Maritime Cyber security

 A new challenge

[1]

Imagine you are a deck officer on watch and suddenly all the bridge instruments go dead.

Imagine you are an engineer on watch and all the generators stop running.

Imagine you are a port operator, and all the container cranes and stackers stop running.

Imagine you oversee logistics for a large global operator and your software informs you that you have been hacked and need to pay a ransom to restart it.

It has happened! A research report looked at 46 cyber attacks in the shipping industry between 2010 and 2020 and noted they are increasing[2].

Worse, the perception of cyber attacks at sea by seafarers themselves was that it did not happen on their ship![3] This has encouraged research as at the University of Plymouth[4]

In 2017 the Russian hacker group Sandworm started a cyber-attack that was global and affected the entire Maersk network of 76 ports with more than 800 vessels accounting for one fifth of global maritime trade.

It started in a Maersk affiliated company in[5] Odessa, Ukraine and rapidly spread around the world. Maersk[6] had to shut much of its operation as communication, container booking and loading programmes were all affected. The central issue was ransomware that demanded payment before cleaning the software. The servers affected were those that controlled access and password control around the global network. Fortunately one clean setup was found in Ghana and was used to re-establish the network. It was estimated that Maersk lost around 300 million dollars because of the attack.

Not only shipping companies but ports also have been attacked.

Digitalisation of the global logistics network has accelerated in the last years[7] and ports have become just as great information hubs as they are for physical goods. This puts ports in a vulnerable position regarding cyber-attack over the whole global logistics chain.

At the World Economic forum in 2016 Klaus Schwab stated that we were on the brink of a technological revolution he called “The Fourth Industrial Revolution”.[8] He went on to say:

“In the future, technological innovation will also lead to a supply-side miracle, with long-term gains in efficiency and productivity. Transportation and communication costs will drop, logistics and global supply chains will become more effective, and the cost of trade will diminish, all of which will open new markets and drive economic growth.”

He went on to warn that national and international security would be impacted and the port cyber security report[9] warned that the only solution was a common coordinated approach to dealing with these threats was the only way forward.

There is an excellent overview of maritime security here[10]

There have been many responses from shipping organisations and regulators.

Classification authorities have responded. IACS[11] issued requirements for classification and DNV[12] offers advice and training on cyber security issues.

The American Coastguard[13] reviews trends in cyber security and an association of owners and authorities led by BIMCO[14] offer guidelines on dealing with cyber security specifically on ships and the US National Institute of Standards and Technology (NIST)[15] provided a framework for dealing with cyber security and this has been adopted generally in the maritime sector.

IMO recognised the risk from cyber-attacks in 2017[16] and issued guidelines in 2021[17].

There are two regulatory instruments IMO dealing with safety and security, both of which are part of SOLAS (International Convention for the Safety of Life at Sea). The ISM code (International Safety Management) and ISPS (International Ship and Port Facility Security). Both arose out of a need for physical security although referring to information systems. These have now been strengthened to cover cyber security.[18]

 

The question arises on who is responsible onboard ship for cyber security? A new position of CySO (Cyber Security Officer) has been coined and maybe a dedicated rank on board ship where necessary as in large cruise ships or be a part of the Ship Security Officers role with extra training.[19]

Courses are available around the world such as at Warsash[20] and Glasgow[21] in the UK.

The work of the Ship’s Officer has had to be extended to cover cyber security thus providing a new challenge for the seafarer.

References

‘2021-Cyber-Security-Guidelines.Pdf’. Accessed 28 April 2023. https://www.ics-shipping.org/wp-content/uploads/2021/02/2021-Cyber-Security-Guidelines.pdf.

‘2021CyberTrendsInsightsMarineEnvironmentReport.Pdf’, n.d.

admin. ‘What Cybersecurity Requirements Are Mandatory for New Ships and Offshore Constructions? Cybersecurity’. Cybersecurity (blog), 15 February 2023. https://cybersecurity.aeromarine.es/cyber-requirements/.

Bazilchuk, Nancy. ‘Better Cyber Security at Sea’. Norwegian SciTech News, 26 May 2022. https://norwegianscitechnews.com/2022/05/better-cybersecurity-at-sea/.

