The Maritime Transportation System is a comprehensive system of systems. It contains ships, shipping lines, people, ports, intermodal transfers, and inland waterways. Each of these in itself is a system of systems, each of which is a major attack vector by scammers. And then if we just look at vessels, we have the ship's network, the navigation systems, the methods for updating and remote access communication systems that we've discussed, the cruise network, the network backbone. Industrial control systems and loading and stability systems. All of these are potential targets for malign actors.
The older ships have run without computers and without networks, that is no information communication technologies, and a critical part of the maritime transportation systems are the information communication technologies that support storage and transportation of data. Now information and communications technologies are technologies that are used to handle, so modern ships are highly reliant on these information communication technologies to function. Modern vessels are essentially floating computers and networks, and as such are susceptible to vulnerabilities and cyber attack. Maritime cyber attacks are happening more frequently than members of the maritime community believe because of the number of unreported and undetected attacks.
Several types of information communications on ships:
Navigation systems. There needs to be some method for updating the information communications technologies on a ship. Then you have all the communications that are digitized, loading and stability systems etc. All of these are potential threat factors for a cyber attack on a ship.
If a cyber attack occurs and it brings down one part of the system, then that can have an effect on the system as a whole.
Automatic Identification System (AIS) which is quite unique to the Maritime Transportation System is a safety feature described as foremost a navigational tool for collision avoidance and is mandatory for all ships carrying passengers and any cargo vessels over a certain size. So the actual AIS system is simply a transponder that transmits course speed, type, of vessel, type of cargo whether it's at anchor or under way, and other information for safety purposes. And unfortunately, the AIS system is neither encrypted nor authenticated.
Specific of information is broadcast in these AIS messages, there's static information and it includes things that don't change, such as the maritime mobile service identity number, the call sign, the ship name, the size and the type of the ship. There's also navigational information, which is sourced primarily from electronic navigational systems on board the ship, and this information includes course over ground, speed over ground, the heading and rate of turn. In terms of cyber attacks, the one that's most relevant to the automatic identification system are the navigational information attacks, which could influence information flowing to and from the ship on course. Speed, heading, navigational status and rate of turn.
There are solutions that would include being able to encrypt and authenticate these AIS messages, but that would require the installation of new hardware on hundreds of thousands or millions of ships.
The cargo ship transmits the AIS message to an AIS capable satellite every few seconds, which then relays that message to an AIS base station, which is terrestrial based. That means it's on land and then that's sent to the vessel tracker service. Additionally, ships have the capability of sending AIS messages directly to other ships in order to avoid collisions, but now we have a malign actor that has the capability to spoof messages, which can then be sent to the AAS base station, which is then transmitted to other ships as well as to the vessel tracking service.
If the malign actor is able to spoof in AIS message sending it to, let's say, an AIS base station and the AIS message contains false information, the latitude, the longitude and the course of the cargo ship, then that cargo ship may appear to other parts of the system receiving those messages, As being located here. In this instance, the malign actor is going to create a spoofed ghost ship, and so the malign actor creates all the necessary information for an AIS message for a ship that doesn't even exist. However, every vessel and entity, including the air space station and the vessel tracker service receiving these AIS messages will see that ghost ship.
There is such a thing as spoofing when it comes to navigational satellite transmissions. GNSS spoofing alters the data associated with the GNSS to produce different positions, navigation or actual timing information.
Spoofing does it tricks the GPS receiver, which can be a system aboard a ship, these signals are unencrypted and are not authenticated. When spoofing occurs, it effectively replaces the real GPS signals with a fake signal. So GPS spoofing used to be very complicated, now, it's easy to gain access to such a transmitter.
To avoid or mitigate the impact of a cyber attack on a ship, it is important to implement robust cybersecurity measures.
Here are some steps you can take to enhance the cyber security of your vessel:
- Assess the cyber security risks specific to your ship and its systems. Identify potential vulnerabilities and threats that could be exploited by cyber attackers.
- Create a comprehensive cyber security plan that outlines procedures, policies, and technical measures to protect your ship's systems and data.
- Provide cyber security awareness and training programs to all crew members. Train them on best practices for secure use of onboard systems, recognizing phishing attempts, and handling suspicious emails or removable media.
- Ensure that all onboard systems, networks, and devices have strong, unique passwords. Enforce the use of multi-factor authentication (MFA) for critical systems. Limit access privileges to only those who require it for their job responsibilities.
- Regularly update and patch the ship's operating systems, firmware, and software applications.
- Deploy firewalls to monitor and control network traffic, and install reputable antivirus software to detect and mitigate malware threats.
- Implement secure network configurations and segment your ship's network to isolate critical systems from less critical ones.
- Implement a regular backup strategy to ensure critical data is backed up frequently and stored securely.
- Establish a clear incident response plan that outlines the steps to be taken in case of a cyber attack. Define roles and responsibilities, including reporting procedures, containment measures, and recovery processes.
- Keep up to date with the latest cyber security threats and trends in the maritime industry. Stay informed about security advisories, alerts, and best practices provided by industry organizations, cybersecurity agencies, and relevant authorities.
Сyber security is an ongoing process, and it is important to regularly review and update cyber security measures to adapt to new threats and vulnerabilities. Consider seeking assistance from cybersecurity professionals with expertise in the maritime sector to assess and improve your ship's cybersecurity posture.