The year 1995, a very young Angelina Jolie and Johny Lee Miller star in the Hollywood movie Hackers.
The synopsis of this movie is simple, a group of young hackers are targeted by the FBI for supposedly creating a super virus to take over control of Oil tankers globally.
This virus targets a centralized super computer called "The Gibson" and its job is to infect Oil tankers and cause their ballast systems to go awry, filling with water and sinking them.
21 years later
Move forward now 2016 and we give more and more control of vessel systems to computers, but thankfully have crew on-board able to override or manually control critical systems.
As connectivity over satellite and speeds increase to an always connected vessel, there are 3 risks;
- Onboard control systems are infected/compromised
- Onboard PCs are infected
- Office datacentre are infected
If we look at today and the risk level;
Onboard control systems are infected/compromised
Many of the systems on-board vessels are standalone, un-networked and indeed not bothered about the IOT (Internet of Things). Their proprietary and specialist nature mean they remain an unlikely target as the first attack. However if that did happen the consequences financially and indeed environmentally could be major
Cybersail assessement - Low risk - Major impact if compromised
Onboard PCs are infected
The nature of onboard PC's in that they are used by many personnel with in some cases limited physical security, allowing devices such as infected USB to be plugged in, rights changed, combined with limited remote access/patching options due to low/costly bandwidth, make them hard to manage.
Since onboard "datacentres" are becoming more prevalent with devices networked and reporting back to the main office there is a high change a device compromised on a vessel could infect the main office.
Cybersail assessment - Medium risk - Medium impact
The main information of a company is still keep onshore at office datacentres. Since a good proportion of the systems in place will be based on standard technology such as Windows, the chance of being attacked or exploited by a vulnerability is much higher than for a vessel.
In fact in recent news that is exactly what happened. A shipping company found that pirates were targeting certain vessels, but what surprised them more was the fact they were targeting specific containers on-board by serial number. Taking the cargo and leaving. This was finally traced by to the office datacenter content management system being compromised some months earlier by the pirates allowing them to check manifests and cargo lists at will.
Cybersail assessment - High risk - Medium - High impact
Future ship - The next 20 years
If we look at peoples visions of future ships, we are talking in reality about massive drone ships needing next to no personnel on-board. The scary part here is if we take lessons from 1995 we would hope at least the systems are secure and the people in charge are trusted.
Further to that will we still have a technologist on-board to manually override the system in such cases?
We already see cases of the security sector working on portable anti-drone guns for the surge in drone sales and use for criminal activities such as spying or drug drops. These block current radio signals and indeed GPS signals!
If pirates take on this technology and expand it to attack onboard ship drone systems, it may well be possible to hijack a vessel force it to shutdown its engines for example.
Cybersail assessment - Risk - Unknown