Capano, Daniel E. ‘Throwback Attack: How NotPetya Accidentally Took down Global Shipping Giant Maersk’. Industrial Cybersecurity Pulse, 30 September 2021. https://www.industrialcybersecuritypulse.com/threats-vulnerabilities/throwback-attack-how-notpetya-accidentally-took-down-global-shipping-giant-maersk/.

‘Code of Practice: Cyber Security for Ships’, n.d.

‘Cyber Attack Update - A.P. Møller - Mærsk A/S’. Accessed 28 April 2023. https://investor.maersk.com/news-releases/news-release-details/cyber-attack-update.

DNV. ‘Cyber Security for the Real World​’. Accessed 5 June 2023. https://www.dnv.com/Default.

Glasgow Maritime Academy. ‘Maritime Cyber Security Training (MACSET)’. Accessed 28 April 2023. https://www.glasgowmaritimeacademy.com/maritime-cyber-security-training-macset/.

‘IAPH-Port-Community-Cyber-Security-Report-Q2-2020.Pdf’. Accessed 26 April 2023. https://sustainableworldports.org/wp-content/uploads/IAPH-Port-Community-Cyber-Security-Report-Q2-2020.pdf.

‘MSC-FAL.1-Circ.3-Rev.2 - Guidelines On Maritime Cyber Risk Management (Secretariat) (1).Pdf’. Accessed 26 April 2023. https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/MSC-FAL.1-Circ.3-Rev.2%20-%20Guidelines%20On%20Maritime%20Cyber%20Risk%20Management%20(Secretariat)%20(1).pdf.

‘NIST Cybersecurity Framework’. In Wikipedia, 15 May 2023. https://en.wikipedia.org/w/index.php?title=NIST_Cybersecurity_Framework&oldid=1154907984.

P.h, Meland, Bernsmed K, Wille E, Rødseth Ø.j, and Nesheim D.a. ‘A Retrospective Analysis of Maritime Cyber Security Incidents’. TransNav, International Journal on Marine Navigation and Safety Od Sea Transportation 15, no. 3 (1 September 2021). http://www.transnav.eu/Article_A_Retrospective_Analysis_of_Maritime_Cyber_Security_Incidents_Meland,59,1144.html.

‘Resolution MSC.428(98).Pdf’. Accessed 26 April 2023. https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/Resolution%20MSC.428(98).pdf.

‘Ship Cyber Security Officer | Warsash Maritime’. Accessed 28 April 2023. https://maritime.solent.ac.uk/courses/stcw-safety-and-security/ship-cyber-security-officer.

‘The Importance of Cybersecurity in the Maritime Industry’. Accessed 16 June 2023. https://marine-digital.com/article_importance_of_cybersecurity.

University of Plymouth. ‘Maritime Cyber Threats Research Group’. Accessed 29 April 2023. https://www.plymouth.ac.uk/research/maritime-cyber-threats-research-group.

World Economic Forum. ‘The Fourth Industrial Revolution: What It Means and How to Respond’, 14 January 2016. https://www.weforum.org/agenda/2016/01/the-fourth-industrial-revolution-what-it-means-and-how-to-respond/.

 

---

[1] ‘The Importance of Cybersecurity in the Maritime Industry’.

[2] P.h et al., ‘A Retrospective Analysis of Maritime Cyber Security Incidents’.

[3] Bazilchuk, ‘Better Cyber Security at Sea’.

[4] ‘Maritime Cyber Threats Research Group’.

[5] Capano, ‘Throwback Attack’.

[6] ‘Cyber Attack Update - A.P. Møller - Mærsk A/S’.

[7] ‘IAPH-Port-Community-Cyber-Security-Report-Q2-2020.Pdf’.

[8] ‘The Fourth Industrial Revolution’.

[9] ‘IAPH-Port-Community-Cyber-Security-Report-Q2-2020.Pdf’.

[10] ‘2021-Cyber-Security-Guidelines.Pdf’.

[11] admin, ‘What Cybersecurity Requirements Are Mandatory for New Ships and Offshore Constructions?’

[12] ‘Cyber Security for the Real World​’.

[13] ‘2021CyberTrendsInsightsMarineEnvironmentReport.Pdf’.

[14] ‘2021-Cyber-Security-Guidelines.Pdf’.

