Cybersecurity in the Maritime Sector: History
View Latest Version
Please note this is an old version of this entry, which may differ significantly from the current revision.
Subjects: Computer Science, Information Systems | Transportation Science & Technology
Contributor:
Stavros Shiaeles
,
Gueltoum Bendiab

Global maritime sector is increasingly reliant on digitalisation, operational integration, and automation. Leading shipbuilders and operators seek to innovate by utilizing cutting-edge technologies and systems that go beyond traditional designs to create ships with advanced remote control, communication, and connectivity capabilities. Those capabilities are tested through various autonomous vessel projects.

  • maritime
  • ships
  • cybersecurity
  • vulnerabilities
  • cybercriminals

1. Cyberattack Cases from the Maritime Transport Sector

Spoofing incidents have already been reported in the Black Sea, where a number of ships reported anomalies with their GPS-derived position and found themselves apparently located at an airport [1].In the same area as the incident above, a ship was also exposed to GPS spoofing. In a previous GPS jamming attack, more than 280 vessels were reported by South Korea to have experienced navigational system issues; the GPS signal was jammed by hackers, causing some GPS signals to die and others to receive incorrect data [2]. For about 10h, the attacker took over the ship’s navigation system and the captain was helpless to do anything to put the ship back into operation.

In another large-scale incident, the port system of Maersk fell victim to a major cyberattack caused by the “NotPetya” malware, which also affected many other shipping companies globally. All these incidents confirm that modern cyberattacks go beyond manipulating navigation or tampering with cargo; they can disrupt local and global supply chains and even put the lives of the crew or passengers on board the ship at risk. The IT systems of ports have also had a burst of associated cyber incidents that affected the maritime infrastructure. This incident was followed in 2020 by a serious ransomware attack on the shipping company CMA CGM SA, which impacted some servers on its network and prevented customers from having external access to the company’s IT applications and booking systems [3].

2. Security and Safety Countermeasures

According to [4], blockchain technology will play a major role in identification and certification, ensuring data integrity and information security in the future of the maritime industry and autonomous vessels. Blockchain technology has been proposed to improve autonomous vessels’ control security in many studies [5][6][4][7].The first is to create a continuous monitoring system that can provide real-time situation awareness of the ship’s security health status [5][8][9].The main feature of blockchain technology, including traceability, transparency, auditability, immutability, and decentralisation, is proposed to enable secure communication and secure storage of the data exchanged between vessels and the shore control centre.

These defence systems can participate in the identification and mitigation of potential cyberattacks at multiple levels. Finally, collaborative defence systems that implicate multiple stakeholders are being explored [10][11].Detection and countermeasures taken for an attack on a single vessel can be communicated to other autonomous vessels in the fleet.

3. Background on Ship Automation Systems

Modern and autonomous ships are equipped with a variety of complex automated systems that have made the sea a much safer place than before [12].However, some of these systems are often insecure and vulnerable to attack because they are considered less critical to security and performance [13]. These systems include navigation systems, radio detection and ranging (radar), Automatic Identification Systems (AISs), communications systems, and control systems for the wide range of electromechanical systems on board ships, such as the main engine, generators, converter drives, etc.[12][14]

As the complexity, digitalisation, and automation of systems in the maritime industry increase, modern ships and vessels are confronted with an increasing number of new challenges related to the security and data protection of IT systems on board ships [12][15][16]. Potential threats to the security and privacy of shipboard IT systems are discussed in the next section, along with actual incidents of cyberattacks against these systems. The Global Maritime Distress System (GMDSS) [17], propulsion control system [18], Integrated Bridge Systems (IBSs), machinery management [19], and power control systems [20] are other key features of the automation systems on board a ship that play an increasingly important role in facilitating the smooth, safe, and efficient operation of the ship. Recently, several cybercrime cases have been reported in the maritime industry, while others remain unknown as shipowners are not willing to report them for potential reputational damage [16].

