Communication technologies and protocols are an essential part of a vessels electronic systems. However, the unique aspects of marine and offshore environments present challenges to their use; in which the nature of their use and the widespread use of legacy systems affect all security activities and agendas.
This has become a particularly high topic on the cybersecurity agenda over the last two decades, as the explosive growth in communications services has dramatically changed the way that businesses operate in all sectors, improving efficiency and providing new opportunities. In the maritime sector, we can see this from the original adoption of VHF a hundred years ago for ship communication, through to more recent safety technologies such as AIS and satellite communication. However, the limited bandwidth and high cost of these technologies has historically limited the sector’s ability to leverage them in many of the ways seen in other industries.
The following blog post will outline some of the key trends in cybersecurity vulnerabilities in technologies utilised by the Marine and Offshore sector.
Whilst the risk associated with each technology needs to be assessed in the context of its use, there are some key trends that mean some of the historical assumptions about the security of different communications technologies may need to be revisited. The below summaries offer an insight into the current information available on each technology.
The cyber risk of eNavigation (eNAV)
As a new initiative started by the IMO, eNav aims to improve the efficiency and safety of marine navigation by enabling message exchange between business entities while at sea, in harbour, or on land. It is still under heavy development, but the MCP Consortium, a group of national maritime organisations lead by the Danish Maritime Authority, has built an initial platform. It is being designed and built with modern components and a focus on the confidentiality of messages sent between entities; therefore, it is likely that the risks to communications will be low (although full testing should still be carried out). However, it will drive increased reliance on data-based connectivity (primarily satellite based) for vessels, meaning that the availability of those services will become more critical.
Vulnerabilities of Software-defined radio (SDR) system
Software-defined radio (SDR) allows for radio reception and demodulation to be performed on a computer using (relatively) cheap commodity hardware and freely available software. Whilst this has enabled lots of innovation in radio techniques, it also means that attacks which would previously have been only possible with expensive hardware can now be carried out more easily and cheaply. For example, satellite communications can be decoded, GPS signals can be spoofed and fake AIS transmissions can be broadcast. Particularly with satellite communications, where demonstrations of intercepted phone calls and other transmissions have taken place, previous assumptions about the difficulty of intercepting communications no longer hold.
Vulnerabilities of VWH Data Exchange Systems (VDES)
Since AIS was mandated, the growth of vessels broadcasting their location has led to an overload of the system in some locations where shipping traffic is particularly dense, for example, large sea-ports or narrow channels such as the Malacca Straits. The VDES (VHF Data Exchange System) is a proposal to increase the bandwidth of AIS by 32 times by using digital modulation techniques (DPSK). Additionally, there is a proposal to allow for hybrid use of both VHF and IP-based satellite/4G networks to transmit messages. As is currently proposed this poses the same risks as AIS, but the increased use of the protocol arising from the available bandwidth could lead to risks arising if proposed solutions are not properly assessed.
Denial of Service Attacks (DDoS)
A rise in the capability of attackers to perform distributed denial of service (DDoS) attacks has led to an increase in cases of extortion, where a threat is made to disable a company’s networks unless payment is made. In a world where communications systems are not essential to system operations, this threat can be dismissed, but where always-connected networks are key to data transfer and operations (for example autonomous systems) the impact of disruption to connectivity becomes critical. This means that networks now need to have mitigations put in place for this kind of attack.
Vulnerabilities of Software-defined networks (SDN)
Software-defined networks are being rapidly adopted to help network operators deploy more flexible and efficient networks. In a software-defined network, old fixed network configurations are replaced by protocols which are able to be centrally controlled and hence adapt to changing demand or use. Alongside this, other paradigms such as network-function virtualisation (NFV) mean a move away from specialised networking devices to the use of commodity computer hardware with networking functionality running in virtualised environments. These technologies have been adopted particularly in the fixed-line networking space, but are starting to make inroads into maritime data connections, particularly those supplied via satellite.
Whilst these are powerful techniques for improving network operations, they also pose risks as the technology is still being developed and weaknesses are yet to be fully understood. For example, there is usually centralised control of the network, often under the administration of a third-party, which provides a tempting target for an attacker. Manipulation of the network and the paths that data may take across could also be possible, leading to potential exposure of sensitive information.
So, there you have some of the latest key trends in the technologies typically used on board ships. Keep an eye out for our next post in the ‘Cyber Risks in Communication Systems’ series, coming shortly. For more information on this topic, you can also view our full research report here.