Maritime cyber security: Threats & consequence

The global shipping industry is highly vulnerable to a multitude of cyber-attacks. Some of these are so serious that they can send multi-million-dollar vessels on a course towards disaster.

What’s even more worrying is that the faults are very trivial and can easily be mitigated against.

Ship security is still in its infancy – similar faults have been fixed and updated multiple times in shore IT facilities and yet they are repeatedly ignored on ships. Mr Ken Munro of Pen Test Partners says that “The advent of always-on satellite connections has exposed shipping to hacking attacks. Vessel owners and operators need to address these issues quickly, or more shipping security incidents will occur. What we’ve only seen in the movies will quickly become reality.”

Most of the ship’s equipment, for instance, those on bridge work on National Marine Electronics Association (NMEA) 0183 or 2000. This is a plug-and-play communications standard used for connecting shipboard sensors and display units for example GPS, Autopilots, wind instruments, echo sounder, navigation instruments, engine equipment etc. The interconnectivity among instruments in the network allows, for example, the GPS receiver to correct the course that the autopilot is steering.

A number of instruments that meet the NMEA standard are connected to a single central cable, referred to as a backbone. The backbone in turn powers each instrument and relays data among all the instruments on the network. This permits one display unit to show many different types of information. It also allows the instruments to work together, since they share data. The beauty of NMEA is that it allows “plug and play” whereby devices made by different manufacturers can communicate with each other.

$GPAPA,0.15, R, N, V, V,015, M, DEST,014, M,016, M*82

Above is a NMEA sentence from Auto Pilot which means:

APA Autopilot format A

0.15 cross-track error distance

R steer Right to correct (or L for Left)

N cross-track error units – nautical miles (K for kilometres)

V arrival alarm – circle

V arrival alarm – perpendicular

015, M magnetic bearing, origin to destination

DEST destination waypoint ID 014,

M magnetic bearing, present position to destination 016,M magnetic heading to steer

All that a hacker needs is to force an entry into the vessel’s Auto pilot and change the letter R to L thereby commanding the vessel to turn in the opposite direction. This could result in any of the emergencies like collision/grounding etc. A few degrees the wrong way, just for a few seconds, at the wrong time, in a congested area such as a separation scheme and a collision could happen.

The easiest way to throw a ship offtrack is to gain access to the vessel’s GPS. Simple Software Defined radios (SDR) costing just a few dollars in the open market can be used to easily hack a GPS. These SDR’s are simple radios and are available freely on the internet. Anyone with just a little knowledge of how to operate them can easily hack a ship’s GPS.

The implications of hacking ships systems are profound and scary. One just has to spoof the signal and block busy traffic areas like English Channel or Malacca straits and the consequences would be disastrous.The shipping industry has been aware of the threat of GPS spoofing for years.An incident in 2017 pushed the issue higher up the global news agenda. At least 20 vessels in the Black Sea, in the vicinity of Novorossiysk Commercial Sea Port, reported that their GPS at times erroneously showed their position as Gelendzhik Airport, around 32km inland.

Practically each and every operation or equipment on board is exposed to Cyber-attack. Multiple shipping cybersecurity reports have repeatedly highlighted a huge number of connected systems that need protection with ONBOARD cybersecurity.

Some of them are:

• Communications systems, from satellite connections to Wi-Fi networks
• Passenger related information
• Bridge systems, like GPS and other positioning and charting systems, and the Global Maritime Distress and Safety System
• Propulsion and machinery power control systems
• Access control systems, like the closed-circuit cameras, shipboard security alarms, and bridge navigation alarms
• Passenger-facing networks, like public Wi-Fi and guest entertainment systems
• Core infrastructure systems, like routers, switches, firewalls, intrusion prevention systems, and security event logging
• Engine control systems
• Ballast water management systems
• Automatic Ballasting / De-ballasting systems on containers

