Vessels have always tried to stay “off-grid”.  As let’s be honest, out there we are on our own anyway.  As an example, we are quite rightly nervous about external people having remote control over our fire fighting or navigation equipment, as they will not be the one standing in the middle of the ocean holding the extinguisher or trying not to ground.  Which is why you often hear “why are you doing that, don’t touch my equipment”

You need to list what can be “touched” externally, and what is safer?

“The problem with a Typewriter is that I can’t download the latest software patches to keep me safe from a Virus or Hacker…”

Few shipping hacks have made the public domain. However, all of the below scenarios are practical, possible and realistic where traditional OT has been integrated into IT;

Affecting stability and ballast

Modifying a GPS signal

Targeted piracy with AIS and RADAR.

Changing the current position of a ship on an ECDIS system, or modifying the digital chart to confuse and therefore cause issues for officers or crew.

Damaging ECDIS or Radar, or rendering them useless.

The most serious issues that could be caused are threats like, locking autopilot on in a vessel and steering the vessel directly towards a landmark to cause a disaster.

Or they could overload the engines either causing a complete shutdown meaning loss of power meaning unable to move OR causing a fire onboard a ship.

In private, ships masters and operators will admit to plenty of hacking incidents, however, this anecdotal evidence does not help a cash-strapped operator decide where to invest limited funds.

Hence, the industry is short of actuarial data with which to make risk-based decisions on cyber matters.

Your organisation and your vessels will be hacked in some form at some point. If you are well prepared, then the damage will probably be minimal; an irritation.

If you are not well prepared, it will be an expensive exercise, possibly business-limiting

Every single organisation of the thousands the writers of this book have dealt with has had some form of a hacking incident over the years.

Some involved data loss, ransom or corruption, others involved theft of monies or technical equipment, other theft of intellectual property.

“I have seen businesses go bust as a result of a hack, I have seen others brush off incidents as they were well prepared. Those who state that they have never been hacked, in my experience, simply don’t have the expertise or systems in place to know whether or not they had been.”

Ken Munro of PenTestPartners

.

*Above: Non reported near-misses is a well-documented issue in the wider Maritime Industry.  Source of above image:  www.Maritime-Executive.com

Use System Restore: If your system recently started blue-screening, use System Restore to roll the software back to a previous state. If this works, you’ll know that it’s likely a software problem.

Scan for Malware: Malware that digs deep into Windows and gets its hooks into the Windows kernel at a low level can cause system instability. Scan your computer for malware to ensure buggy malicious software isn’t causing it to crash.

Install Updated Drivers: An incorrectly installed or buggy driver can lead to crashes. Download the latest drivers for your computer’s hardware from your computer manufacturer’s website and install them — this may fix BSODs caused by driver problems.

Boot into Safe Mode: If your computer is blue-screening every time you turn it on, try booting into safe mode. In safe mode, Windows loads only the essential drivers. If a driver you’ve installed is causing Windows to blue screen, it shouldn’t do so in safe mode. You can work on fixing the problem from safe mode.

Check for Hardware Problems: Blue screens can be caused by faulty hardware in your computer. Try testing your computer’s memory for errors and checking its temperature to ensure that it isn’t overheating.

Reinstall Windows: Reinstalling Windows is the nuclear option. It will blow away your existing system software, replacing it with a fresh Windows system. If your computer continues to blue screen after this, you likely have a hardware problem.

If you ask “do you ensure that all passwords are complex and changed regularly” then you’ll get a “yes”.

The IT guy is thinking “our user passwords for business computers are good” but they’re not thinking about other areas.  It may be true that certain areas of the vessel are secure, however instead ask:

“which of your passwords on your systems are blank, default, simple or re-used?”

Then you might find out that the key component of their vessel network is on the public internet and has a default password!

Ask the OT teams how they deal with device passwords. You might be surprised how weak the passwords are, or if they’ve been changed from the vendor’s default password!

“When conducting deep Navigation Audits, I often need to access the CCRP page on ECDIS (which is locked out by the manufacturer requirement password) or see how the DGPS unit is configured.  Most of the time the passwords I need to either configure a unit or to access the LAN are dyno-taped on the unit itself.”

Neil, On-board Auditor for ECDIS Ltd.