[15] ‘NIST Cybersecurity Framework’.

[16] ‘Resolution MSC.428(98).Pdf’.

[17] ‘MSC-FAL.1-Circ.3-Rev.2 - Guidelines On Maritime Cyber Risk Management (Secretariat) (1).Pdf’.

[18] ‘Resolution MSC.428(98).Pdf’.

[19] ‘Code of Practice: Cyber Security for Ships’.

[20] ‘Ship Cyber Security Officer | Warsash Maritime’.

[21] ‘Maritime Cyber Security Training (MACSET)’.

 

 

 

 

 

 

 

 

 

 

 

 

Gramps

 

Living with Grandpa

Grandpa had always been a part of the family. We lived in his big red brick house that was built in the 1920’s most probably from the proceeds of many successful voyages as Captain. As his wife died our young mother decided to look after him and it was therefore natural that we all lived together once he had retired.

Grandpa or Gramps as we called him was my mother’s father. Born in Lincolnshire in 1879, his father was a coastguard based in Sutton Bridge, he grew up around the sea. He went to sea in 1894 at the age of 15 and spent the whole of his life at sea working for a shipping company out of Whitby, Yorkshire and settling in the fishing village of Robin Hoods Bay. He retired as Captain and it as a pensioned seafarer that I knew him until I went to sea at the age of 16 in 1957.

Throughout his seafaring career he saw 2 World Wars with many adventures and incidents. For instance in the 1^st. World War he told me a tale of being bombed. He was on a small sailing ship leaving the Thames in ballast with the hatches open for cleaning. He heard a strange noise, a sort of buzzing in the sky. Looking up he saw a small aeroplane circling the ship and then finally diving down towards the ship. Then a small object fell from the plane and went straight down an open hatch to be followed by a loud explosion. The ship immediately started to take in water and it is not clear what the outcome was but he had a small newspaper clipping of the incident, now lost. However this was one of the first incidents of aerial bombing in that war.

Later in the 2^nd. World War he had his moment of glory when his ship was stopped and sunk in mid Atlantic by a German pocket battleship and he was captured to be released under caution some 2 weeks later. He spent the rest of that war in the Royal Navy Reserve.

In 1951 he moved with us to a new house in Middlesbrough for the remaining years he had.

He was a portly, some would say stout person, short in height and broad in the shoulders. A sort of roly-poly figure, his face was ruddy and dominated by a large red veined nose that was more than once the first body part to be injured in his various adventures.

He wore glasses that sometimes were held together with sticking plaster as they also suffered from either a hard contact with an object or from falling off his head.

His monk like hairstyle was most often topped off with a trilby hat on his outings whilst firmly clamped between his teeth was a pipe.

He was inseparable from his pipe. It was an essential part of who he was. Always at an angle in his mouth it was an essential accessory indoors, outdoors, everywhere.

Smoking his pipe involved many different actions before he was satisfied and clouds of smoke issued forth.

First the pipe must be cleaned. He knocked out the ashes and remaining tobacco into an ash tray and took out his clasp knife from the capacious trouser pockets he had to scrape the bowl clean of residue. Now and then he needed to ream out the pipe completely and for this he had a cylindrical file that fitted exactly the pipe bowl and after a few twisted the wooden pipe was renewed.

Then with a pipe cleaner, a wire wrapped in cotton, he would thread it through the mouthpiece to clear out the gunge that lay there in the channel to the bowl.

With a clean pipe he would turn his attention to the tobacco. He often blended different tobaccos to taste but his favourite was Walnut Flake that came in a hard rectangular block with, I remember, a diamond shaped yellow metal plate advertising the brand.

Out came the clasp knife again, this time to cut slivers of tobacco from the plug and set it into a leather pouch where often there was a slice of apple to “freshen it up” as he would say. Then he would roll the tobacco between his fingers until he had a satisfactory mix and texture tamping it down in the pipe. Ready for firing up, out came the Swan Vestas and soon streams of blue/white smoke surrounded Gramps.

As Captain at sea he got what he demanded and this followed him into civil life. No meek request or submission to others suggestions. No, he issued commands. “Dolly” as he called his daughter, my mother. “I am going out to meet some friends at the Bodega”. We all knew what that meant.

