Hackers can infect a vessel's IT systems with viruses such as malware and ransomware in a multitude of ways, according to cyber security experts.
Antennae are complex devices but they have to interface with different modems and can be connected with other devices on the vessel. That's a problem
"There could be personnel from the service supplier coming onboard with a laptop which was used to browse dodgy web pages or it [an infection] could be a remotely transferred software with malware in the package sent from shore to the vessel," says Olav Haugehatveit, senior engineer of control systems for classification society DNV GL.
In one instance, a software update to a cruiseship's IT system contained malware that disabled a ship's propulsion system during a sea trial, he tells TradeWinds. "The vessel had to be towed to shore by tug vessels."
He adds that protection and indemnity clubs will not cover cyber-attacks through a "380 buy-back" exclusion but have looked at mitigating such risks.
"There have been some thoughts from insurers on cyber-attacks but nothing concrete as far as we know," he says.
Getting onboard
Often, threat actors use a ship's antenna system as the attack vector to the vessel's IT infrastructure, says Ruben Santamarta, principal security consultant at US-based cyber security firm IOActive.
"Antennae are complex devices but they have to interface with different modems and can be connected with other devices on the vessel," he tells TradeWinds. "That's a problem."
He says the number of digital devices connected to a ship's antenna should be kept to a minimum and isolated through firewalls, given an antenna's purpose as a signal receiver.
Attackers also use insecure wifi networks onboard to infect smartphones, laptops and other devices that may be connected to the ship's IT system, he says.
In other instances, they may transfer a virus to a ship's system by downloading a virus onto an information-sharing unit, such as a memory stick.
"There are a lot of ways," he says.
He adds that future vessel-pointed attacks may become more damaging through advanced complexity and be used as a form of geopolitical warfare.
"It will depend on the actors," he says.
Targeting cargo
Many hackers attain cargo information from shipmanifests to extort valuable goods from vessels through ransomware, says Graham Thompson, director of maritime services for UK maritime cyber security firm Turrem Data Group.
"They're looking to the manifests because there's no point hitting every boat," he says. "They are quite clever about getting what they want."
Turrem, through its Nomad platform, can find and reroute such intrusions, while contacting the authorities on a client's behalf.
The 24/7 capability, offered for a monthly fee, can also look out for cyber-threats to a ship's IT systems, many of which have outdated software such as Microsoft Windows XP.
"You can't patch that," Thompson says.
Hackers also use drones to send signals to ship-communications systems in an attempt to drive a vessel off course for miles by an unnoticeable one degree.
"If you don't know the ship has been manipulated, then you don't know that it's heading [in] the wrong direction," Thompson says.
To counter such a technique, the Nomad platform can put an "invisible net" around the ship that will alert the crew of any drones, he says.
Turrem is also working on a device that blocks spoofing attempts on a ship's GPS signal.
"We're pretty clever, too," he says.
Bodily harm
Cyber-attackers can also physically hurt the crew, Santamarta says, by directing antennae towards them to burn their skin.
"That burn is caused through a radio-frequency bounce," he says.
He adds that cyber-attackers usually do not try to disable the actual antenna systems because the crew can communicate with the outside world through radio.
Another common method of attack is the stealing of a ship's data through malware or extorting money through ransomware.
Haugehatveit says it is rare for an attacker to target the control of a ship's propulsion system or other physical attributes because the programmes used to run them are too complex to decipher.
"They would have to have the vessel's specific engine-control systems," he says.
