Researchers at the Norwegian University of Science and Technology (NTNU) with a background in seafaring have warned of the devastating impact that cyberattacks on ships could have. To date, there have been no publicly acknowledged cyberattacks that have impacted a ship.
However, cyberattacks on other systems connected to shipping are known throughout the industry and maritime academia.
Reports have suggested that Chinese actors have spoofed automated identification system (AIS) broadcasts required of ships under international law to signal their location to other vessels nearby while potentially unloading oil covered by US embargoes to terminals on China’s eastern coast.
At the same time, there have also been suggestions that the Iranian Revolutionary Guards Corps has deployed GPS jamming to trick merchant vessels into entering Iranian waters around the strait of Hormuz.
The researchers want to raise awareness of these issues for seafarers and equip them with the knowledge of how to respond to such an attack.
Furthermore, they want to raise the bar for attackers enough so that shipping is not affected by all these known vulnerabilities which are publicly available information all over the internet.
The human behaviour “can decrease cyber risk a lot”. The researchers believe sailors are not cybersecurity professionals, so simply telling them that they are going to be hit by a cyberattack at some point does not encourage safe operations. The researchers aim to equip sailors with the knowledge of how to respond to such an attack.
During a recent training course, they ran as part of their research, they looked at the effects of a compromised ballast water treatment system and found that an attacker could make “the ship move uncontrollably to one side.”
The researchers said they couldn’t comment on the likelihood of such an attack.
Finally, the researchers agree that taking control over an entire ship was “very, very, very unlikely,” but compromising a single system and using that to imperil the whole vessel “might be doable.”
