Your Guide to Ship Cybersecurity
- Types of Cyber Attacks
- Stages of a Cyber Attack
- Identify Cyber Vulnerabilities
- How to Create a Plan
- Cybersecurity Training
In an age where electronics seemingly control everything, cybersecurity has never been more critical to the marine sector. We depend on electronics for everything from vessel navigation to maintenance, and their proper function is essential to protect crew and vessel safety.
As maritime technology advances, electronic OT — Operational Technology — systems that physically control the ship are being integrated with IT — Information Technology — systems. As vessels update their systems to more advanced, electronically controlled components, they’ll need to increase their vigilance because IT systems can be attacked and controlled by outside parties.
In an attempt to reduce cybersecurity threats, the United States Coast Guard has paired with the Transportation Security Administration to fight potential cyber risks in the shipping industry and prepare mariners with the knowledge to combat them.
In this article, we’ll discuss the types of cybersecurity threats and offer a few best practices to prepare crew members to guard against attacks and misuse. By understanding how and why cyber risks happen, mariners can reduce the chances they’ll occur.
Types of Cyber Attacks and Tricks
There are two general types of cyber attacks that can affect a marine company or a ship — untargeted attacks and targeted attacks:
- Untargeted attacks look for potential cyber weak spots in multiple companies or ships.
- Targeted attacks are directed toward a specific company or ship and can be harder to deter.
Both of these attacks may use techniques used commonly across the internet to discover and exploit weaknesses in a maritime company or a ship. The following are examples of cyber attack techniques:
- Malware: A general term for harmful software designed to damage a computer system without the knowledge of the owner. Some of the common types and names for malware include spyware, viruses, worms and trojans. Malware can target bugs in your system and use them to establish itself. Malware is often acquired through links in emails and untrustworthy websites.
- Phishing: When cybercriminals target a mass number of people with a generalized message, they’re hoping to get a response they can then use to hack your system or gain valuable information. This usually happens through email, and they request some action, like following or link or sending data.
- Water Holing: This technique involves establishing a fake website or one that pretends to be another website in an attempt to get users to give up information.
- Social Engineering: Sometimes cybercriminals will attempt to contact and influence people to break protocol or give up information that could be used to harm their company through social media.
- Brute Force: Criminals can use programs that attempt to systematically guess your password, which may work if passwords are simple.
- Denial of Service: This technique floods a network with data, which prevents legitimate users from accessing the programs they need. These attacks can take control of many computers at once and infect entire servers.
- Spear-phishing: This type of targeted attack is like phishing, except it’s aimed at a person or company. It’s often harder to spot than traditional phishing and attempts to gain information by using personalized email requests or offering links that infect your system.
- Subverting the Supply Chain: Sometimes cybercriminals will attempt to compromise electronic systems before they reach a company or ship.
- Impersonation: Sometimes, criminals will go so far as to impersonate an employee or inspector to gain access to your vessel or company’s systems to obtain valuable information.
The techniques described above are just some of the many ways cybercriminals may attack your ship or company’s systems. These techniques are continually evolving, and it’s important to know how to recognize attempts to break into your systems by being able to identify when something is out of the ordinary.
Stages of a Cyber Attack
To understand how criminals steal your information, it helps to know the steps they take to carry out a cyber attack. When you better understand their techniques and phases of attack, it’s easier to identify threats and unusual activity.
The following are the steps hackers use to try to get through your defenses.
1. Survey and Reconnaissance
If targeting your company or ship directly, hackers may first use public and unprotected sources to gain information. Then, sources like social media, technical forums, data from websites and other publications can be used to identify your system’s vulnerabilities. They may also be able to intercept and monitor the data flowing to and from a ship or company.
2. Delivery
At this stage, cybercriminals attempt to access the company or ship systems and data and deliver malware or steal information. There are several ways in which this can happen:
- Through company online services or websites, like cargo or container tracking programs
- By sending an email with attached malware or links that lead to sites with infectious malware to employees and crew members
- By offering a fake media update or new software to a system user
- By creating counterfeit websites with harmful data or that try to request information from the user
3. Breach
This phase refers to when the attacker enters the system and can tamper with data or steal information. It may not always be visible, as some techniques do not hinder the function of programs, but they may be transmitting sensitive data anyway. Depending on the level and type of breach, a hacker may be able to:
- Make changes to your system and change the way it operates, which could include changing the way navigational equipment processes data or changing work-related information like loading lists
- Steal company data that is confidential and could be used to harm the company — such as cargo manifestos and personal crew information
- Control your system entirely by taking over with software of their own
4. Pivot
Once inside your network, cybercriminals will use that access to obtain data to get into other systems. They may first choose to attack an area of the company or ship security that is lower and less critical but then can use that information to hack into more sensitive areas.
In this phase, the attacker may try to:
- Upload programs and applications that will help them with their next target in your system
- Scan your network for other systems and areas of sensitive data that they may be able to hack using network mapping tools
- Install programs that allow them continual access to your systems
Cyber attackers have different reasons for trying to access your company or ship data and systems, ranging from identity theft to defamation of your company. By identifying areas in your ship’s systems or marine company that would be valuable to scammers or competitors, it can help you preemptively guard against attack.
