Cyber Management Course (Ma) – Module 6
The use of digital systems to monitor and control onboard machinery, propulsion and steering makes such systems vulnerable to cyber-attacks. The vulnerability of these systems can increase when used in conjunction with remote condition-based monitoring and/or are integrated with navigation and communications equipment on ships using integrated bridge systems.
Cyber Management Course (Ma) – Module 6
Digital systems used for the loading, management and control of cargo, including hazardous cargo, may interface with a variety of systems ashore, including ports, marine terminals. Such systems may include shipment-tracking tools available to shippers via the internet. However, the tracking is usually done via the company’s systems connected to the ship and not directly between the shipper and the ship. Interfaces of this kind make cargo management systems and data in cargo manifests and loading lists vulnerable to cyber-attacks.
Cyber Management Course (Ma) – Module 6
The increasing use of digital, network navigation systems, with interfaces to shoreside networks for update and provision of services, make such systems vulnerable to cyber-attacks. Bridge systems that are not connected to other networks may be equally vulnerable, as removable media are often used to update such systems from other controlled or uncontrolled networks. A cyber incident can extend to service denial or manipulation and, therefore, may affect all systems associated with navigation, including ECDIS, GNSS, AIS, VDR and Radar/ARPA.
Cyber Management Course (Ma) – Module 6
The following are common cyber vulnerabilities, which may be found onboard both existing ships, and on newbuild ships:
Cyber Management Course (Ma) – Module 5
Back to our NMEA attack example…
If the ECDIS is in track control mode whereby it directs the autopilot, the hacker can fool it through GPS data tampering and cause the ship to change direction.
Ships masters may counter that they would cross reference the ECDIS position with ARPA in the event of position uncertainty, though it is perfectly possible to insert identical position errors in to synthetic radar, removing the ability to verify by cross checking.
If the crew are alert, then they should pick it up and take control, but they are being presented with exactly the same tampered position data as the automated systems, so crew would need to be very alert indeed.
Cyber Management Course (Ma) – Module 5
ECDIS display showed her to be on track i.e. the symbol of the ship was following the orange line and yet She was 17 miles off her planned track.
What went wrong?
No one correlated where the ship was relative to what they could see out the window.
The buoys were going down the wrong side there was land on the ships head.
Buoys, Radar, Ships, Echo sounder, or even the Loran C which was merely thought to have a poor fix – Questions were not asked….
This was because there was an over reliance on GPS.
This was because they didn’t prove ECDIS correct.
Their GPS system reverted to DR mode because of an antenna malfunction. The NACOS 25 was set up in autopilot and simply followed the navtrack.
There were alarms on the GPS but they were not loud enough and the IBS did not have a separate DR alarm.
Cyber Management Course (Ma) – Module 5
We can pause in the example for a minute to reflect on the MV Majesty grounding in 1995.
When she ground she was 17 miles off track, but the display showed her on track. In reality in went into DR mode and `drifted` as it was not an `EP`. However the principle we are discussing here is that you could manipulate the NMEA to do the same.
Cyber Management Course (Ma) – Module 5
If the hacker has established remote access to the vessel (perhaps through satcoms, creating a back door through a phishing attack or a physical network implant) the next step might be to tamper with the GPS data stream on the vessel network.
An ‘ARP poisoning’ attack involves the hacker instructing the various systems on the network to send their data to via them. The hacker effectively inserts themselves in to the data stream in what is known as a ‘man in the middle’ attack. By adjusting the GPS position reports from the GPS receiver in the NMEA 0183 data stream, the systems can be fooled.
Unlike GPS jamming or spoofing attacks, where no position data or gross position errors are received, this type of hack is much more insidious: the change in position is gradual and far harder to detect.
Cyber Management Course (Ma) – Module 5
Systems that use NMEA0183 include:
And many others
Clearly the security of the serial network and the NMEA 0183 messages is critical to the safety of the vessel.
Cyber Management Course (Ma) – Module 5
Almost all OT networks on board communicate using a protocol known as NMEA0183. This protocol offers no encryption or message authentication. The only validation that the message is correct is a 2-byte XOR checksum that is simply present to ensure the message was electrically correctly received.
A NMEA 0183 message might look like this:
Where the 5-letter code beginning ‘$’ dictates what type of message it is, with the variables after passing useful information.
The example above was taken from a remote data storage module for a voyage data recorder. It shows GPS heading and location data plus AIS information.