Outdated systems placing maritime vessels at risk of cyber-attack, study suggests

May 24, 2016 by Alan Williams

Maritime vessels are under significant threat of cyber-attack because many are carrying outdated software and were not designed with cyber security in mind, according to new research.

But operators could easily mitigate against such dangers by updating security systems, improving ship design and providing better training for crews, the study led by Plymouth University's Maritime Cyber Threats Research Group suggests.

Traditionally, attacks on marine vessels have included piracy, boarding, theft, and/or destruction, and while these attacks have often been successful and continue, they are well understood.

In contrast, the article says, cyber-attacks are much more stealthy, but have a range of potential implications including business disruption, financial loss, damage to reputation, damage to goods and environment, incident response cost, and fines and/or legal issues.

Professor Kevin Jones, Executive Dean of Science and Engineering, is lead author on the paper which also involved Dr Maria Papadaki, Lecturer in Network Security at Plymouth University, and staff from the Security and Management Lab at HP Enterprise in Bristol. He said:

"In an increasingly connected and technologically dependent world, new areas of vulnerability are emerging. However, this dependency increases the vessel's presence in the cyber domain, increasing its chances of being targeted and offering new vectors for such attacks. Longer term, there needs to be a fundamentally different approach to security of the entire maritime infrastructure meaning there is great need for specific cyber security research programmes focused on the maritime sector."

The article – published in Engineering and Technology Reference – suggests maritime cyber-attacks would most likely target systems responsible for navigation, propulsion, and cargo-related functions, with many incentives for attackers given that over 90 per cent of world trade occurs via the oceans.

It also illustrates the potential severity of the problem by providing scenarios to demonstrate possible attacks, and examples of where successful cyber-attacks have been launched.

But it says there are easy mitigations to help prevent attacks, by increasing awareness and good practice in the industry, enabling the crew and providing them with the necessary tools to prevent and stop some attacks. The paper adds:

"As things stand, there are fundamental issues with securing the technology used in the maritime industry and the sector is probably the most vulnerable aspect of critical national infrastructure. Both security firms and hackers have found both general flaws and specific, real-world, flaws within the navigation systems of ships, and it seems plausible that similar outdated systems for propulsion and cargo handling may also be compromised and abused by cyber-attackers."

The Maritime Cyber Threats Research Group at Plymouth University has been formed to bring together leading-edge multidisciplinary research and practical expertise. It includes experts in cyber- and maritime operations, as well as psychology, maritime law and policy, to investigate the marine cyber threat at all levels from theory through to practice.

Explore further: UK to double funding to fight cyber-attacks

Related Stories

UK to double funding to fight cyber-attacks

November 17, 2015

Britain on Tuesday said it will double its investment in cyber-security to counter threats including from the Islamic State group, in the wake of the Paris attacks claimed by IS.

US cyber commander says hackers to 'pay a price'

May 11, 2015

The US strategy of "deterrence" for cyber-attacks could involve a wide range or responses, potentially including the use of conventional weapons, the nation's top cyber-warrior said Monday.

White House says classified systems not hacked

April 7, 2015

US officials insisted Tuesday that a cyber attack late last year did not compromise White House classified systems, but refused to confirm reports Russia was behind the breach.

EU, Japan to start cyber-security dialogue

May 5, 2014

The European Union will discuss Internet security during talks this week in Brussels with Japanese Prime Minister Shinzo Abe, a senior EU official said Monday.

Recommended for you

A not-quite-random walk demystifies the algorithm

December 15, 2017

The algorithm is having a cultural moment. Originally a math and computer science term, algorithms are now used to account for everything from military drone strikes and financial market forecasts to Google search results.

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

FCC votes along party lines to end 'net neutrality' (Update)

December 14, 2017

The Federal Communications Commission repealed the Obama-era "net neutrality" rules Thursday, giving internet service providers like Verizon, Comcast and AT&T a free hand to slow or block websites and apps as they see fit ...

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.