Get best of the week

Can I hack a ship?



- , ? ? ? Cloud4Y , .

When discussing safety issues on ships, the topic of cyber defense protection is the last to be addressed. And then not every time. Most captains are sure that a) breaking ships is useless, because they can be controlled manually. b) To get into the ship’s IT system is meaningless by definition.

In general, these arguments can be understood. Sailors believe that if a problem is detected in the electronic "brains" of the ship, the captain or other officers on the bridge will put the ship into manual control. In addition, the marine environment is still dominated by the view that the development of cybersecurity is pointless. "Why should hackers be interested in us?" - The most common question for any warnings about possible risks.

Extremely dangerous frivolity. Hackers will come to every area with a weak level of information security. Why spend months digging up sophisticated software to break into the ingenious security system of a bank, retailer, mobile operator, when you can use the long-known holes in Windows XP and penetrate the internal ship network? This is what pirates did, for example. They hacked into the shipping company's computer system in order to get a list of ships for robbery. An elegant move, isn't it?

The statement that any attempts to hack ship IT systems will be noticed, and everything will be fine, is also a mistake. This requires compliance with a number of conditions:

  1. (, );
  2. ();
  3. , (, , );
  4. - , , .



This is due to the procedure for their training. A man who rose to the rank of captain, spent a huge amount of time studying the ship, is well versed in navigation and navigation, and, of course, had to deal with various difficult situations at sea. Here are just the navigation skills that were in demand until recently, not much different from those that were needed in the 16th century. Only in our time on ships began to use computer control systems and navigation systems. Their review was on Habré.

The captain is confident that if computer systems begin to fail, he will be able to return to paper cards and manual control. The problem is that hacking IT systems will not necessarily be noticed right away. And if the leadership is convinced that the ship cannot be attacked by cybercriminals, this indicates a complete misunderstanding of the threat. Here is a relatively recent example of a successful hack . And there was also a story when hackers closed a floating oil rig, dangerously heeling it, while another rig was so riddled with malware that it took 19 days to restore its functionality. But the story is fresher .

Just as an example: reportPonemon revealed that US organizations took an average of 206 days to detect data corruption. These are statistics from coastal organizations where smart computer scientists and IT security experts are usually available. There are relevant departments, stable Internet and special monitoring tools.

What is a ship? Well, if there is at least one person on it who understands something in IT and is theoretically able to detect security problems. But even if he noticed that something was wrong with the ship’s IT infrastructure. What can he do?

When a person does not own the subject, he cannot do anything effective. For example, at what point should you decide that navigation systems are no longer trustworthy? Who makes this decision? Himself an IT professional, assistant captain or captain personally?

And who will decide to take the ship out of track control mode to manually lay the route? If the cryptographic virus has infected ECDIS (Electronic Cartographic Navigation and Information System), this can be noticed quite quickly. But what if the infection is more cunning and inconspicuous? Who and when will notice the activity of intruders? If at all notice. So it is not far from a collision with another ship.

In addition, most systems of this class are a package of applications installed on a workstation running Windows XP and located on the bridge of the ship. Other systems are connected to the workstation with ECDIS through the on-board LAN network, from which most often there is Internet access: NAVTEX (navigation telex, unified system for transmitting navigation, meteorological and other lowercase information), AIS (Automatic Identification System), radars and GPS equipment, as well as other sensors and sensors.

Even with many years of practical experience, many cybersecurity experts do not immediately understand the cause of the incident. For example, there was a case where human hair in a switch port caused falsification of public IP addresses on an internal network. It would seem, well, this cannot be. However, only after hair removal and port cleaning did the falsification stop. But these are experts. They got to the bottom of the truth and solved the problem. And what can people who primarily studied maritime business, and not IT security?

Well, let's say that they noticed a problem on the ship, evaluated the risks and understand that they need help. You need to call ashore to request a consultation. But the satellite phone does not work, because it uses the same vulnerable satellite terminal that the hacker infected. Then what?

Take your eyes off the screens and look out the window




Experienced captains understand how important it is to “look out the window,” that is, not to limit yourself to information from monitors. This is necessary to compare the real situation with what computer systems report. But there are at least three difficulties.

First : young teams are more likely to trust computer devices. They have little manual navigation experience, as they rely on gadgets and computer software. This is especially evident in any incidents during the delivery of goods. The team is limited by the scope of the screens; it searches for clues on the computer, without even trying to solve the problem manually.

Second: command personnel may lose their vigilance or even fall asleep. In this case, a capacity monitoring system (for example, Bridge Navigational Watch and Alarm Systems, BNWAS) is in place to control this process. However, alarms usually occur a few minutes after receiving no feedback from the responsible person. This time is enough to penetrate the system and infect it.

Third : you need external data sources for manual navigation. It’s easy to steer a ship if you see the shore But on a cloudy day on the high seas, navigating is much more difficult. In addition, it will be necessary to identify and correct navigation errors that an infected navigation program could have previously made.

Manual control - difficult and inconvenient


A manual control system should be provided on any ship. But even the most advanced manual control system often brings continuous pain. Maneuvering teams coming from the captain’s bridge to the wheelhouse require the attention of mechanical engineers and other specialists. But they can also be extremely needed elsewhere on the ship, especially when it arrives at the port. This is a real headache, because it is critical to keep up with both here and there.

