Posted: June 24th, 2023
Developing strategies for mitigating cyberattacks on shipboard systems and navigation technology
Developing strategies for mitigating cyberattacks on shipboard systems and navigation technology
1. Introduction
Modern-day shipping is highly dependent on digital systems and computer networks for the operation and control of shipboard systems and navigation technology. So much so that it is common for modern cargo vessels and tankers to have only a small crew on board, and there are complex and automated systems for the operation of the vessel. Any system failure or corruption of data due to a cyberattack can have serious consequences. An off-course situation or a navigational error due to a cyberattack can lead to severe damage to the marine environment. An attack on systems controlling cargo and ballast systems can lead to pollution of the sea. A worst-case scenario can be the loss of the ship and even loss of life. It is clear that the consequences of a cyberattack for the shipping industry can be grave. Understanding potential threats and possible ways of mitigating the impact from cyberattacks is essential for the safe and secure operation of shipboard systems and navigation technology in the modern era.
Cyberattacks are malicious acts driven by the desire to cause damage to information stored on a computer, sabotage to the victim’s electronic resources, and/or cause harm to the interests of the victim. This cyber decay comes in many forms, such as viruses, worms, and Trojan horses. However, the most devastating form of cyber decay is the act of hacking. Hacking can be carried out remotely via the internet or inside when an unauthorized user gains physical access to a computer. Once an unauthorized user has gained access to a computer through hacking, the damage that can be done is immeasurable.
1.1. Definition of cyberattacks
Cyberattacks are defined as the unauthorized exploitation of computer systems or networks. Cyber-attackers employ both offensive and defensive operations. They obtain, alter or destroy information residing in computers, which can result in damaged files or malfunctioning software. We use the term specific software-based attack to mean an explicit utilization of a software tool or technique intended to bypass security mechanisms in order to achieve a policy violation. Other definitions are used, but the basic concept of a software-based attack can be universally applied across various types of cyber-attacks. Active Cyber Defence (ACD) operations are the use of force in denying the objectives of the adversary’s cyber-attack on the UK. ACD can deliver its effects through various means using offensive and defensive cyber-capabilities to deter, disrupt, or deny cyber-attacks against the UK. Formation of the successor to the original UK Cyber Strategy in 2009 was introduced in 2011 and has led us to JFC, which has been previously described. This section is lying on the DIRECT approach line as there is no clear classification for Tactical or Supporting operations given within JFC. This does not restrict potential roles for JFC and therefore its force will be applicable across the spectrum.
1.2. Importance of securing shipboard systems and navigation technology
In recent years, the maritime industry has seen a growing trend in the reliance and utilization of automated systems, in an effort to cut costs and increase efficiency. With the adoption of ECDIS and an increasing reliance on internet and satellite data transfer, ships are keener than ever to this kind of innovative technology. However, while this increasing of technology presents a great deal of immediate benefits, it also opens the door to a new wave of threats to the shipping industry. Traditionally, threats to a ship’s security were mainly physical in nature. However, the increase in networking and shipboard system interconnectivity now puts the ship in a position to be a target of cybercrime.
Considering the substantial impact a cyberattack can have on safety, environment and financial health of an organisation, it is paramount that thorough risk management and security planning becomes an integral part of maritime business strategy. Unfortunately, ship security in the information technology sector is a largely uncharted and often misunderstood field. While best practice security for PCs and networks is fairly understood in an office environment, the rules and methodology are often lost when it comes to ships and the equipment found on them. Many shipping companies and personnel adopted IT systems as technology started to become more prevalent in the industry, however there are generations of seafarers who have had to use IT equipment at sea but have never received formal IT training. Often there is a knowledge gap between how various systems function and how to secure them from threats. High staff turnover at sea can also contribute to a lack of maintaining secure systems, as IT savvy personnel are often needed in higher paying shore based positions.
2. Understanding the Threat Landscape
A cyberattack on a ship is a deliberate action by an adversary with the intention to damage information, damage machinery, or injure personnel. The first step is to identify who would want to stage such an attack. This could be anybody from a bored teenager seeking to cause mischief, to a criminal looking to make money, to a terrorist with ideological motivations, to a state actor. The motivation and likely capabilities of the attacker would strongly influence the type of attack they carry out. Commercial off-the-shelf malware spread by infected USB drives might be used by a teenager, while a state actor may have their own developed malware specifically tailored to achieve their goals. Specific attack methodologies cannot be assumed without knowing who the attackers are, so it is necessary to consider a wide variety of attacks. The likely targets of the attacks can also vary, for example, a terrorist may wish to disable a specific ship to prevent it from carrying out a scientific mission they find objectionable, whereas a criminal may wish to hijack a ship to use its automatic identification system to avoid law enforcement patrols while carrying out illegal activities.
