Experts: Maritime Industry Remains Vulnerable to Cyber Attacks

 In Sea, Cyber/ICT, U.S. Coast Guard

A crew aboard Coast Guard Air Station San Francisco’s Forward Operating Base Point Mugu MH-65 Dolphin helicopter conducts an overflight near an anchorage site off the coast of Los Angeles, Calif., on April 23, 2020. US Coast Guard Photo

While han­dling 90 per­cent of the global econ­o­my daily, mar­itime indus­try ashore and afloat remains increas­ing­ly vul­ner­a­ble to cyber dis­rup­tions and attacks from “neer­dow­ells and bad actors” that threat­en finan­cial mar­kets and the country’s nation­al secu­ri­ty, the head of the Maritime Administration said last week.

Lacking a coor­di­nat­ed code affect­ing all modes of trans­porta­tion and ports and ter­mi­nals, the “move­ment of our armed forces” can be dis­rupt­ed “by a few key strokes of bad actors” that can affect ship oper­a­tions, cargo han­dling and on-shore facil­i­ties, retired Rear Adm. Mark Buzby said during a Sept. 24 virtual event hosted by The Atlantic Council.

Cyber dis­rup­tions in San Diego and Barcelona port operations in 2018 and con­tin­u­ing ran­somware attacks on European trans­port com­pa­nies under­score the vul­ner­a­bil­i­ty of these inter­locked modes of eco­nom­ic move­ment, Coast Guard Capt. Jason Tama, com­man­der of Sector New York, and Heli Tiirmaa-Klaar, Estonia’s ambas­sador-at-large for cyber diplo­ma­cy, added.

Speaking as part of the online forum, Kathy Metcalf, pres­i­dent and chief exec­u­tive offi­cer of the Chamber of Shipping of America, said all too often cyber secu­ri­ty is thought of as the takeover of a ship and ram­ming it into the Verrazano-Narrows Bridge, which con­nects Brooklyn and Staten Island at the entrance to New York’s harbor.

The real need is for “col­lab­o­ra­tion” on all the details affect­ing small links in a supply chain or parts used in main­te­nance. “The system will only be as good as its weak­est link,” Metcalf said.

The mar­itime indus­try includes many links — some more than 30 years old that remain extreme­ly vul­ner­a­ble, while others are brand new and hard­ened, Xavier Bellekens, lec­tur­er at the Institute for Signals, Sensors and Communications, University of Strathclyde, said at the forum.

Looking only at ships, using open source infor­ma­tion, Bellekens said anyone “can rel­a­tive­ly easily … learn very fast about,” a ship at sea. Using slides, Bellekens select­ed one ship oper­at­ing from a Southeast Asian port and in less than a day fol­lowed its course out­bound, obtained bio­graph­i­cal data on its cap­tain, infor­ma­tion on the makeup of the crew, cur­rent cargo, des­ti­na­tions and the ship’s cur­rent posi­tion.

The data are poten­tial­ly useful to hack­ers, pirates, crim­i­nals, ter­ror­ists or hos­tile nation-states.

As he was speak­ing, Bellekens pre­sent­ed a news photo of the after­math of a collision at sea between a Russian frigate and mer­chant ship in Danish waters that occurred the day prior. He used the photo, which was avail­able within a few hours of the mishap, to empha­size the point that “there are many ways to gather open source infor­ma­tion.”

Master Mariner Capt. Alex Soukhanov, man­ag­ing direc­tor at Moran Cyber, said that while design­ers and builders have under­stood for decades the need for safety, seg­men­ta­tion or com­part­men­tal­iza­tion in ship work, “cyber and net­works” were “not pri­or­i­ties” for years. Those legacy sys­tems are still oper­at­ing today.

“It really doesn’t matter who the bad guy is” in hack­ing the vessel itself, from propul­sion to nav­i­ga­tion sys­tems, port man­age­ment, ter­mi­nal capac­i­ty of cargo, to a main­te­nance facility’s work sched­ule because “all of these sys­tems are con­nect­ed togeth­er.”

Tama said, “we’re years behind other sec­tors,” like finance, in under­stand­ing these con­nec­tions and the need for col­lab­o­ra­tion between ship owners, vessel oper­a­tors, ship builders and design­ers, ter­mi­nal and port author­i­ties, and com­pa­nies and law enforce­ment.

The reluc­tance to col­lab­o­rate in the pri­vate sector and even in public-pri­vate part­ner­ships with law enforce­ment agen­cies, includ­ing coast guards, has been shift­ing, Metcalf, Tama and Tiirmaa-Klaar agreed.

The impact of ran­somware demands in all man­ners of busi­ness — from health care to util­i­ties to trans­porta­tion — has been a key factor in this shift.

Even reduc­ing this to cyber­se­cu­ri­ty on ships alone, Metcalf said, “not all the ships are the same” because they were built at dif­fer­ent times for dif­fer­ent oper­a­tions. An exam­ple of “flesh on the bones” for ves­sels could be drawn from the International Safety Management agree­ment to improve cyber­se­cu­ri­ty afloat.

Moreover, Metcalf said the real­i­ty aboard a ship is that the first ques­tions a cap­tain or master ask if the ship’s oper­a­tions are dis­rupt­ed aren’t about cyber. They will instead ask about restor­ing that capa­bil­i­ty or how to work around it. In addi­tion, most offi­cers and crew “don’t real­ize how impor­tant [a part, a system, etc., are] until it’s no longer work­ing.”

For all the activ­i­ties involved in mar­itime oper­a­tions, “you can set up some gen­er­al prin­ci­ples” and “the right place is in the [International Maritime Organization],” she added.

USNI source|articles

Recommended Posts

Start typing and press Enter to search