Expert Commentary

Hackers of All Stripes Set Sights on Shipping Industry

Rhea Siers
Former Deputy Associate Director for Policy, National Security Agency

Recent fatal accidents involving two vessels in the U.S. Seventh Fleet led to a spate of speculation about whether somehow the navigation in these ships was compromised by a cyber intrusion. Global Positioning System (GPS) spoofing has been highlighted as a possible contributing factor. While investigations are still underway to determine the cause for each of the Naval mishaps, there have been incidences of GPS “spoofing” against commercial shipping and targeting other nation’s vessels. The Navy does have secure, encrypted GPS, but spoofing could still be a possibility.

A recent example of GPS spoofing occurred when 20 commercial ships navigating in the Black Sea began to show inaccurate locations. While all the details regarding this incident are not publicly available, it appears that this was a case of sending inaccurate signals that caused the receiver to then display false information. In April 2016, South Korea reported that 280 fishing ships had to return to port after their GPS systems were jammed allegedly by North Korea. The UK ran its own tests, aiming a jammer operating from a lighthouse that resulted in the targeted ships’ GPS providing false positions.

The threat is considered so serious that just last month, the U.S., South Korea, and the UK announced they are returning to radio navigation as a back-up to repeated disruptions of GPS ship locations systems. Radio navigation, known as Loran (long-range navigation) was developed and utilized in ship navigation from WWII onwards, but eventually was replaced by GPS.

Vulnerabilities have also been identified in the Automatic Information System (AIS) which tracks and monitors vessels – an important tool in busy maritime lanes.

Although the cyber threat to the maritime industry has existed for some time and has resulted in damage and disruption, it is a risk that has gone underreported. Port facilities have been targeted by ransomware and intrusions designed to capture confidential data.

The recent NotPetya ransomware attack that hit Maersk, the Danish shipping giant, resulted in losses of $300 million and paralyzed operations at several of its port terminals. This type of damage has a domino like affect on the industry as well as trade, especially since Maersk operates 18 percent of the container trade worldwide.

These dangers are not limited to the Maersk-size companies – smaller maritime companies and port operators could sustain cyber damage that would essentially put them out of business. Facing significant cybersecurity threats, the maritime industry must prepare itself to deal with escalating impacts on its critical infrastructure, ports, ships, and databases.

Surveys by private industry have determined there is lack of training for crews and others, and the “insider threat” in the maritime industry is just as serious as it is in other business sectors. Yet cyber safety training and a program to combat vulnerabilities are lagging behind other industries. This, despite the fact that the potential harm to ships at sea is considerable; recent surveys indicated that 43 percent of crew reported that they had sailed on a vessel that was infected with malware or a cyber virus.

Threats to shipping and maritime industries come from all directions – not only from cybercriminals but also from disgruntled employees, other “hacktivists,” and nation-state actors looking for intelligence or politically advantageous information.

Recent examples of cyber intrusions include the hacking of a port in Oman by a hacktivist group seeking information about conduct of operations and cyber-enabled cargo theft. While there have been concerns about pirates commandeering a ship using cyber tools, the reality is that they utilized a much more incisive methodology. Pirates breached cargo management systems, according to Verizon, then boarded ships, and using the bar codes on cargo containers, selectively stole those of greatest value to them.

State attribution is still limited in publically available information about these intrusions, and most states – with the exception of North Korea – would prefer to avoid any attribution of their advanced cyber capabilities for maritime disruption or destruction. Not only is there a danger of escalation, but there are legal ramifications – from the Laws of Armed Conflict under international law to the question of whether these activities violate the sovereignty of nations, which might occur when vessels are within a nation’s territorial waters.

Even if the recent Seventh Fleet accidents were the result of human error, cybersecurity is a critical part of maritime operations, both military and commercial. On the military side, investigators are trying to pinpoint and address any potential vulnerabilities to systems. And efforts are underway to prevent the maritime sector from becoming enmeshed in cyber warfare – a possibility that could seriously impact national security and economic stability.

The Author is Rhea Siers

Rhea D. Siers is a Senior Expert in Cybersecurity for the Risk Assistance Network and Exchange (RANE) and the Scholar in Residence at the GWU Center for Cyber and Homeland Security. She is co-author of "Cyberwarfare: Understanding the Law, Policy and Technology" (Thomson Reuters).  She worked in the Intelligence Community for 30 years, and served as the Deputy Associate Director for Policy at the National Security Agency.

Learn more about The Cipher's Network here