How to Identify Cyber Vulnerabilities on a Ship
Identifying your cyber risks couldn’t be more critical. Here’s a real-life example:
According to The World Shipping Council and other maritime organizations, the average time it takes to identify a cyber attack in your system is 140 days. That’s 140 days criminals can steal information from your company or your ship and use it to their advantage. However, with companies realizing that cybersecurity is a serious issue, the number of days it takes to identify a threat has been dropping in recent years. Why? Maritime companies are fortifying their weaknesses.
The first step toward identifying cyber vulnerabilities aboard your ship or within your company is to perform an overall assessment with a cybersecurity specialist. A specialist will examine your systems and identify potential weak spots and areas that cybercriminals may target. It’s important to hire someone with a deep understanding of maritime IT and IO systems, as they’re different than other corporate systems.
Once you identify the areas that are the most vulnerable, you’ll be able to bolster your system’s defenses accordingly.
Stand-alone systems on ships are less likely to be subject to a cyber attack, but those that are integrated with other systems or the internet will be more vulnerable. Keep in mind, a lot of these system vulnerabilities are the result of human error, and proper crew training is always a good defense against attacks.
To identify cyber attack targets on your ship, a specialist will need to examine the following onboard systems:
- Cargo Management Systems: Systems used for the loading and unloading or cargo and its management and control can be vulnerable to cyber attack because they are integrated into the ship’s electronic data systems.
- Bridge Systems: With the ever-increasing use of electronic navigational equipment, these systems are more susceptible to cyber risk, as many of them interface and communicate with onshore servers.
- Propulsion, Machinery and Power Control Systems: Since electronic programs control the physical actions of the ship, they can fall victim to a cyber attack and threaten ship control, especially when they’re connected to remote condition-based monitoring and are integrated with navigational systems.
- Passenger Service and Management Systems: Systems used for property management, boarding and access contain passenger data. Devices like handheld tablets, scanners and others pass along the data they collect to a larger server that could be attacked.
- Public Networks: Connections to the internet aboard your ship may be there for the personal purposes of passengers and crew, but they should be separate from any non-personal systems aboard the ship. These networks can still be exploited by cyber attacks, just like the internet onshore. Passengers and crew should be careful about the websites they visit on unsecured networks.
- Communication Systems: Either internet or satellite communication systems can increase the vulnerability of a ship’s systems. While service providers do have their defenses against cyber threats, it’s a good idea to not rely on these safeguards alone.
Cyber vulnerabilities exist on every ship — both old and new, and the following are some of the common flaws in marine systems:
- Obsolete operating systems that can no longer be updated
- Missing or outdated anti-malware software that doesn’t protect from modern threats
- Lacking security protocols and safeguards, including employee mismanagement of the network and the use of default administrative accounts and simple passwords
- Integrated computer systems that lack safeguards and network segmentation
- Systems that must be connected to a server on land to function correctly, or are always connected to a system on shore that isn’t secure
- Lacking access controls for service providers and contractors
How to Create a Ship Cybersecurity Plan
Why is it essential to have a cybersecurity plan for your ship? Here’s a real-world example:
According to The World Shipping Council and other maritime organizations, a ship with integrated navigation had their systems fail while at sea in bad visibility and high traffic. They had to resort to using paper charts and one radar for days before they could safely enter the port to have their systems repaired. After diagnosis and repair, it was determined that when a crew member performed a software update on the ship’s obsolete system — the computer couldn’t handle it and crashed.
The ship had to remain in port until their systems could be replaced, which took a lot of time and money. Mistakes like this don’t happen with proper updates to ship technology and proper crew cybersecurity training.
Not all cybersecurity threats come from a malicious source, and negligence and lack of cyber knowledge can be more harmful than an attack.
There is no substitute for developing a bullet-proof ship cybersecurity policy for your marine IT and OT systems and maintaining a bug-free system.
All marine ships and companies should have a cybersecurity plan similar to the following:
- Identify Threats: Assess the external and internal security threats in systems. Identify the valuable and sensitive data that a cybercriminal may want and how they may try to get that information.
- Identify Vulnerabilities: Find the areas of weak security within your systems, including a lack of proper employee protocol as well as software and system bugs.
- Assess Risk Exposure: Determine the likelihood of being the victim of a cyber attack and explore the impact that a cyber attack could have on your ship and your marine company.
- Develop Protection and Detection Tools: Employ new security measures like updated software and server protection, as well as employ features that alert you if a cyber attack has taken place.
- Establish a Contingency Plan: Develop a response plan for cybersecurity attacks. Determine how your ship or company will react if one happens and how you will recover and return to your normal operations.
Maritime Cybersecurity Training
Here at MITAGS, we offer a cybersecurity course for mariners that focuses on the management of technical issues and cybersecurity onboard a ship. Through a series of lectures, discussions and student-led presentations, our experienced teachers help students make better cybersecurity decisions.
The course equips students with the knowledge to influence the maritime industry and its associates toward a better cyber environment. Students discuss current cybersecurity issues and get a chance to explore changes to improve cybersecurity problems in the industry.
For more ongoing learning, we’ve also partnered with Maritime TV to present the Cyber-Skilled Mariner Series — a planned 8-part program dedicated to reviewing many different aspects of maritime cybersecurity, including risk analysis in shipboard operations, bridge communications, cargo operations and port operations.
If you have any questions about cybersecurity in the maritime industry or would like more information regarding our courses, please contact us today.