serving the global maritime industry.