4. Cyberattacks on the Ship Automation Systems

As a result, autonomous vessels that rely on improved satellite communications to transmit operational commands and sensor data may be at risk of cyberattacks [21], such as denial-of-service attacks, package changes, and man-in-the-middle attacks. Additionally, because many ship systems rely heavily on satellite position, GNSS failure can lead to the breakdown of other ship systems (for example, AIS).Autonomous transportation systems must be capable of communicating with operational crews from ground crews, allowing cyberattacks to take full control of critical transport operations, allowing for a broader range of attacks and incentives for intruders [22][23]Furthermore, low-power satellite signals have a significant technical disadvantage due to simple congestion.

These technologies have many security vulnerabilities because the design and configuration of communication links between IT networks pay little attention to authentication and encryption methods, resulting in potentially vulnerable and outdated systems being available on the Internet. Financial pressures, legal requirements, and remote monitoring and management requirements increase the need for IT systems and network connectivity in the modern shipping industry; however, these systems will increase the size of the attack surface that security teams must defend [12][14][24] and create additional points of access that hackers could use to enter the ship’s system. Several types of networks are used in the maritime industry for the transmission of the data gathered and processed by networked information systems. Actually, shipboard information technology systems are frequently linked to onshore facilities, increasing the risk of systematic and continual threats [25].

5. Conclusions

From the numerous reported cyber incidents and their consequences, there is clear evidence that every ship, vessel, or even port is at risk of cyberattacks if key information systems are not adequately protected. It was discussed some possible countermeasures that can mitigate potential cyberattacks and make the shipping industry a hard target, such as the implementation of a new security standard that reduces the number and scope of cyberattacks. Various types of cyberattacks, these ships could face, were discussed along with real-world incidents. Therefore, IT and OT systems in modern ships should be prepared with enhanced security measures due to their great vulnerability to cyber threats.

Abbreviations

AI Artificial Intelligence
AIS Automatic Identification System
GMDS Global Maritime Distress System
GPS Global Positioning System
IBS Integrated Bridge System
ICS Industrial Control System
IT Information Technology
OT Operational Technology
Radar Radio Detection and Ranging
VSAT Very Small Aperture Terminal