In order to successfully mitigate cyberattacks on shipboard systems and navigation technology, it is necessary to have an understanding of the threat landscape. This knowledge will inform the development of strategies to combat cyberattacks. There are many different attack methods of cyberattacks and various targets. Understanding which types of attacks are likely to be used on shipboard systems and what the intended targets are is critical to preparedness and mitigation. After understanding what sort of attacks are possible, attention can be turned to their consequences, and what effects successful attacks would have on both the ship in question and maritime traffic in general.
2.1. Types of cyberattacks targeting shipboard systems
Firstly, and potentially the most critical attack to ship safety, are those intended to manipulate the operation of physical equipment or change physical processes. These attacks have the potential to cause collision, allision, stranding, grounding, damage or pollution. For example, consider a steering gear failure caused by manipulation of the control system through a remote cyberattack. If the attack were to disable the system such that the crew were unable to circumvent the failure by other means, the vessel would be rendered unmaneuverable, resulting in at least a potential stranding and in the worst case a grounding or collision. There are many forms of this type of attack. Other possible examples of severe physical equipment/process operational change would be failure of the propulsion control system, failure of an integrated navigation system or unwanted acceleration/automation of some equipment or process.
Cyberattacks can be categorized in many ways, however, for the purpose of aggregating and prioritizing current strategies, a relatively simple classification has been adopted in this study. This categorization is based around the location of the cyberattack as seen from the vessel operator’s point of view, and the related impact on ship safety, intended to aid identification of the most critical areas for further focus or investment in both research and applied mitigation strategies.
2.2. Vulnerabilities in shipboard systems and navigation technology
The complexity and inter-dependency of modern shipboard systems and navigation technology has led to a large attack surface offered to potential hackers. These systems compose a mix of legacy and modern technology with differing levels of automation. This provides a multitude of potential vulnerabilities for exploit. As the onboard technology becomes more complex, it also becomes more user-friendly, in that there is a reduced requirement for specialist users to operate certain systems, and the increased likelihood that commercial off the shelf (COTS) software will be deployed. An example of this is the Electronic Chart Display and Information System (ECDIS), which is now a mandatory requirement on all SOLAS vessels. This system replaces the traditional paper charts which have been used for hundreds of years. The paper chart has now been replaced with a simple USB stick, while the new system itself requires navigators to undergo specific training. This can therefore lead to situations where non-specialist users will accidentally input data or delete files from the USB stick before inserting it into the ECDIS system, leading to unintentional corruption of essential data and possible system failure. ECDIS is synonymous with many modern systems, replacing complex but robust legacy technology with new systems that offer greater efficiency but with increased inherent risk. In the case of an ECDIS system failure, it is important to quickly and safely fix the system. There would now be no immediate fallback to the paper-based system, effectively rendering the vessel unable to navigate for a potentially unknown duration.
2.3. Consequences of successful cyberattacks on ships
The safety of the ship itself can be compromised if the ship’s control systems are attacked. Depending on the type of system and the attack, effects could range from loss of the system to control and monitor ballast operations, to a total loss of propulsion or a steering failure. Any of these occurring in severe weather or close to hazards such as shoals, rocks, or busy shipping lanes increase the likelihood of grounding or collision incidents. Cyberattacks on navigation systems could have similar detrimental effects, with the possibility of incorrect alterations being made to electronic charts, or the loss or distortion of GPS fix. Any of the above scenarios has the potential to cause a serious incident and the consequential damage to the ship, crew, or environment. A particularly severe attack could cause loss of the ship or, though less likely, loss of life among the crew. While the effects on the environment could range from minor to major, depending on the type and severity of the incident and the cargo being carried. Any major incident involving loss or damage to ships and/or pollution of the environment will undoubtedly have large financial cost implications.
There are potentially numerous negative consequences for the shipping industry if a successful attack could be mounted on a ship’s systems and equipment. Loss of customer confidence in the security of shipboard systems and exploitation of cyber vulnerabilities to steal commercially sensitive information are likely to have long-term effects on the economic viability of a shipping company. However, it is the potential effects on safety of the crew, the ship, and the marine environment that are of most concern. Depending on the type and severity of the attack, effects on one or more of these elements are possible and can be potentially severe.
3. Developing Mitigation Strategies
Mitigation strategies are important and effective in reducing the likelihood and consequences of a cyberattack. A four-step approach can be used to develop and implement mitigation strategies for a particular system or team. First, identify and prioritize what needs to be protected. This can be different for individual systems and teams but is essential to ensure that resources are allocated effectively. Second, identify and understand the threats to the system. This requires an understanding of the methods an adversary may use against the system, and the vulnerabilities that these methods would target. Third, design and implement measures to counter the identified threats. This may involve a range of different activities such as developing secure software, establishing protocols, and implementing specific security products. Finally, assess the effectiveness of these measures in countering the threats and continue to monitor the security of the system to ensure that the measures remain effective.