He maintained an extravagant lifestyle even as a pensioner wanting grouse and jugged hare from time to time. This was hard on the household budget as Dad had just returned to sea after an unsuccessful attempt to work ashore as a compass adjuster. So he and mother often had “discussions” on his extravagance.

Let’s be clear he was no saint, more of a pipe-smoking ancient mariner with a penchant for a drink or two that got him into trouble more than once.

It was not unusual for Grandpa to be delivered home by taxi and more than once it was not clear he was in the taxi until you opened the door and this body fell out! He was a heavy man and it took both mother and a neighbour using a blanket as a stretcher to get him in the house. Life was never dull with Grandpa!

Nevertheless he was kind and very supportive of mother bringing up 4 young children alone and helped me in my quest to be a seafarer.

I remember that sometimes my brother and I were allowed to accompany him on his Saturday trips to the local fishing port of Whitby to meet his cronies! I suspect it might also have been mother’s strategy to ensure her father got home safely.

The steam train stopped at the West Cliff station first at the top of the hill overlooking Whitby before reversing down the hill to Whitby town station. Out of the train with Gramps in the lead we walked down Baxtergate past the swing bridge over the harbour entrance to the inner harbour and onto the fish quay. There were a number of pubs at the back of the quay and Gramps had his favourite and made a beeline for it. “See you in two hours, he shouted as he left us. Not sure what mother would have thought of her father abandoning two young teenagers to their own devices whilst he went off drinking with his cronies.

What to do? Well it was not too hard to figure out what to do with this 2 hour of freedom. At the harbour entrance end of the fish quay was an amusement arcade as we called it. It was a large building open to the street out of which one could hear loud music.

Inside there was everything from slot machines to dodgem cars and many other ways to spend your time. I am not sure if Gramps gave us money to help us pass the time but I remember we had money!

Slot machine really did not interest us, more a waste of money, but dodgem cars, well that was another matter. Driven by overhead electrical poles somewhat like a tram they were small single seat cars that could be driven in an enclosure. With only a steering wheel and accelerator they were ideal for us. Usually there was a single direction around the circular enclosure dictated by the operator and the game was to drive safely around and around avoiding all other cars, hence the name dodgem. Well, of course that was not good enough for us, it was much more fun to chase and hit other cars, especially your brothers, even going in the wrong direction to do that. This was fun usually until the operator told us to “cut it out or you are finished”. What a spoil sport he was. Anyway after 15 minutes the session was over and 5 pence had been used. Another attraction for us was those where you paid a penny and could operate a small crane in an attempt to pick up small prizes and dump them down a chute where you could retrieve them. Not a very successful thing. Another was to operate a slide that pushed coins towards a chute so you got back some of the money you had used. The only winner seemed to be the amusement arcade. But it filled the time until we must meet up with Gramps outside the pub.

Always good in timekeeping he would meet us outside the pub with a heavily loaded suitcase and we would wend our way back to the train station. Of course, in those days it was a steam train with closed passenger compartments, no corridors. So who you started the journey with were also the people you finished the journey with.

So into the carriage, Grandpa breathing heavily. Once seated, out came the pipe, a clasp knife with a large plug of tobacco. Then he whittled off enough tobacco to fill his pipe, took out his matches and in no time at all the compartment was full of tobacco smoke.

One such journey we had 2 nuns in our carriage. We said hello and Grandpa proceeded to take out a ball of string from his jacket pocket. Then he took this brown suitcase down from the overhead racks, placed it on the seat and opened it to reveal a seething mass of seafood! Picking up a lobster he would tie each claw and then return it to the suitcase. Crabs also were dealt with in the same manner whilst he lifted the salmon and cod to show them off. By this time the 2 nuns were huddled the farthest corner from us next to the window. They kept exchanging glances towards Grandpa as he continued to produce as much smoke as the train engine, it seemed. They cracked open the window by releasing the leather strap that held it closed over the door in an attempt to get some fresh Yorkshire air.

Grandfather was completely oblivious of their predicament and once all the seafood had been examined and returned to the suitcase he shut the lid, knocked his pipe out through the open window and fell asleep snoring heavily for the rest of the journey. Once we arrived at Middlesbrough and the train jerked to a stop the nuns fled the train even before Grandpa had gathered all his belongings!