This entry is adapted from the peer-reviewed paper 10.3390/network2010009

References

  1. Forscout. Spoofing in the Black Sea: What Really Happened? Available online: https://www.gpsworld.com/spoofing-in-the-black-sea-what-really-happened/ (accessed on 31 January 2022).
  2. Oruc, A.; MIMarEST, M.S.M. Claims of State-Sponsored Cyberattack in the Maritime Industry. In Proceedings of the 15th International Naval Engineering Conference & Exhibition, Delft, The Netherlands, 6–8 October 2020.
  3. Rosehana Amin, R.D.; Jones, D. Part 1: A Very Modern Form of Piracy: Cybercrime against the Shipping Industry—Rapidly Developing Risks. Available online: https://www.clydeco.com/en/insights/2021/03/a-very-modern-form-of-piracy-cybercrime-against-th (accessed on 3 February 2022).
  4. Bechtsis, D.; Tsolakis, N.; Bizakis, A.; Vlachos, D. A blockchain framework for containerized food supply chains. In Computer Aided Chemical Engineering; Elsevier: Amsterdam, The Netherlands, 2019; Volume 46, pp. 1369–1374.
  5. Silverajan, B.; Ocak, M.; Nagel, B. Cybersecurity attacks and defences for unmanned smart ships. In Proceedings of the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada, 30 July–3 August 2018; pp. 15–20.
  6. Petković, M.; Vujović, I. Blockchain security of autonomous maritime transport. J. Appl. Eng. Sci. 2019, 17, 333–337.
  7. Ahmad, R.W.; Hasan, H.; Jayaraman, R.; Salah, K.; Omar, M. Blockchain applications and architectures for port operations and logistics management. Res. Transp. Bus. Manag. 2021, 41, 100620.
  8. Zhou, X.; Liu, Z.; Wu, Z.; Wang, F. Quantitative processing of situation awareness for autonomous ships navigation. Int. J. Mar. Navig. Saf. Sea Transp. 2019, 13, 25–31.
  9. Reddy, G.N.; Reddy, G. A study of cybersecurity challenges and its emerging trends on latest technologies. arXiv 2014, arXiv:1402.1842.
  10. Bhutani, A.; Göttel, B.; Van, N.T.P.; Mukhopadhyay, S.; Demir, V. Advances in Radar Technology; Scientific Research Publishing: Wuhan, China, 2021; p. 245.
  11. Jones, K.D.; Tam, K.; Papadaki, M. Threats and Impacts in Maritime Cybersecurity. Master’s Thesis, University of Plymouth, Plymouth, UK, 2016.
  12. Alcaide, J.I.; Llave, R.G. Critical infrastructures cybersecurity and the maritime sector. Transp. Res. Procedia 2020, 45, 547–554.
  13. Balduzzi, M.; Pasta, A.; Wilhoit, K. A security evaluation of AIS automated identification system. In Proceedings of the 30th Annual Computer Security Applications Conference, New Orleans, LA, USA, 8–12 December 2014; pp. 436–445.
  14. LR. Cyber Enabled Systems. Available online: https://unece.org/fileadmin/DAM/trans/doc/2018/sc3wp3/07._LR.pdf (accessed on 31 January 2022).
  15. Gu, Y.; Goez, J.C.; Guajardo, M.; Wallace, S.W. Autonomous vessels: State of the art and potential opportunities in logistics. Int. Trans. Oper. Res. 2021, 28, 1706–1739.
  16. Ben Farah, M.A.; Ukwandu, E.; Hindy, H.; Brosset, D.; Bures, M.; Andonovic, I.; Bellekens, X. Cybersecurity in the maritime industry: A systematic survey of recent advances and future trends. Information 2022, 13, 22.
  17. Ilcev, M. New Aspects for Modernization Global Maritime Distress and Safety System (GMDSS). Int. J. Mar. Navig. Saf. Sea Transp. 2020, 14, 519–530.
  18. Sáiz, V.M.M.; López, A.P. Future trends in electric propulsion systems for commercial vessels. J. Marit. Res. 2007, 4, 81–100.
  19. Scherer, T.; Cohen, J. The evolution of machinery control systems support at the naval ship systems engineering station. Nav. Eng. J. 2011, 123, 85–109.
  20. Kazak, N.; Frolova, S. Ship Automation and Control Systems. In Proceedings of the IX All-Russian Science-Practical Conference of Students, Postgraduates and Young Scientists, Kerch, Crimea, 6 May 2020; p. 46.
  21. Analytica, O. Global maritime security risks rise with GNSS use. In Emerald Expert Briefings; Oxford Analytica: Oxford, UK, 2019; Volume 1.
  22. Tam, K.; Jones, K. Cyber-risk assessment for autonomous ships. In Proceedings of the 2018 International Conference on Cybersecurity and Protection of Digital Services (Cybersecurity), Scotland, UK, 11–12 June 2018; pp. 1–8.
  23. Kessler, G.C.; Craiger, J.P.; Haass, J.C. A taxonomy framework for maritime cybersecurity: A demonstration using the automatic identification system. Int. J. Mar. Navig. Saf. Sea Transp. 2018, 12, 429.
  24. Bugeja, J.; Jönsson, D.; Jacobsson, A. An investigation of vulnerabilities in smart connected cameras. In Proceedings of the 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), Athens, Greece, 19–23 March 2018; pp. 537–542.
  25. Caprolu, M.; Di Pietro, R.; Raponi, S.; Sciancalepore, S.; Tedeschi, P. Vessels cybersecurity: Issues, challenges, and the road ahead. IEEE Commun. Mag. 2020, 58, 90–96.
More
© Text is available under the terms and conditions of the Creative Commons Attribution (CC BY) license; additional terms may apply. By using this site, you agree to the Terms and Conditions and Privacy Policy.
This entry is offline, you can click here to edit this entry!
Video Production Service
Feedback