Your browser version is outdated. We recommend that you update your browser to the latest version.

Is ship cybersecurity threat real?

 

A recent case of a ransomware attack on a ship's computer network system damaged all its electronic documents. Apart from a security failure, some additional dangerous events could happen from such a cyber-attack as below:

  1. Navigation & Collisions Risks: In case ECDIS, GPS or AIS compromised
  2. Ship Unseaworthiness: As it was shown in the CMA CGM Libra case ‘nautical publication’ or ‘instrument’ is part of Passage planning. If any of these is missing, is incorrect or damaged then the ship is unseaworthy. In other words, the ship has lost its insurance cover.
  3. Commercial issues: Port agents and charters will complain when the ship’s email system is unavailable for some period. This is reasonable since the modern shipping business relies on communications.
  4. Piracy threats: This is explained in our recent paper “Appraisal of a Ship’s Cybersecurity efficiency: the case of piracy”  Journal of Transportation Security.

 

 Which are the major attacks that can affect a ship?  

 

1.  Network Attacks.

The most common way is if someone (crew or visitor) downloads untrusty email attachments or click on suspicious web links. This attack could also happen when an attacker can access a ship’s Wi-Fi communications to derive information from smartphones or to have to access the internet. A major risk is the uncontrolled Crew internet welfare.

 

2. Infected USBs

Heavy reliance on flash drive/USB media use for system updates or media transfer could cause network failure and loss of data. ECDIS could be affected during software or chart updates from infected USB memory stores. In this category are also included mobile phones, cameras and external storage devices.

 

3. Radio Frequency Attacks

Ships are equipped with several transmitters that can be detected through their signals including Very High Frequency (VHF), Medium Frequency/High Frequency (MF/HF), satellite communication (Sat-Com C) and AIS. Attacks on GPS signals could affect the time synchronisation of individual devices. Nowadays, the availability of cheap satellite navigation jamming devices can shift a ship’s position from a distance of several kilometres.