I, Pirate: A cyber story in the maritime industry

I, Pirate: A cyber story in the maritime industry: Aybars Oruc discusses how shipping must get to grips with cyber attacks.
January 24th 2018 http://splash247.com/pirate-cyber-story-maritime-industry/

I, Robot – the 2004 film adapted from the short story by American author Isaac Asimov – has an interesting scene. Two detectives are talking, and we are hearing this dialogue:

I guess we’re gonna miss the good old days.

What good old days?

When people were killed by other people.

In this story, the theme is about robots that start to take the place of humans. Well, in the future, are we seamen set to be replaced by technology?

Even though we cannot talk about unmanned ships, it is possible to talk about unmanned ship projects. For instance, MUNIN (the Maritime Unmanned Navigation through Intelligence in Networks) project is a significant one that has influenced the marine sector, and bothered every seaman who has heard about this project. For some, this is all an imaginary project. However, others believe that this project cannot be stopped and will entirely change the maritime sector. Today, people who are developing this project where navigational areas for testing are determined have only one question in hand: Cyber attack

In general, cyber attacks are known as damaging or steeling information by infiltrating computer systems by expert individuals or institutions on computers and the internet. Generally, cyber attacks happen for entertainment, information theft, to achieve economic gain, to attract attention, or to get ready for larger attacks.

Despite warnings of major maritime authorities and class institutions such as IMO, BIMCO, ICS, INTERTANKO, most in shipping have been ill prepared for any attack. This changed when Maersk was hit in June last year and lost nearly $300m.

Close your eyes and image your ECDIS, GPS, and even AIS devices are hacked. Imagine that your main engine stopped running during navigation in narrow waters. Now open your eyes, because this is all happening in the maritime industry.

After a cyber attack on your vessel, you may notice that you are on a different location than you should be, and you may suddenly run ashore. Your vessel may collide with another one. The type of vessel may be aframax, chemical tanker or even LPG. In such cases, try to imagine the possible effect on you, the vessel, cargo or marine environment. How many people would die?

Main systems that could be affected from a cyber attack in a merchant vessel can be listed as follows:

Bridge Navigation Systems (GPS, ECDIS, AIS etc.)
Communication Systems (V-SAT, FBB etc.)
Mechanical Systems (Main Engine, Auxiliary Engine, Steering Gear etc.)
Ship Monitoring and Security Systems (CCTV, SSAS, Access Control Systems etc.)
Cargo Handling Systems (V/V Remote Control Systems, Level/Pressure Monitoring Systems etc.

Well, is it possible to protect these systems and prevent any damages from the attack? Let’s take a look. Now around the world, many people are trying to find an answer to this question. But, it is hard to give a concrete answer. Although it is impossible to escape the attack, risks can be mitigated. Risks can be minimised by keeping the software updated, using antivirus software, developing redundancy methods, changing default passwords after installing the devices, restricting file sharing, constantly monitoring network configurations (see also Penetration Test), eliminating all problematic areas, and increasing awareness and knowledge level of office staff and ship crew.

Also, we should consider some international developments about this subject. Here at this point, under IMO-ISM Code, all shipping companies must add the Guidelines on Maritime Cyber Risk Management manual to their SMS manuals until January 1 2021. Additionally, TMSA regulations which have been updated at the start of this month, are also putting challenges on company managers like IMO-ISM Code rules. Staring with flag states and class institutions, various reputable organisations or institutions around the world are organising training programs and publishing circulars regarding cyber attacks to raise awareness in the maritime industry. Class society DNV GL has started to offer type verification certificates for cyber security for the first time from November 2017. Insurance companies also started to add cyber security related subjects and clauses on their policies. Designation compulsory of a Cyber Security Officer (CySO) for the maritime companies has been already discussed. These are only some parts of the bigger picture.

I guess we’re gonna miss the good old days.

What good old days?

Somalian pirates instead of cyber pirates. At least, we could notice them before they are done with us.