Cyber Security Principles for Seafarers

Cyber security principles for seafarers

Disciplined in their craft and highly capable, the professional seafarer is a unique individual. Employed in an ancient trade, they embody the collective knowledge of generations. Where once seafarers voyaged oceans relying solely upon their native skills and analogue tools, today the waters have evolved into an interconnected technological ecosystem. From integrated navigational bridge systems to satellite communications and automated cargo management, it is critical in today’s industry that the mariner expands their situational awareness from the sea to the digital systems crucial to marine operations.

Understanding the threat

Arguably the greatest threat to modern shipping is cybercrime. Increasingly reliant on technology, vessels are no longer isolated in their sea-going ways. In 2017, the industry experienced perhaps the most detrimental incidents of cybercrime to date. What stemmed from a single computer’s out of date software opened the door, which took down the world’s largest shipping firm, Danish company Maersk.

In late June of that year, the crew of Maersk’s global fleet would find themselves caught up in near total operational chaos. Virtually all Information Technology was down. Ship’s computers flashed black screens, vast amounts of documents and data was gone. Cargo manifests deleted, customs files and port information lost, company email down. Maersk was in near total shambles. Captains could only communicate with the Office via satellite phone, and cargo had to be managed with handwritten papers taped to containers. Crew rotations were disrupted as the company worked around the clock to maintain operations.

The virus, released by Russian cybercriminals, exploited a particular vulnerability of the Windows operating system. The virus could infiltrate a single out of date computer and, in turn, spread to all other devices in the network. Unfortunately, Maersk, who were not a specific target of that attack, had neglected to update parts of their software. The virus spread indiscriminately and infected the shipping company’s entire network. At sea and ashore, everything was lost except for isolated systems. For nearly two weeks, solutions had to be improvised and done manually. In total, the company lost an estimated $300,000,000, and it took almost two months before the entire network was fully back in order.

Cyber systems on board

Virtually every aspect of maritime operations is becoming digitalized. What were once paper charts and analogue gauges are now terabytes of computer code and automated systems. On a ship’s bridge, you’ll find multiple electronic chart plotters with input from digital radar, GPS, weather charts, and AIS. In the engine room, power management systems direct the flow of electricity throughout the ship. There are mechanical monitoring systems, constantly interpreting data, algorithms processing the status of cargo, and digital relays from the control room to ballast pumps.

Seafarers are hands-on people who tend to adapt their routine to what is practical and proven. Unless pertinent to operations, many will regard new technologies and processes as nuisances to work around. As systems become increasingly advanced, it is becoming increasingly important for seafarers to understand the basic principles which form a ship’s technological systems. If armed with such knowledge, crews will be far more capable of preventing cybercrime and dealing with it should a breach occur.

In the realm of cyber security, maritime operations are unique. Perhaps the closest terrestrial example of a ship would be an industrial power plant, with a network connecting the facility’s information and data, another managing machinery, and physical systems. A large portion of marine systems are typically isolated from the rest of the digital world. However, as technology advances and internet connectivity at sea becomes more common, networks will increasingly become interconnected and the lines defining these segregations will fade.

As in 2017 with Maersk, when a ship experiences a cyberattack, it is most often the Information Technology (IT) networks that are affected. These systems often send and receive information through a network and interact with the internet leaving them vulnerable. Examples of potentially vulnerable equipment could be administrative computers, chart plotters, stability computers, and possibly satellite communications systems. A security breach could be dangerous, but IT software does not manage physical equipment directly. Ships have fallback systems, equipment and processes that don’t rely on IT, meaning the crew can usually maintain the safety of their ship. However, if an issue is not quickly spotted and corrected for, such a breach could be catastrophic.

Operational Technology (OT) interacts with the real-world. OT software controls the physical components and systems. These include the power management systems of generators and battery chargers, a ship’s autopilot, and relays between the bridge and engine. Typically, these systems are segregated and operate independently of other networks. A breach of OT systems could mean imminent danger to ship, cargo, crew, or passengers. As OT systems are often stand-alone and isolated from other technology, they are far more resilient to cyberattacks than a vessel’s IT systems. However, as shoreside monitoring and automation become commonplace, these systems are becoming increasingly interconnected and vulnerable.

How to protect your ship

Cyber security problems can hit like a rock beneath the keel or manifest subtly. For this reason, the prudent mariner should foster a high sense of digital awareness.

Cyber Security Principles for Seafarers

Install and use antivirus software

Malicious software can gain access to a ship’s systems via either digital or physical channels. It is of the utmost importance that all hardware, software, and files not used exclusively within the ship’s network be scanned by reputable anti-virus software. Even a seemingly innocent word document from ashore can take advantage of user permissions and wreak havoc through an entire network. Sometimes updates are sent from ashore to the ship’s administrative computer. If these files are moved to separate navigation hardware without being scanned by antivirus, they may unknowingly transfer malicious software.

Scan devices before they are connected to any equipment

Maintaining the security of ships’ networks is a significant challenge. Bridge systems can be particularly vulnerable. Contractors visiting a vessel or crew members could compromise the network by directly connecting a personal device such as a flash drive or by plugging their phone into a USB port to charge it. Such an action could compromise the entire navigation network. All devices and hardware must be scanned before connecting to any ship’s equipment, and it should only be connected if it needs to be for operational reasons. Often overlooked is the specialized hardware of service technicians. It is often used to assess supported equipment and exposed to other vessels, meaning it can unknowingly spread malware.

Keep software up to date

Consistently using the most up to date software is incredibly important and cannot be stressed enough. Microsoft had released a security patch that could have secured Maersk against the devastating 2017 cyberattack. As updates typically address recently discovered vulnerabilities, maintaining software provides a reliable shield against cybercrime.

Scan personal devices

The ship’s crew presents a unique risk. They bring with them unchecked personal devices, exposed to the internet and outside networks. Often crew will exchange movies and files downloaded from less than reputable websites. A strict policy of scanning these devices should be enforced before they ever have a chance to plug into the ship.

Only use encrypted Wifi when ashore

After long hauls at sea, a mariner may have the opportunity of shore leave. Often starved of connectivity to the outside world, they flock to a favourite of cybercriminals: free public Wi-Fi. Hackers can easily relay between the user and the connection point. From there, they can see all transferred data, passwords, private emails, and banking information. Routing programs can also become hacked, prompting users to agree to download malware disguised as an update or application. Thus, the virus scanning policy should be strictly enforced during visits to port.

Understand your company cyber security policy

As per IMO guidelines, most companies should have cyber security protocols within their SMS. From the highest levels of management down, there must be individuals with specific responsibilities to prevent and respond to breaches. Certain crew and shoreside personnel should be designated for cyber security and response. Crew must understand company policy and the immediate chain of command. Any incidents or suspicions should be immediately reported to individuals responsible.

The importance of maritime cyber security cannot be stressed enough. Cybercriminals are continually seeking to exploit vulnerabilities and seed chaos. The price of negligence could cause a breakdown in operations and put cargo and crew in danger. Just as a seafarer looks to the horizon for dark clouds, so should they consider the technology that surrounds them.