3.1. Implementing robust cybersecurity measures
Secure navigation systems serve as a means to ensure safe and secure navigation, enabling maximum adoption of autonomous and unmanned shipping operations. The critical concerns over maritime cybersecurity are various malfunctions and misuse that can lead to safety issues, data loss or unauthorized access, systems failures, and in the worst cases, loss of life or environmental damage. Cybersecurity is ingrained into the conception, design, and operation of navigation technology. Traditional Radionavigation systems (RNS) have been considered secure in the absence of system failures or environmental factors. The means to painlessly alter positioning data returns the focus to more traditional means of system security. With the increasing relevance of Global Navigation Satellite Systems (GNSS) or a future based upon the e-Navigation initiative, the extensive use of Raster or Vector charts and other variable electronic data formats lead captains to expect electronic display of all information used for navigation. Cybersecurity for shipboard systems is equally important as it is for navigation systems. Measures to protect navigational and shipboard systems from cyberattack correspond heavily to those of land-based networked computing, though the resources available and degree of system isolation will vary greatly between different classes of vessel. Shipboard system security may rely heavily on certain guidelines mentioned in previous sections: minimizing the interconnectivity between systems to reduce the risk of cross-contamination, isolating mission-critical systems with effective contingency planning, and in cost-effective cases, use of virtualization technology with a tactical data diode to enforce a unidirectional link between networks.
3.2. Training and awareness programs for shipboard personnel
Training and awareness programs for shipboard personnel: The human element is a key factor in the operation of equipment, the provision of services, and the process of decision making. Poorly trained personnel are more likely to be the cause of a security breach. Training programs and materials should raise an awareness of the cyber threat and vulnerabilities to onboard systems and the possible consequences. This should enable personnel to implement and maintain security measures as an integral part of their operational procedures. Cybersecurity training should be included in the security training for seafarers, which is due to become mandatory, and part of the standard training for officers and engineers. This training should be based around a competence model, specific for different roles on board, and form part of the qualification criteria. E-learning is growing in popularity because of the flexibility that it provides and the ability to deliver training to a widely distributed audience. It can be a cost-effective solution for crew members and seafarers; however, the effectiveness of e-learning in terms of knowledge acquisition, changes in attitudes and behavior, and ultimately improved performance is difficult to measure. Interactivity and the ability to engage in hands-on practical exercises with guidance from a tutor are significant factors. Training programs should provide a measurable outcome of improved competency and awareness, which is best achieved with a form of examination at the end. E-learning resources, such as an interactive radar game aimed at teaching radar security, developed by Plymouth University and Solent University, can be effective if integrated into a comprehensive training plan. As human error is a significant factor, it is important that refresher training is available to personnel.
3.3. Collaboration with cybersecurity experts and agencies
Consideration will also be given towards establishing a framework to access and a method to vet security practitioners offering their services within the broader security consultant market. As most of these individuals may not have a marine background, a clear understanding of the specific maritime security threats, potential consequences, and constraints relating to legislation and the availability of affordable solutions will be required to effectively utilize their services. This will ensure that practitioners applying general security solutions do not cause adverse effects to system safety or operations through the implementation of inappropriate security measures.
In order to foster these research efforts and accelerate the transition of the results into practice, closer collaboration and possibly some level of funding will be required from the classification societies, international organisations, regulatory bodies, and industry stakeholder groups within the maritime sector. Connections through organisations such as the Maritime Systems and Technology (MAST) group and the Industry Technology Facilitator (ITF) will allow access to their maritime R&D network helping to develop marine-specific security solutions and provide expert advice on adapting solutions from other safety-critical sectors of industry. Industry partner engagement will be crucial as their feedback on the problems faced and solutions provided will ensure that academic research remains relevant and that transition into practice is more successful.
Collaboration with cybersecurity experts from computer science would enable the development of new and feasible solutions for software assurance, validated tools for vulnerability and risk assessment, and innovative intrusion detection and incident response techniques to be integrated in the software systems lifecycle. Important to note is that these interactions should ultimately lead to the improvement and development of tools and techniques that are reusable and sustainable within the maritime industry. Similarly, it may be possible to leverage solutions from the larger networking community if the nature of the problem is similar and the solutions are both effective and affordable.
3.4. Regular security assessments and updates
Regular assessments on the threat landscape and vulnerabilities in shipboard systems, quite similar to the government and military processes, will enable the systems to stay ahead of potential cyber adversaries. Once vulnerabilities have been identified, focused research can be funded to develop mitigations and countermeasures, thereby decreasing the vulnerabilities and increasing the security posture of the systems. Updates to shipboard systems may have newly identified security features; however, if not implemented properly, they are susceptible to the same exploitations as the original feature. By continually assessing the systems’ security posture, it allows the vulnerabilities introduced in updates to be quickly identified and mitigated. Regular security assessments and updates can be a fairly time-consuming and lengthy process; however, it is the most efficient and cost-effective method to ensuring security is maintained for shipboard systems.