As the Captain of your ship, you are standing on the bridge and the course is being monitored on a digital display. The course shows a heading of north, yet the ship continues to turn west. On the computer screens in the dark wheelhouse, everything looks normal, but outside your window, the land is coming dangerously close! What is happening? You do not want to run aground, or worse collide with the pier or other vessels.
Down in the engine room, the engineers report back to you via radio that everything is normal, but they wonder why the bridge has changed course? The engines rev and the ship picks up speed. It is not the engineer who has done this. What now?
Is this a cyber incident ?? Cyber security is a hot topic for the entire maritime industry, and also in academia. A joint team recently conducted a completely new cyber security course at NTNU in Ålesund, Norway.
Probably the first of its kind, NTNU in Ålesund, through its industry program for the maritime industry, has this year offered the new course "Maritime digital security." Over two months, the course participants have looked at the digital threat image. They have risk assessed current digital threats and realistically practiced a cyber-attack on a ship under sail. The key focus is on risk management of cyber-attacks and building resilience. "Where there is information technology and people, there is room for digital vulnerability. Breaches of security can come in the ship's systems and they can come in the port system and through the people who operate or supervise them," NTNU explains. Two noted doctoral fellows at the Department of Ocean Operations and Civil Engineering at NTNU are fervently researching how the maritime industry can be better equipped for handling cyber-attacks.
The scholarship recipients have developed and now run the maritime digital security course, probably the first of its kind in Norway. The course is included as part of the doctoral theses they are about to complete.
International requirements - The Norwegian Maritime Directorate and the Norwegian Coastal Administration have a strategic goal that seafarers and personnel must be offered essential digital security skills. The starting point is international requirements given by the IMO (International Maritime Organization).
The international industry associations and shipping organizations therefore focus on this topic. Within the basic requirements for shipping, there will soon be even stricter minimum requirements for cyber security. Stricter requirements for training, practice and training will all come next year.
Developed together with the industry - "The course we have developed has come about in close collaboration with industry. We have listened to what they want, looked objectively at their needs, and then tested the best solution we can come up with," explains NTNU. The NTNU fellows are researching and have built up a maritime digital security course in parallel. This is probably the first of its kind in this country. The course has been carried out because of NTNU's collaboration with the maritime industry and other universities and colleges. "It is always better to have a broad perspective and several angles in new projects and methods. Established businesses can also benefit from fresh eyes. NTNU is a good and reasonable arena for trying out new ideas. As researchers, we can help meet the industry's urgent needs and at the same time have a good dialogue about solutions for the future," says NTNU.
Not enough training in cyber security - NTNU conducted a survey this winter among 293 sailing deck officers from 11 major offshore shipowners in Norway. 83% of these answered that they had taken part in some form of cyber security training. 15% answered that they had never received training. 2% did not know if they had had training. "82% of the sailing deck officers answered that they had received the training as e-learning and/or that they had participated in digital safety campaigns sent by their employer," it says.
To a large extent, it was the employers who had been responsible for the training in the form of courses. This shows that the industry wants to take responsibility. But there are many standardized and general IT security courses. "To a small extent, they had received training that was directly maritime operationally oriented and/or adapted," says NTNU. This is shown in the fact that 66% of the deck officers surveyed say that they are unsure or unsure that they have enough training to handle a cyber incident on board.
Challenges from Risk Report 2022 - The Norwegian Maritime Directorate and the Norwegian Coastal Administration point to several challenges in the Report on strategy for maritime digital security 2020. In the 2022 Risk Report, the National Insurance Agency (NSM) points to a threefold increase in the number of serious incidents and cyber operations from 2019 to 2021. The corresponding report for 2023 addresses, among other things, that there are many vulnerabilities in unclear supply chains and that with more unpredictability one must have better preparedness.
Digitization in the maritime industry takes place both in traditional systems for information technology (IT systems) and in operational technology in systems for automation, propulsion, management and other control systems. The more use of remote connection, integration and digitization in the operational technology, the more vulnerable the operation can be. At the same time, the lifetime of larger ships is generally between 25 and 35 years, and digital upgrades in the entire international fleet usually happen gradually and over time. There is great variation in computer equipment on board both for administrative functions and control systems. The situation can be transferred to much of what also happens in ports, where more and more operations are being automated. Within port traffic, incidents have been uncovered that show attacks on IT and administrative systems. These lead to business interruptions, information theft and manipulation linked to the smuggling of goods.
Big consequences - Digital IT events have consequences for ship operations. They are rolling out administrative systems for loading papers, passenger lists, digital certificates and sealing permits and the like. Operations are delayed or impeded. Large financial consequences accompany a loss of reputation for exposed players. If the ship goes aground, there is talk of major environmental disasters.
The National Insurance Agency (NSM) points out that the activity in the cyber domain can be so advanced that we do not register it, and covert activity can remain hidden for a long time. How should crew on board react to uncover hidden threats? How can the crew on board make the right assessments in advance or make the concrete decisions in the window of time a few minutes before a ship runs aground? It is important to acquire knowledge, prevent and practice this that can happen.
