The document discusses cyber security vulnerabilities in the shipping industry. It identifies three main areas that are vulnerable: automation and control systems, navigation systems, and communication systems. It provides examples of real cyber attacks, including a hacker gaining access to a ship's control systems via a crew member's computer and causing explosions on board that disabled the ship's navigation and control computers, requiring ransom. Navigation systems can be compromised through GPS spoofing or jamming. Communication systems on ships and with headquarters are also at risk from various forms of hacking or interception.
3. Shipping Industry
• Three main areas vulnerable to cyber security attacks
• Automation & Control Systems
• Navigation Systems
• Communications Systems
4. Cyber Security News ⇒ Shipping
• Automation & Control Systems: (Real Story, 2015)
– A hacker was contracted via Dark Web to gain access to control or navigation
systems onboard vessels operated by the Trans-Pacific Shipping Line.
– A Russian hacker gained access to a crewmember’s outdated and unpatched
computer onboard the Pacific Trader (IMO: 9406922)
– A tool was installed which reboots the computer used in the automation and
control system of the ship.
– Hacker determines that Pacific Trader is likely headed into port in Hong Kong
and he is posting a message in a
different private dark web chatroom.
5. Cyber Security News ⇒ Shipping
• Automation & Control Systems: (Real Story, 2015)
– On a rooftop in Hong Kong, a young college student pulls an aerial drone out of her backpack.
– Using the cover of darkness she lands the drone on the top of the pilot house and releases
explosives in a box.
– Repeating this process twice more, she places the box shaped objects on other inconspicuous
locations on the ship.
– Onboard Pacific Trader an explosion engulfs the bow of the ships sending flames into the
dark air.
– Immediately, the ship’s engines roll to a stop as the navigation and ship’s control system
computers go
into a reboot cycle.
– Ransom was requested!
6. Cyber Security News ⇒ Shipping
• Navigation Systems
• GPS spoofing
• Modifying GPS coordinates of one of the four satellites
• Resulting to change of the course
• GPS jamming
• Disabling navigation and communications with the outside world
7. Cyber Security News ⇒ Shipping
• Communication Systems
• On board
• Entertainment channel
• Business channel
• Head quarters to/from ship
• Satellite Phones
• Two main standard encryption algorithms known as GMR-1 and GMR-2 have been attacked
(2012)
• Mobile phones
• Stealing, malware, phishing
• Business channel via WWW (because of the automation, smart ships)
• Interception, interruption
Editor's Notes
At a minimum, four satellites must be in view of the receiver for it to compute four unknown quantities (three position coordinates and clock deviation from satellite time).