Global shipping vulnerable to hackers

Experts warn automated systems could be exploited by cyber criminals

The shipping industry is vulnerable to hackers, as cargo ships begin to use more and more connected devices and automated systems while traversing the open seas. These cyber security loopholes could be exploited to make a freighters' cargo an easy target for teams of pirates and cyber criminals.

According to a report by Reuters, hackers have already deployed cyber attacks in order disrupt ports and the ships docked within them for purposes ranging from disabling vessels by filling networks with malware, or infiltrating systems to target specific docked cargo to steal. There are also reports that hackers have shut down a floating oil rig by breaking into its systems and causing it to tilt at an angle, making it unable to continue operating.

As ships run with smaller crews and more automated systems, the fear is that they could become vulnerable to attack while sailing across the globe, with with criminals able to take advantage of them in isolated international waters.

Researchers have previously demonstrated how it's possible for hackers to use techniques such as disrupting GPS signals to force a ship to change course, which could leave the containers dangerously exposed to the threats posed by pirates.

While there's not yet much evidence that ships - still used to transport 90 per cent of the world's cargo - are regular victims of cyber attacks, there are concerns that there will soon be a rush of hackers ready to exploit vulnerable systems.

Those fears are compounded by the suspicion that shipping firms often don't report known cases for rear of causing alarm to investors and insurers. And in many cases they don't know they're being attacked at all.

Wil Rockall, director of KPMG's cyber security team, believes shipping could be particularly vulnerable because IT and cyber security systems in the industry haven't developed as quickly as those in other sectors.

"Most ports and terminals are managed by industrial control systems which have, until very recently, been left out of the CIO's scope. Historically, this security has not been managed by company CISOs and maritime control systems are very similar," Rockhall said.

[Please turn to page 2]

Global shipping vulnerable to hackers

Experts warn automated systems could be exploited by cyber criminals

"As a consequence, the improvements that many companies have made to their corporate cyber security to address the change in the threat landscape over the past 3-to-5 years have not been replicated in these environments," he explained, describing how engineers have focused on efficiency over security.

"Engineers have often been left to implement and manage these systems - people who focus normally on optimising processes efficiency and safety, not cyber and security risks. It has meant that many companies and their clients are sailing into uncharted waters when they come to try and manage these risks," Rockhall added.

However, it's not just cyber criminals who can take advantage of computing and IT in this battle, with shipping firms able to use the power of big data analytics in order to determine the optimum routes in order to reduce the risk of an attack by pirates.

Speaking at Computing's recent Big Data Summit 2014, Nigel Davis, head of platforms and delivery at insurance firm Willis demonstrated how this has become the case.

"Piracy attacks happening off the coast of Somalia have some of our security guys interested," he explained, referring a graphic on the screen behind him. It showed big data techniques had been used to determine ‘exclusion zones' that ships should avoid due to the increased risk of an attack, areas which Willis wouldn't provide general insurance cover.

So, the use of analytics can potentially make shipping safer. However, if hackers are able to disrupt GPS coordinates, then captains and crew will need to be aware of this and be prepared to override their automatic navigation systems.

In order to ensure proper security against cyber threats, KPMG's Rockhall believes a "pragmatic" approach is required to disrupt the plans of hackers.

"KPMG's work with the operator of one of the largest fleets of crude oil and oil products tankers and liquefied natural gas carriers in the world found that bridging that gap and coming up with pragmatic solutions to improve industrial control systems security without compromising process efficiency or safety, are vital to the success of industrial control systems cyber risk management," he said.