There is also the possibility of intervention before manual control is implemented. Steering from the bridge can be automatic (for example, the ECDIS system) when the steering wheel maintains course, or manually controlled from the bridge when the watchman turns the helm.

Information about the movement of the helm is transmitted using a tele-motor. Full manual control includes turning off the tele-motor and turning the wheel in the wheelhouse, in which the valves are physically moved to control hydraulic plungers (jacks, press), ship steering wheel.

It will be safer to call a tug if you are somewhere near the ground or in the place where ships often go, and you have problems with steering. For the captain, this will be the easiest way out of the situation, but the owner of the vessel will not be happy with the invoice for towing or arriving at the port of destination with a significant delay.

Manual engine control is indeed a difficult task, especially when maneuvering.

Control is usually carried out directly from the bridge - the engine control levers directly control the engine control systems. They interact using the principle of serial transmission of data that can be manipulated. Management can also be done from the engine control center via a programmable logic controller (PLC) and local and remote human machine interfaces (HMIs). Again, serial communication is used, which can be tampered with.

Manual control of a ship’s engine typically involves three levers: one for the fuel pump, one for starting the air start system, and one for guiding the engine. The speed of the fuel pump does not directly correlate with the engine speed - there are many variables that affect this, even air humidity will change how the engine works at a given lever setting.



Starting the engine to stop or reverse movement involves the use of an air start system for each procedure. Air tanks usually contain enough air for 10 automatic starts, and it takes about 45 minutes to charge them. When operated manually, even the most experienced specialist will be able to start the engine 5 times, no more.



Imagine a person trying to deal with faulty navigation systems. At the same time, all the sensors on the bridge do not function, the steering mechanism does not react to anything, and the engine control levers do not work. You will not envy him. Manual control seems simple, but in fact you will quickly find yourself overloaded with information and get confused about what you need to twist, what to press, and what to follow. That is, you will be unable to cope with the situation.

And do not forget that any minor error or breakdown can lead to the ship losing control and turning into a bulky tin in the middle of a vast sea. Seriously, if you forget about one small switch responsible for reloading the air launch system, the ship will not be able to maneuver.

Another important point: a system in which control devices are connected in series to a network is easily cracked. It is enough to compromise any point in this network, and voila, “manual control” no longer helps.

Are backup systems possible


Most ships have two ECDIS, or navigation systems. This is a unique way of backing up data. Few paper backup cards are stored because they are expensive and difficult to update. Try to imagine this hellish work when you need to collect fresh updates for a paper card in each port, and then add them to the card.

Both ECDIS should be updated frequently, simultaneously. Otherwise, there will be inconsistencies in each ECDIS diagram. Having two redundant systems on a ship might seem like a good idea. However, most ECDIS devices run on older operating systems and have not updated the vulnerability protection system for a long time. Anyone can access the data on these systems. That is, we have two easily cracked ECDIS on board. Fine!

Computer system monitoring


There is another popular misconception. What is infected / damaged will be only one ship computer system. And the management team or other responsible persons will immediately realize that something has happened. But it doesn’t work like that.

ECDIS and other computer systems receive data from various sources. These include GPS, a log, a gyroscope, an echo sounder, AIS, etc. Using the serial networks that these devices use for communication can cause fake data to be sent by hackers to all navigation systems.

All computer systems on the captain’s bridge coordinate data with each other. It is simple and convenient. But hell, it’s not safe! It is not even necessary to distort data streams. You can change the information at the same time in ECDIS and in the radar, and the basic computer cross-validation will be passed. Here is an example of a geolocation offset in the radar:



But an offset in ECDIS. Please note that the ship “moved” to the other side relative to the breakwater.



findings


Digitalization is faster than many expected. Autonomous ships are no longer just fantasies, but a real subject of discussion. Huge oil tankers go from port to port, with a maximum of 10 crew members on board. Mechanisms do everything. But will sailors be completely replaced by computers? I want to believe that no. Living people are more likely to detect a problem and solve it than a soulless robot. Despite all the horrors that I mentioned above.

In general, the fleet’s management team should admit that there is a danger of breaking into the ship’s IT systems, and traditional navigation skills are not enough to protect against cyber attacks. Human eyes are not always able to detect signs of hacking. Some actions are insidious - minor changes that the crew does not pay attention to. Others are instantaneous and critical, like a suddenly turned on ballast pump that starts to run without a command.

Something in this direction is already being done. For example, the Guidelines on Cyber ​​Security onboard Ships») Approved by most maritime associations and associations. The document provides recommendations for ensuring the safety of on-board IT systems, as well as examples of the possible consequences of violations of these recommendations. is that enough? Probably not.

What else is useful to read on the Cloud4Y blog

→ Easter eggs on topographic maps of Switzerland
→ Computer brands of the 90s, part 1
→ How the hacker’s mother got into prison and infected the boss’s computer
→ Diagnostics of network connections on the EDGE virtual router
→ How the bank “broke”

Subscribe to our Telegram-channel, so as not to miss another article! We write no more than twice a week and only on business. We also remind you that Cloud4Y can provide safe and reliable remote access to business applications and information necessary to ensure business continuity. Remote work is an additional barrier to the spread of coronavirus. Details are with our managers.

More articles:


All Articles