Nearly 50,000 ships at sea may be susceptible to a cyber attack


Cybersecurity experts have suggested that up to 50,000 vessels sailing the ocean at any given point are vulnerable to a security breach, having recently demonstrated how easy it is to hack the navigational tools aboard a ship.

While the number of stories pertaining to cybersecurity attacks has mushroomed in recent times, this comes off the back of an investigation conducted a number of years ago, during which researchers were capable of infiltrating GPS devices aboard a superyacht to modify its course without its knowledge.

Given that even basic electrical appliances around the home are now able to connect to the internet, it appears that maritime security measures have not yet caught up with the realities and vulnerabilities of cyberspace, perhaps not to the same level of that as other industries.

The International Maritime Organisation (IMO), the association within the United Nations that governs the regulation of international waters, issued an initial review of its cybersecurity guidelines in 2014, only to implement a broad and unspecific management protocol two years later. With the lack of adequate security measures put in place, it is unsurprising that ships are now susceptible to an attack.

Professor Keith Martin and PhD researcher Rory Hopcraft of Royal Holloway University of London highlighted several of the fundamental challenges the IMO faced with regards to employing an appropriate system across all its maritime vessels.

Amongst the varying and outdated forms of technology that are prone to attack, is the sheer unfamiliarity that crew members have with the devices aboard the ships. The frequent changes in staff, paired with the outsourced maintenance of technology on the ships allows great room for human error to influence the exposure of a boat to a cybersecurity attack.

A further complexity is the linkages between on-board and land-based cybersecurity infrastructures which are often used to maintain communication between ports and crew members, and to manage logistics. An example of this is best seen in the systems hack of A.P. Moller-Maersk in 2017 which delayed the processing of cargo across its entire fleet; this perhaps could have been foiled with adequate preventive measures, had they been properly employed by the IMO.

The implementation of the International Ship and Port Facility Security Code (ISPS) and the International Security Management Code (ISM) in 2017 points maritime cybersecurity in the right direction. And although these do not come into effect until January 2021, Martin and Hopcroft are of the firm belief that such a holistic approach regarding increased security protocols is only the first stage in a long journey towards fully autonomous vessels.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *