It has been reported in the BBC that the UK’s former First Sea Lord, Lord West of Spithead, is concerned about the security of the UK’s naval and merchant ships, saying their navigation systems can easily be hacked through spoofing and jamming.
<p>The risks posed to warships and the commercial maritime industry from cyber attacks is very concerning. Obrela has witnessed a 33 percent increase in cyber attacks on ships in Q2 2021 compared to Q2 2020, so it is definitely an area of interest to attackers.</p>
<p>Modern ships use integrated computing units to assist the commander with the navigation, location and management of onboard cargo. IT equipment fuses with OT (Operational Technology) to make decisions more easily and guarantee the safety of all passengers and crew onboard. Modern vessel engineering utilizes components found in manufacturing units, making ships more akin to floating factories.</p>
<p>Although the steering of the vessel still relies mainly on actions performed by the crew, most functions from the engine-room are performed by cyber-physical systems. The malfunction of such components can lead to life-endangering situations, especially since the protocols used for communication and vessel location are obsolete and can be bypassed (even spoofed) by an attacker. Such systems are often left with default settings and credentials from their building process, becoming a lucrative target even for amateur attackers.</p>
<p>It will take a great deal of initiative by the International Maritime Organization and engaged stakeholders to re-assess not only vessel-to-shore communication protocols, but also guarantee that cyber-physical component suppliers and maintenance technicians meet standards for cybersecurity.</p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics