Share

New hacker playground: Ships at sea

Singapore - The next hacker playground: The open seas - and the oil tankers and container vessels that ship 90% of the goods moved around the planet.

In this internet age, as more devices are hooked up online, so they become more vulnerable to attack. As industries like maritime and energy connect ships, containers and rigs to computer networks, they expose weaknesses that hackers can exploit.

Hackers recently shut down a floating oil rig by tilting it, while another rig was so riddled with computer malware that it took 19 days to make it seaworthy again.

Somali pirates help choose their targets by viewing navigational data online, prompting ships to either turn off their navigational devices, or fake the data so it looks like they're somewhere else; and hackers infiltrated computers connected to the Belgian port of Antwerp, located specific containers, made off with their smuggled drugs and deleted the records.

While data on the extent of the maritime industry's exposure to cyber crime is hard to come by, a study of the related energy sector by insurance brokers Willis this month found that the industry "may be sitting on an uninsured time bomb".

Key technologies

Globally, it estimated that cyber attacks against oil and gas infrastructure will cost energy companies close to $1.9bn by 2018. The British government reckons cyber attacks already cost UK oil and gas companies around £400m ($672m) a year.

In the maritime industry, the number of known cases is low as attacks often remain invisible to the company, or businesses don't want to report them for fear of alarming investors, regulators or insurers, security experts say.

There are few reports that hackers have compromised maritime cyber security. But researchers say they have discovered significant holes in the three key technologies sailors use to navigate: GPS, marine Automatic Identification System (AIS), and a system for viewing digital nautical charts called Electronic Chart Display and Information System (ECDIS).

"Increasingly, the maritime domain and energy sector has turned to technology to improve production, cost and reduce delivery schedules," a Nato-accredited think-tank wrote in a recent report. "These technological changes have opened the door to emerging threats and vulnerabilities as equipment has become accessible to outside entities."

As crews get smaller and ships get bigger, they increasingly rely on automation and remote monitoring, meaning key components, including navigational systems, can be hacked.

A recent study by security company Rapid7 found more than 100 000 devices - from traffic signal equipment to oil and gas monitors - were connected to the internet using serial ports with poor security.

"The lines get blurry, and all industries and all technologies need to focus more on security," said Mark Schloesser, one of the authors of the study.

Somali pirates

Mark Gazit, CEO of ThetaRay, an internet security company, said an attacker managed to tilt a floating oil rig to one side off the coast of Africa, forcing it to shut down. It took a week to identify the cause and fix, he said, mainly because there were no cyber security professionals aboard. He declined to say more.

Lars Jensen, founder of CyberKeel, a maritime cyber security firm, said ships often switch off their AIS systems when passing through waters where Somali pirates are known to operate, or fake the data to make it seem they're somewhere else.

Shipping companies contacted by Reuters generally played down the potential threat from hackers. "Our only concern at this stage is the possible access to this information by pirates, and we have established appropriate countermeasures to handle this threat," said Ong Choo Kiat, president of U-Ming Marine Transport, Taiwan's second-largest listed shipping firm by market value.

The company owns and operates 53 dry cargo ships and oil tankers.
We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Voting Booth
Do you think corruption-accused National Assembly Speaker Nosiviwe Mapisa-Nqakula will survive a motion of no confidence against her?
Please select an option Oops! Something went wrong, please try again later.
Results
No, her days are numbered
42% - 347 votes
Yes, the ANC caucus will protect her
58% - 480 votes
Vote
Rand - Dollar
18.92
-0.1%
Rand - Pound
23.90
-0.0%
Rand - Euro
20.44
+0.1%
Rand - Aus dollar
12.35
+0.0%
Rand - Yen
0.13
-0.1%
Platinum
909.30
+1.4%
Palladium
1,015.00
+1.3%
Gold
2,220.40
+1.2%
Silver
24.86
+0.9%
Brent Crude
86.09
-0.2%
Top 40
68,346
+1.0%
All Share
74,536
+0.9%
Resource 10
57,251
+2.9%
Industrial 25
103,936
+0.6%
Financial 15
16,502
-0.1%
All JSE data delayed by at least 15 minutes Iress logo
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE