SoS Musings - Diving into Maritime Cybersecurity

By grigby1 

The maritime sector, like other industries, has had technological advancements designed to increase productivity and efficiency. However, this technological transformation presents additional opportunities for malicious cyber actors to launch attacks, potentially posing severe consequences due to the criticality of shipping in global supply chains. Cyberattacks on the maritime industry could pose a significant threat economically, socially, and politically, as essential products such as food, oil, and medicine rely on shipping to reach people all over the world. According to the International Maritime Organization, 90 percent of traded goods are shipped by sea, making maritime transport critical to the global economy. A 2023 report by the Cyberspace Solarium Commission emphasized that a cyberattack launched against the maritime ecosystem in the US could have devastating effects as around 75 percent of the nation's trade relies on the maritime sector, which makes up about $5.4 trillion in economic activity, $1.5 trillion in imports, and over 30 million jobs. Efforts to protect the industry against such attacks must continue.

The growing number of cyber threats highlights the importance of improving maritime cybersecurity. The maritime industry has faced a number of cyber incidents in recent years, with the potential to cause significant economic disruption, making it an attractive target for cyberattacks. Coast Guard Cyber Command's (CGCYBER) "2023 Cyber Trends and Insights in the Marine Environment (CTIME) report" brought further attention to the growing cyber threats to the Marine Transportation System (MTS), as more sophisticated adversaries continue to look for new ways to disrupt systems in US vessels, shipyards, waterways, and port facilities. CGCYBER's Maritime Cyber Readiness Branch (MCRB) observed an 80 percent increase in the number of ransomware incidents faced by the Marine Environment (ME), which is made up of maritime components such as ships, ports, shipyards, aids to navigation, and more. The remaining reported cyber incidents fell into phishing/spoofing, Structured Query Language (SQL) injection, and other categories. It is critical that the maritime industry, in collaboration with the security community, investigate the cybersecurity challenges and vulnerabilities encountered in this domain in order to gain a better understanding of best practices and the development of new security methods.

A team of researchers led by Dr. Stephen McCombie, Professor of Maritime Information Technology (IT) Security at NHL Stenden University of Applied Sciences, created the Maritime Cyber Attack Database (MCAD), which consists of cyber incidents involving the global maritime sector. The NHL Stenden Maritime IT Security research group gathered information for the MCAD on over 160 cyber incidents in the maritime industry using open-source data. The database includes incidents involving ships, as well as ports and other maritime facilities, that have occurred worldwide. The research group hopes that the database will help to raise cybersecurity awareness in the sector and provide data for future research and accurate simulations. For example, one of the highlighted incidents in the database is the 2019 Emotet malware attack on a deep draft merchant vessel bound for the port of New York and New Jersey that disabled its onboard computer system. Another incident included in the database is a 2016 web SQL injection attack that hit US ports and 13 organizations' port authorities and logistics operators that use Navis WebAccess. The hacker behind this attack made a working exploit available online without notifying the vendor in advance. They were able to view, modify, and delete data. Navis WebAccess, a web-based app that gives transport operators real-time access to operational logistics information, was found by the hacker to be impacted by a critical SQL injection vulnerability, which enables a remote attacker to read or modify data stored in the app's database. These incidents show the importance of cybersecurity in the maritime industry and its vulnerabilities. The Maritime IT Security research group calls on corporations and other research institutions to contribute to the database to cover all global cybersecurity threats faced in this critical area.

Ships' on-board IT systems have often been found to lack adequate security. Therefore, the Maritime Cybersecurity research group at the Fraunhofer Institute for Communication, Information Processing, and Ergonomics (FKIE) partnered with the Fraunhofer Center for Maritime Logistics and Services (CML) to establish a modular maritime security lab. The objective is to raise awareness of the risks of insufficient cybersecurity at sea and to help develop defensive solutions against cyberattacks. The lab will simulate cyberattacks on ships to help researchers discover novel ways to detect and defend against these attacks. The "Bridge Attack Tool" (BRAT) allows effect-based simulations. It is an offensive security tool capable of launching Denial-of-Service (DoS) attacks, disrupting positioning systems, and more, that can demonstrate the effects of such attacks on on-board systems. With further analysis, researchers can help industry partners fix software system weaknesses and develop solutions inspired by areas like cryptography. To help quickly detect cyberattacks on ships, the team also designed a maritime Intrusion Detection System (IDS) to automatically spot anomalies. It evaluates possible attacks, provides information, and gives guidance to the crew over an ergonomic user interface.

The Coastal Virginia Center for Cybersecurity Innovation (COVA CCI), southeastern Virginia's node of the Commonwealth Cyber Initiative awarded $581,000 in support of seven maritime industry-focused cybersecurity research projects in 2023. Old Dominion University, Christopher Newport University, and the College of William and Mary submitted proposals in response to the COVA CCI request for proposals titled "Addressing Cybersecurity Compliance Challenges to Technology Adoption for the Maritime Industry." The awarded projects seek to eliminate or mitigate cybersecurity obstacles to adopting new technologies such as cloud computing, 5G connectivity, and Machine Learning (ML). The projects include "Applying Risk Assessment Methodology to Produce Cyber-Hardened 5G Communication Capabilities for Autonomous Maritime Platforms," "Machine Learning-Enabled Dependency Network Analysis for Quantifying Risks and Ripple Effects Stemming from Cybersecurity Non-Compliance Issues," "Spotlighting and Mitigating Cyber Attacks in Artificial-Intelligence-of-Things (AIoT)-Enabled Maritime Transportation Systems," and more. One of the projects, for example, seeks to highlight cybersecurity challenges for AIoT-enabled maritime transportation systems and propose solutions. Comprehensive tests will simulate real-world cyberattacks on AIoT-enabled maritime transportation systems. Based on these test results, researchers will develop two defense models to improve AIoT-enabled maritime transportation system cybersecurity. One will protect multi-modal data inputs from neural backdoor attacks, while the other will detect malicious signals hiding behind the background traffic of a complex communication network.

The maritime industry and the security community must continue exploring and developing different strategies and solutions to protecting against cyberattacks. 

To see previous articles, please visit the Science of Security Musings Archive.