Hackers could potentially sink a bulker by manipulating the loading data of its hull stress monitoring systems (HSMS), security experts have claimed.
They could deliberately cause an imbalance of cargo on the vessel without the crew being aware, says penetration testing experts Pen Test Partners.
The consequences could be catastrophic with the vessel being put under intense strain leading to it breaking up and sinking, the company says.
“The reason it is feasible is that when HSMS were first developed, there was no concept of a vessel being connected to the internet, allowing it to be accessed remotely. Therefore, many HSMS are just PCs connected to the ships’ network,” said Pen Test Partners’ senior partner, Ken Munro.
“A hacker could interrupt the loading data being fed to and from the monitoring system, having previously compromised the network either via the satcom unit or a phishing e-mail.
“Once in control, hackers can manipulate the loading of cargo and turn off any stress monitoring alarms that would alert crew to any undue strain on the vessel,” he continued.
Munro says HSMS vendors and all ship control and reporting system manufacturers need to “take security very seriously indeed”, otherwise their own systems could be “used against the ship”.
“A master puts his faith in the stress monitoring system to alert him to any load bearing issues so the last thing he expects is for it to mis-report and threaten the very fabric of his ship,” he adds.
Munro says all ship managers and operators should ask “probing questions of their technology and control systems suppliers” and demand that they prove beyond reasonable doubt that their systems are “secure and will remain secure throughout their operational lifespan”.