VARIOUS EQUIPMENTS / SYSTEMS SUSCEPTIBLE TO HACKS

GLOBAL POSITIONING SYSTEM

A typical NMEA GPS sentence is as below

$GPGLL,1724.6160,N,3206.3013,E,222100.01,A,A*52

‘Geographic Position, 17 degrees 24 minutes 0.6160 seconds North, 32 degrees 6 minutes 0.3013 seconds East. Fix taken at 22:21:00 UTC, Data Active’

Hacking GPS data is not a very difficult task. Earlier one of the biggest worries was jamming a GPS signal. However, when a GPS signal is jammed the instrument gives an alarm whereas a more insidious attack is GPS spoofing. All that is required is to simply confuse the signals reaching the receiver by using simple equipment available on the internet. By merely fooling the GPS to believe that the receiver antenna is in a different location, a ship’s position can be changed just enough to result in disastrous consequences in a narrow channel.

One of the first reported incident of GPS spoofing was when the master of a ship off the Russian port of Novorossiysk discovered that his GPS put him in the wrong spot – more than 32 kilometres inland, at Gelendzhik Airport. After confirming his equipment was working properly, he contacted other nearby ships. Their AIS traces – signals from the automatic identification system used to track vessels – placed them all at the same airport. While the incident or the actual reason has not been confirmed as yet, it has certainly raised serious concerns.

Though not a cyber-attack, the grounding of the passenger vessel ROYAL MAJESTY is a good example of what can happen when GPS signals go haywire.

ELECTRONIC CHART DISPLAY & INFORMATION SYSTEM (ECDIS)

This is one of the most important and also one of the easiest equipment to hack. There are multiple ways in which an ECDIS can be hacked. ECDIS and other digital aids take feeds from multiple sources (as already discussed above). These include GPS, log, gyro, echo sounder, AIS etc. Exploiting the networks which these devices use to communicate can result in rogue position data being sent to all navigation systems.

1.Hacking ECDIS through GPS Spoofing

Incidents of GPS spoofing have been reported in the Straits of Hormuz, East Mediterranean Sea (close to the entrance of Suez Canal) & South China Sea.

All that is required is to deceive the GPS receiver by fake signals which resemble normal signals or sometimes by broadcasting genuine signals but captured elsewhere or at a different time.

Cyber security experts have proved that by simply fooling the ECDIS into believing that the GPS receiver is in a different position than actual, it is possible to completely alter vessels position. It is somewhat similar to GPS offset.

2.Hacking ECDIS through regular digital updates

Mr. Asaf Shefi of Naval Dome commented that: “The Captain’s computer is regularly connected to the internet through a satellite link, which is used for chart updates and for general logistic updates. Our attacking file was transferred to the ECDIS in the first chart update. The penetration route was not too complicated: the attacking file identified the Disk-On-Key use for update and installed itself. So once the officer had updated the ECDIS, our attack file immediately installed itself onto the system.”

An ECDIS update signal sent surreptitiously through the ships mail can very easily result in hacking. Hence it is important that officers of the watch should be encouraged to take land bearings/cross bearings and celestial sights once in a while. Also, the officers should be vigilant and look out of the bridge windows at the world outside. Don’t trust your ECDIS and other navigational systems to always be accurate.

HACKING AUTOMATIC IDENTIFICATION SYSTEM (AIS)

Hacking an AIS is child’s play. Anyone with a simple homemade Software Defined radios (SDR) can easily register fake ships on geographical coordinates, faking collision alerts.

From Trend Micro: Spoof radio signals convinced an online ship tracking service that this fake craft had travelled on a path near Italy that spelled out the hacker term “pwned,” which describes a system that has been compromised by an attacker. © SW

Above photo depicts a fake vessel traveling off Italy on a course that spelled out the hacker term for a compromised system: ‘PWNED.’

In yet another recent incident an oil tanker arrived in Singapore in June 2020 and reported her position to VTIS East. But, the VTIS failed to locate the ship on AIS. They served a notice to Master not to sail without the AIS repair. Owners immediately arranged for a technician who boarded the vessel at anchorage. He checked and confirmed with the VTIS that all are in order. However, the AIS failure re-occurred after two days during departure and the company had to take flag state dispensation.

A new AIS was installed on arrival at the next call Singapore. The technician verified with VTIS, and AIS was found satisfactory. However, again after a few days, the berthing Pilot reported the same issue and the vessel’s sailing was postponed to facilitate service engineer’s boarding at anchorage.

Company again arranged service engineers to check the AIS. This time the attending technicians found that three other vessels were using the vessel’s MMSI number. This caused interference and intermittent failure of AIS transmission from the vessel.

Owners informed the MPA Singapore, once they identified the actual problem. An investigation in the matter was launched and it was discovered that vessel’s identity was being used by other vessels involved in possible illegal bunkering or sanction trade. This incident highlights how easy it is to hack into ships’ systems.

CYBER ATTACKS DESTABILISING CONTAINER SHIP OPERATIONS

To modify or alter a load plan, it’s important to recognise the procedure which is adopted. Container vessels use BAPLIE-EDIFACT messaging systems to create the loading plan. There are innumerable electronic messages exchanged between shipping lines/terminals/port and ships.

BAGPLIE: BAyPLan Including Empties

EDIFACT: United nations / Electronic Data Interchange for Administration, Commerce & Transport. It is an international standard that was developed by the United Nations. This is a global set of rules defined by the UN for the inter-company electronic data exchange between two or more business partners via Electronic Data Interchange EDI.

A cyber security firm “Pentest partners” have highlighted that by just switching EDI message codes can cause misloading and out-of-trim situations. Observations of Pentest partners are

• In the below EDIFACT message VGM represents the “Verified Gross Mass” and KGM stands for Kilograms

MEA+AAE+VGM+KGM:9580.7′. By modifying the VGM value, ship stability calculations can be very easily tampered.

Some more EDIFACT Messages like

• HAN+PRI:HANDLING:306′ here PRI means Priority and by changing this code the position of container can be changed thus harming the cargo inside.

OR

• HAN+LTT:HANDLING:306′ where LTT means “load Third Tier on Deck” By tampering with this code the location of container can be completely altered.
• Reefer containers need special storage / location and by inserting NOR (Not operational) in the below EDIFACT message the container can be placed anywhere without specific placement on Reefer Bay where connections are available for Reefer containers.
• There have been reports that back in 2015, ships belonging to a well-known shipping company have been targeted in six different occasions to steal diamond jeweller worth millions of dollars carried in containers. The pirate attack was completed in just one and hours indicating that pirates had foreknowledge of contents of containers.

During investigations,the IT team noticed that hackers had installed malicious codes on shipping company’s content management systems (CMS). Thus, hackers could download shipping data including cargo manifests and Bills of Ladings. Real time tracking of ships also assisted the pirates in getting exact location.

SOME HIGH-PROFILE CYBER HACKING CASES

• Maersk Lines
• IMO website
• MSC
• CMA-CGM
• Colonial Pipelines

MITIGATION METHODS

Best way to mitigate such cyber threats is to ensure that cyber awareness procedures are followed along with

• Segregation of vessels network
• All passwords changed often
• All software kept updated
• Continuous training of employees
• Enable encryption & Authentication of all communications

CONCLUSION

It was always believed that the majority of accidents were caused by “Human Error”.

To overcome those, new technologies like ECDIS/AIS /GPS / UMS were introduced. Though these innovations have brought in efficiency, they have rather failed in reducing accidents. While they provide a lot of important and necessary information, they have also increased the level of complexity and increased the probabilities of failure.

I will leave with something for the readers to mull upon “It is suspected that one of the probable causes of WAKASHIO accident could have been a Cyber Attack, otherwise how an alteration of course on 21^st July heading straight towards Mauritius, went unnoticed for four days till the massive ship ran aground on 25^th July”.

Capt.Pankaj Kapoor

Master Mariner, Bachelor of Science, Bachelor of Law (LLB), Master of Law, Post Grad Maritime law,AFNI