Rod Johnson, an occasional Splash contributor, attacks those who peddle cyber fear to sell their products.
Hackers took ‘full control’ of container ship’s navigation systems for 10 hours
Tanya Blake, editor, Safety at Sea, 22 November 2017
Remember this? It didn’t happen. Fake noos.
Like so many scary cyber stories, this one isn’t true. Not only that, it couldn’t be true. This is a quick examination of the way that declining editorial expertise is diluting the maritime press, the woeful lack of expertise in self proclaimed marine cyber experts and marine cyber risk as actually experienced.
There are clues in the article to the identity of the ship allegedly hacked. I used these clues, and the excellent Clarkson’s SEANET service, to find the one ship that fitted the profile, and was in the right place at the right time (if we go with the idea that a post panamax container ship on a voyage from Cyprus to Djibouti wouldn’t fit into Limassol). Then I made discrete enquiries with the owner, who of course was in very much in tune with what’s going on with other German owners. The net result is that the target ship wasn’t involved and neither was anybody else’s ship, in the Red Sea or anywhere else. While we’re on the subject of apocryphal stories, the story doing the rounds that hackers capsized a semi-sub also never happened.
These enquiries took me a couple of days, allowing for other people’s busy diaries and properly framing the enquiry to obtain a candid answer. Fact checking is easy. Even for journalists.
Then I looked at the nature of the source. I also spoke with the editor about the source, who quite rightly chose to protect it so I suppose we’ll never know just how well informed, reputable and expert the source is. I’m sure you can form your own opinions on that. All of the claims made are hearsay. I couldn’t help but notice the massive conflict of interest from the source, who appeared to be doing nothing more than inventing a scary story to sell a product. So now we’re at no facts checked, no first party involvement and crude fear based marketing. And this in an otherwise respectable maritime journal.
Finally, even though as a ship driver I know this sort of thing can’t happen I took a quick trip through SOLAS as applied to a ship with a post-2010 keel date and over 300 gt (our candidate ship). We’ll assume that it had a fully integrated bridge, a VSAT or equivalent connection, a UMS and a NAV-O class notation. I soon discovered that the steering gear is still capable of manual operation, there is remote control of the main engine complete with an emergency stop operated by a dedicated electromechanical means, a magnetic compass and a folio of back up paper charts. The steering gear is also capable of being operated directly and locally, as is the main engine. Plenty for the enterprising deck officer to be getting on with in the absence of anything else.
Even if we assume that quite incredibly every single electronic navigation system was connected to the internet, used a commonly available remote user interface, there were no access controls, there was a visible IP address for every component and that there was little or no latency in the ship/shore connection our Somali cyber pirate would find that the crew had, in the face of his fiendish attack, switched off the electronics and reverted to full manual control.
The fanciful attempt to remotely pilot the ship into the clutches of armed thugs whilst the helpless crew looked on would be instantly thwarted. I accept that for the purposes of this scenario the Third Officer may, on discovering that the display screens on the bridge had gone dark, have had one or two anxious moments trying to recall the significant points of his or her navigation lectures whilst trying to locate the sextant and the azimuth circle for the magnetic compass (helpfully buried underneath the mops and buckets in the cleaning locker).
The sad fact is that many of the cyber ‘experts’ currently peddling fear to sell their services don’t have any professional maritime experience or any real understanding of ship operations and they seem to be increasingly desperate to gain some traction by trotting out increasingly risible stories. This is really harmful to an industry that does have an issue with the risks attached to increased automation and ships becoming always on line and is trying to find a sensible and practical approach to the real risks .
I saw a recent LinkedIn post suggesting that hackers could snap a bulk carrier in two by remotely hacking the loading computer. The headline picture was of a tanker. Not only could the author not distinguish between a tanker and a bulk carrier, he was quite obviously completely ignorant of bulk carrier loading procedures and the role played by the Chief Officer in not snapping the ship in two. You know who you are. Take it down.
It would be remiss of me not to restate the current actual state of cyber threat facing modern shipping. Crews are becoming increasingly reliant on equipment powered by computers in the same way that they were once reliant on equipment made of mahogany and brass. Smaller crews are increasingly reliant upon automation to carry out the essential work of machinery and cargo condition monitoring. Ships crews increasingly want access to social media and the internet to relieve the isolation and boredom they experience. Time in port, shore leave and adventure have been denied them by reduced turnaround times, remote terminals and ports and shore authorities that now view good hearted simple sailors as prototerrorists.
That electronic equipment can be damaged by introducing malware into it, usually locally and usually negligently when physical media normally used to host the Second Engineer’s porn collection is used to move data between platforms on board. The same effect can be achieved with the use of a large hammer or a fire hose. Insurers see physical damage by negligence in exactly that way. A well run ship with a competent crew will care for electronic equipment in the same way that they used to care for mahogany and brass equipment. The sage advice provided by BIMCO and the Lloyds Market Association is all they need to do that.
For the most part ships systems acquire security through obscurity. In spite of that obscurity I am not advocating complacency; far from it. Modern ships are complex and vulnerable to equipment damage either through negligence or malice. What I am saying is that ship owners can safely ignore the doomsday hype of snake oil salesmen and focus instead upon supporting their crews to increase resilience and reliability at the people level. That might mean a few extra sailors to man the gangway or steer the ship in extremis, a review of security policies and procedures and some education.
Superintendents! Next time you are doing a navigation audit simulate the loss of GPS, trackpilot, ECDIS and Radar and see how long it takes the bridge team to get the ship back under full control. It’s often amusing, always educational and is a good pointer to increasing reliability and resilience .
Modern shipping requires instant communication to be profitable. The experiences of Petya and Notpetya demonstrate how disruptive having communications denied at the enterprise level can be. Sensible controls should be placed on ship to shore communication to prevent the remote infection of communications equipment by email attachments. The IT real estate controlling communications and ships systems should be physically separated. Commercial safety precautions look and feel similar to operational safety precautions and are for the most part people centric. Firewalls and antivirus programmes fulfil the same function as PPE, which is to be the last line of defence if every other safety control fails.
The cyber world we choose to live in offers some wonderful opportunities as well as some new threats. The best way to treat these new threats is to understand what safe behaviour looks like and to promote that behaviour on board. Owners should focus on that before buying another black box or needlessly worrying about evil masterminds seizing control of their ships using a slightly modified Playstation. That only happens in Hollywood.