Cybersecurity onboard ships, part one.
Following the BIMCO Guidelines.
Ships are increasingly using systems that rely on digitisation, digitalisation, integration, and automation, which call for cyber risk management on board. As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are being networked together – and more frequently connected to the internet.
This brings the greater risk of unauthorised access or malicious attacks to ships’ systems and networks. Risks may also occur from personnel accessing systems on board, for example by introducing malware via removable media.
Both cybersecurity and cyber safety are important because of their potential effect on personnel, the ship, environment, company and cargo. Cybersecurity is concerned with the protection of IT, OT, information and data from unauthorised access, manipulation and disruption. Cybersafety covers the risks from the loss of availability or integrity of safety-critical data and OT.
Cybersafety incidents can arise as the result of:
a cybersecurity incident, which affects the availability and integrity of OT, for example, corruption of chart data held in an Electronic Chart Display and Information System (ECDIS)
a failure occurring during software maintenance and patching
loss of or manipulation of external sensor data, critical for the operation of a ship – this includes but is not limited to Global Navigation Satellite Systems (GNSS).
Whilst the causes of a cyber safety incident may be different from a cybersecurity incident, the effective response to both is based upon training and awareness.
Types of cyber attack:
In general, there are two categories of cyberattacks, which may affect companies and ships:
untargeted attacks, where a company or a ship’s systems and data are one of many potential targets
targeted attacks, where a company or a ship’s systems and data are the intended targets.
Untargeted attacks are likely to use tools and techniques available on the internet, which can be used to locate, discover and exploit widespread vulnerabilities that may also exist in a company and onboard a ship. Examples of some tools and techniques that may be used in these circumstances include:
1. Malware – Malicious software which is designed to access or damage a computer without the knowledge of the owner. There are various types of malware including trojans, ransomware, spyware, viruses, and worms. Ransomware encrypts data on systems until a ransom has been paid. Malware may also exploit known deficiencies and problems in outdated/unpatched business software. The term “exploit” usually refers to the use of software or code, which is designed to take advantage of and manipulate a problem in another computer software or hardware. This problem can, for example, be a code bug, system vulnerability, improper design, hardware malfunction and/or error in protocol implementation. These vulnerabilities may be exploited remotely or triggered locally. Locally, a piece of malicious code may often be executed by the user, sometimes via links distributed in email attachments or through malicious websites.
2. Phishing – Sending emails to a large number of potential targets asking for particular pieces of sensitive or confidential information. Such an email may also request that a person visits a fake website using a hyperlink included in the email.
3. Water holing – Establishing a fake website or compromising a genuine website to exploit visitors.
4. Scanning – Attacking large portions of the internet at random.
Targeted attacks may be more sophisticated and use tools and techniques specifically created for targeting a company or ship. Examples of tools and techniques, which may be used in these circumstances include:
5. Social engineering – A non-technical technique used by potential cyber attackers to manipulate insider individuals into breaking security procedures, normally, but not exclusively, through interaction via social media.
6. Brute force – An attack trying many passwords with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords until the correct one is found.
7. Denial of service (DoS) – Prevents legitimate and authorised users from accessing information, usually by flooding a network with data. A distributed denial of service (DDoS) attack takes control of multiple computers and/or servers to implement a DoS attack.
8. Spear-phishing – Like phishing but the individuals are targeted with personal emails, often containing malicious software or links that automatically download malicious software.
9. Subverting the supply chain – Attacking a company or ship by compromising equipment, software or support services being delivered to the company or ship.
The above examples are not exhaustive. Other methods are evolving such as impersonating a legitimate shore-based employee in a shipping company to obtain valuable information, which can be used for a further attack.
The potential number and sophistication of tools and techniques used in cyberattacks continue to evolve and are limited only by the ingenuity of those organisations and
individuals developing them.