Cyber war out at sea
Perspective / /
There is a darker side to digitalization with all its inherent potential to make the world a better place. If someone were to zero in on it, they could wreak havoc on our interconnected society – without too much effort. Up until now, the global maritime community has managed to stay out of the hackers' cross line. However, according to Captain Rahul Khanna, head of Marine Risk Consulting at Allianz Global Corporate & Specialty (AGCS), this is just the calm before the storm. "It's no use speculating whether this kind of attack will take place,” he cautions. “It's just a question of time."
Container terminal in the port of Antwerp/Belgium
espite the fact that 90 percent of the goods moved around the planet are transported by sea, most people have no idea of the enormous significance shipping has for the global economy. Shipping is our world's vital lifeline, with every disruption triggering a chain reaction of consequences. While the digital era has opened up new possibilities for the maritime industry – as it did for a large number of other areas – it has also made it vulnerable to digital attacks, which until now had been largely limited to institutions and businesses operating onshore.
Hackers snitch construction plans and corporate secrets, account details and confidential e-mails, they cripple the IT systems of energy suppliers and attack telecom servers. They sabotage nuclear plants, airlines and barrages, hack unpopular film producers or help their candidate of choice by interfering in elections. Regardless of whether they are driven by greed or vengeance, whether their motives are noble or whether they simply have a soft spot for chaos – these individuals are on a quest to find and exploit any weaknesses our "brave new world" might show up. The International Maritime Bureau (IMB), a specialized division of the International Chamber of Commerce in London responsible for maritime crime, warns that the shipping industry could be next on the attackers' hit list.
Be that as it may, up until now this risk does not seem to have made it onto the industry's radar. "The shipping sector doesn't have a particularly heightened risk awareness," concludes Captain Rahul Khanna from Allianz Global Corporate & Specialty (AGCS). "Because people don't think this sort of an attack is likely, they don't tend to be prepared for it." But there's every reason to be worried. Back in 2013, researchers at the University of Texas already showed how easy it was to take charge of vessels cruising near coastal regions: they seized the IT system of a large yacht and managed to knock it off course.
Electronic control units open gateways to perpetrating cyber attacks
For Khanna this sets off the alarm bells. "We can’t put IT security on the backburner," he says. "Just imagine something like this happened to a large container ship. Imagine it's run aground by hackers on a strategically important route blocking the transit for a long period of time. This would cause colossal damage to the global economy." In light of autonomous ships, vessels that are steered from control centers on shore while out at sea, the question of how immune maritime IT systems are to cyber attacks acquires a whole other dimension. If seized by terrorists, supertankers could become weapons of mass destruction turned against entire coastal states.
Compared with this scenario, the recent escapades engineered by Somalian pirates seem relatively harmless. The culprits hacked the register of a shipping company and found out which container on which ship carried the most valuable booty. As the cargo vessel sailed through the Gulf of Aden, they were ready and waiting. Something similar happened to a commercial vessel in Southeast Asia. "It was all over within 90 minutes," tells Rahul Khanna. "The attackers knew exactly which container to look for."
“Just a question of time” –
Captain Rahul Khanna
cautions against cyberattacks
in the shipping industry
On average, it takes a good six months for anyone to even notice that an IT system has been tampered with. That's enough time for attackers to move around within the system as if it was their own. They have already successfully put their skills to the test a number of times at ports and terminal facilities. In 2011, Belgian hackers managed to intercept the passwords and security codes for the port of Antwerp’s IT system. They got away with transporting containers out of the port that had arrived from South America laden with cocaine and heroin for two whole years before the security leak was discovered.
Ever more sophisticated positioning systems and electronic control units, and systems becoming increasingly interconnected, both on- and offshore, mean a rise in the number of gateways to perpetrating elaborate cyber attacks. This could have a number of consequences, ranging from loss of data all the way to a change of course or a vessel suffering an intentionally caused loss. But danger doesn’t only come from the outside. The risk posed by the vessel's own crew is also quite considerable. Take the legendary tale of a sailor who charged his phone using an USB port while the ship’s GPS was being updated. The server crashed, causing all maps to disappear from the monitors. The ship could only get back on course once an engineer was called on board to get the system going again.
Rahul Khanna urges the industry to close the ever-growing number of gateways before the shipping industry becomes a real bullseye for hackers, reminding us that "the clock is ticking". Given the growing interconnectivity and in light of developments in electronic navigation, the risk of damage posed by cyber attacks targeting the maritime industry will increase dramatically over the next few years, he cautions.
The case of hackers taking over the control system of an oil rig anchored off the coast of West Africa is both a taste of things to come and testimony to what they are capable of at sea. The criminals manipulated the stabilizer tank pumps, managing to tilt the rig to one side. The crew had to be evacuated and the drilling stopped. "When it comes to IT security, the industry still has a fair bit of work to do," says Khanna. "The maritime sector, shipping companies and port operators haven't quite grasped what disastrous consequences a successful cyber attack could have."
Drilling rig in the Atlantic ocean. Cyber pirates meddled with the control systems and almost caused one of them to capsize