"My project is part of the work in one of NTNU's 12 centers for research-driven innovation. This center, SFI MOVE (Marine Operations in Virtual Environments), works with how future maritime operations may look through the use of digital twins, machine learning and control centers on land," the researcher says. "I am researching how targeted guidelines, training and risk communication can be developed within maritime cyber security. I am also investigating what tools we should develop to handle new cyber risks we have acquired at sea." "My project is within maritime cyber resilience," says NTNU fellow. "I look at how navigators can best be resistant, prepare themselves against, and overcome, cyber-attacks against integrated navigation systems on board the ship."
Maritime Cyber - Resilience (MarCy) The research project is a collaboration between NTNU, Forsvarets høgskole (FHS) with the Naval Academy (SKSK) and the Cyber ??Engineering School (CiS), Kongsberg Defense and Aerospace (KDA), Norwegian Hull Club (NHC) and DNV. Under the name ‘MarCy’ (Maritime Cyber), this is financed through the Research Council of Norway and the industrial partners who participated. NTNU tells about mutual benefit through the good contact with researchers at the Cyber SHIP lab at the University of Plymouth in England. There they also research maritime cyber security. To practice realistic actions and situations in a safe environment, they have opened a larger Cyber Range, especially developed for the maritime sector. The training arena enables practitioners and researchers to uncover vulnerabilities in maritime navigation and control systems for ships.
Simulated Event - For the larger exercise in the course, they used the ship simulators at NTNU in Ålesund. They are also unique in their design when it comes to realism. The participants took their seats in ship simulators, designed like a ship's bridge as on a larger ship under way in the North Sea. "We put the simulator scenario close to what actually happens on a ship, as well as to what happens in the communication between the ship and the land side. But even though the scenario used full-scale maritime noise simulators, the focus was mostly on getting a good discussion going," explains NTNU.
The exercise also included participants from DNV, Norwegian Hull Club, NORMA Cyber, Solstad, public bodies such as the Coastal Administration and Høgskolen i Innlandet, as well as from the University of Plymouth. These were invited in as observers and as resource persons in the simulation. "We get the most learning from the dialogue between the actors in the rehearsal and in the review afterwards, not least because you can then see what was practiced and the event itself from another's point of view," says NTNU.
Strengthen those who can handle the situation - Professor Kevin Jones heads the Maritime Cyber Threats Research Group and Cyber SHIP lab at the University of Plymouth. He refers to the enormous values that are at stake in the global economy and trade. "When the large container ship M/V Ever Given ran aground in the Suez Canal, the cause was pointed to the weather and wind. Although this was not a cyber-attack, the incident illustrates the consequences that affect a vulnerable global system," says Jones.
90% of world trade takes place in transport overseas through maritime supply chains. It is realistic that a similar incident could occur due to digital vulnerabilities, and after unauthorized access to computers and control systems. "The weak link is the human being, and it is this link that must be strengthened. Humans are the resource on board that can handle such a situation!" says Jones.
Adapt skills development - The exercises and the specific course with the participants, helpers and observers have strengthened the two scholarship recipients' view that it is important to adapt competence development. The probably unique course in the Norwegian context at NTNU in Ålesund has a clear practical approach to risk management in a digital perspective. This is also included as part of the master's in operational maritime management. "It is important that businesses in the maritime sector familiarize themselves with their values, the digital threats and vulnerabilities they have. The managers must know their employees who will handle the digital threats, and understand the competence needs they have in digital security," he says.
The next course in Maritime Digital Security is planned for autumn this year. The offer will then be tailored to an even greater extent for managers, middle managers, operational (sailing) and administrative personnel in the maritime sector but will also be very useful for other industries.
Safety advice at sea - The maritime industry must raise awareness of what one risks by not preventing. Here is some general advice:
Checklist at individual level on board:
• Install security updates as soon as they come and automatically as much as possible.
• Do not assign administrator rights to end users.
• Do not allow the use of weak passwords. Introduce, where possible, that users prove their identity through multi-stage security and approval procedures (multi-factor authentication).
• Phase out older ICT products.
• Do not allow anything other than software that has been approved by the company or unit supplier.
Checklist at system level on board and ashore:
• Introduce a system for authentication and authorization of users to the necessary information.
• Introduce protection of all data at the right level based on the sensitivity of the information.
• Introduce controlled access for IT users on board and ashore, so that each individual only has access and rights to the information for which they are authorized.
• Introduce controlled communication between ship and shore with safety in focus.
• Introduce a response plan for cyber incidents based on thorough risk assessments.
Source: https://maritime-executive.com/editorials/what-do-you-do-if-a-hacker-takes-control-of-your-ship
For years, Red Sky Alliance has been assisting the maritime industry with Vessel Impersonation Reports and Maritime Watch Lists. This year we add other modes of the Transportation Supply Chain to our collection efforts.
See: https://redskyalliance.org/xindustry/vessel-impersonation-supply-chain-spoofing-march-2023
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
• Reporting: https://www. redskyalliance. org/
• Website: https://www. wapacklabs. com/
• LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
Comments