Tanya Blake, editor, Safety at Sea | 22 November 2017
The alleged cyber attack on the box ship lasted 10 hours.
In February 2017 hackers reportedly took control of the navigation systems of a German-owned 8,250 teu container vessel en route from Cyprus to Djibouti for 10 hours. "Suddenly the captain could not manoeuvre," an industry source who did not wish to be identified told Fairplay sister title Safety At Sea (SAS). "The IT system of the vessel was completely hacked."
There are three German shipowners that operate eight vessels between 8,200 and 8,300 teu, according to IHS Markit data, one of which confirmed knowledge of the attack to SAS but denied it was a vessel from their own company.
While details are limited, according to the source, the 10-hour attack was carried out by "pirates" who gained full control of the vessel's navigation system intending to steer it to an area where they could board and take over. The crew attempted to regain control of the navigation system but had to bring IT experts on board, who eventually managed to get them running again after hours of work.
The IT experts installed a program designed "for the maritime industry which will block all attacks coming from outside attempting to influence the IT systems, like a firewall on your home computer, but much stronger and against all sorts of possible attacks", said the industry source.
They added that in their opinion the case serves as a "pre-warning", about what will happen in the future of shipping, with pirates using hacking to gain control and entry to vessels in order to carry out kidnap and ransom.
Emma Biggs, business director at security brokerage firm ASKET, was also privately contacted about the attack and told SAS that while it was unclear how the hackers got into the ship's systems, she stressed there are vulnerabilities on all vessels. "People still talk about there being a difference between what happens on board and on shore, but there isn't, particularly as now everything is connected and the telemetrics of ships are fed back to shore."
Biggs pointed to examples carried out by IOActive and 'ethical hacker' Ken Munro that both revealed hacking vulnerabilities in major maritime satcoms, including Inmarsat, Telenor, and Cobham. Munro was able to precisely pinpoint a named vessel, identify a staff member and potentially attack the ship through comms boxes on board ships that were running outdated firmware and using default passwords. "These [attacks] are genuine and easy to do," she said. There have also been suspected cases of mass-spoofing of AIS in the Black Sea in June, with more than 20 ships affected. The GPS were giving false locations, some inland and some at airports. Unconfirmed reports of the attacks were first posted by the US Department of Transportation's Maritime Administration (MARAD) on 22 June.
As shipowners become more aware of such risks, Biggs warned of cyber companies targeting the maritime sector and offering protection that may not be best suited to a fleet. ASKET has begun offering a brokerage service to shipowners, based on its model for private maritime security companies. It is currently building a "pool of organisations", which will feature cyber companies specialising in specific areas, such as cargo, telemetrics, and VSAT (very small aperture terminal), in order to advise which protection is best suited to a fleet's unique set-up.
"There is a fear factor involved with some companies trying to make money out of that fear," said Biggs. "We need to control that and make sure they don't jump all over shipping companies and rip them off. That is what we are going to try to do."