Hijacking Highlights Cyber Risks To Ships, Expert Weighs In

BACKGROUND:

It has been reported that a suspected hijacking of a ship in the United Arab Emirates has taken place. The incident has now been resolved, but it did see men board the vessel after its crew allegedly lost control of steering and power.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Nikos Mantas
Nikos Mantas , Incident Response Expert
InfoSec Expert
August 4, 2021 7:17 pm

<p>Just last week, the UK’s former First Sea Lord warned about the dangers of the vessels being taken over virtually and here we are seeing it happening in real-life. Before hijackers boarded the vessel, reports have revealed the ship lost control of the steering and power which suggests they were taken over virtually.</p>
<p>Modern ships use integrated computing units to assist the commander with the navigation, location and management of onboard cargo. IT equipment fuses with OT (Operational Technology) to make decisions more easily and guarantee the safety of all passengers and crew onboard. Modern vessel engineering utilizes components found in manufacturing units, making ships more akin to floating factories.</p>
<p>Although the steering of the vessel still relies mainly on actions performed by the crew, most functions from the engine-room are performed by cyber-physical systems. The malfunction of such components can lead to life-endangering situations, especially since the protocols used for communication and vessel location are obsolete and can be bypassed (even spoofed) by an attacker. Such systems are often left with default settings and credentials from their building process, becoming a lucrative target even for amateur attackers.</p>
<p>It will take a great deal of initiative by the International Maritime Organization and engaged stakeholders to re-assess not only vessel-to-shore communication protocols but also guarantee that cyber-physical component suppliers and maintenance technicians meet standards for cybersecurity.</p>

Last edited 1 year ago by Nikos Mantas
1
0
Would love your thoughts, please comment.x
()
x