Maritime CyberCyber attacks and infiltration events do not necessarily have to be particularly sophisticated. Cybercriminals are experts at using humans to do that “hard work” when it comes to infiltrating IT and OT systems, without us ever even being aware that we were the key piece in the attack.
Navigational charts and the use of ECDIS are good examples of this. For anyone who has sailed as a 2nd Officer, you already know the amount of manual effort that’s required on a weekly basis to update all of the onboard charts when the Notices to Mariners and Chart Corrections arrive.
Although almost all vessels are now equipped with electronic charts (ECDIS), the majority of classification societies still require paper navigation charts to be used as well. This builds in redundancy if anything were to go wrong with the ECDIS, but it also opens another gateway to the vessels IT and OT systems.
Alongside the weekly paper chart updates, there is a file that is emailed to the ship so that the electronic charts can be updated. From a 2nd Officers perspective, this is fantastic. They don’t have to pull out every chart, figure out what changes need to be made and then painstakingly do each manual correction.
The file will be downloaded from the email, transferred across to the ECDIS and it’s done. A week’s worth of chart corrections done in a matter of seconds. But here’s the thing, you’ve now taken a file that was received from an external party, received on a PC that was not connected to the rest of the ship’s network and just uploaded it into a system that can access almost all the bridge systems.
On the bridge of most modern vessels, the different systems are no longer standalone. It used to be the case that the radar was the radar, the ECDIS was the ECDIS and so on. Now it is much more common that the displays on the bridge are simply a link to the original system and data source. From a navigating officers perspective, this is highly useful. It means that you can set the bridge display systems up to suit the operations you are currently performing.
So far so good. The challenge here is that everything is interconnected. The GPS and AIS are feeding into the radar, ECDIS, Autopilot, engine power controls and vice versa. Whilst all of this makes the lives of the Navigating Officers easier, it also opens up a whole world of possibilities for cybercriminals to exploit.
A cyber attack has the potential to shut down all the bridge systems in such a way that simply restarting them is not going to restore full control.
Maritime organizations are taking appropriate steps to identify, analyze, assess, and communicate maritime cyber security risks. Contact us to learn how Cydome can help you prevent such unknown vulnerabilities with real-time anomaly detection.
