This article was published in Ausmarine Magazine, 2015.
Written by Maria Dwyer, of Oceanic Marine Risks.
In 2013, Australia established the Australian Cyber Security Centre and created a national cyber security strategy. Each year cyber crime costs Australian businesses $4.5 billion and yet many businesses still fail to recognise cyber crime as a threat to their operations.
It has become obvious that the consequences to a business as a result of security breaches can be dire. One only has to look at the consequences suffered by Target and Sony last year after their vast and complex computer systems were hacked into. Each year the frequency and severity of cyber attacks increases, and there is no reason to think that 2015 will be any different.
John Bruce, the chief executive of Co3 Systems, believes that cybercrime will continue to boom in 2015 and that we will see even more eager cyber criminals enter the profession. He argues that the reason for this is simple: cybercrime pays and the rewards heavily outweigh the risks.
This threat has two sides to it.
Businesses not only need to increase their computer system security levels and focus resources on prevention and detection, but businesses also need to consider what measures they must take to protect their customers from potential losses as a result of a system breach.
What has any of this got to do with the marine industry?
I recently came across a blog by Gilad Zahave, dated February 4, 2014. Gilad’s blog post was an excerpt from a report Cyber Threats to the Shipping Industry.
I realise that Australia’s shipping industry is very small and that the majority of commercial vessels in this country are either small passenger carrying vessels or brown water vessels. However, if the world’s shipping industry is under threat from cybercrime should we not take notice and start thinking about preventative measures at a domestic level?
We currently tend to think of cybercrime as resulting in identity theft, e-business interruption, copyright/trademark infringement, and lawsuits from customers but can cybercrime result in a casualty on a vessel at sea?
I do not have the identity of the author of the report Cyber Threats to the Shipping Industry itself. However, if you are interested in the full report please write to info@sensecy.com.
A section of the report deals with the vulnerability of the AIS system. Trend Micro, a security firm, had claimed it had uncovered major security breaches in the Automatic Identification System (AIS).
The AIS is an automatic tracking system for identifying and locating other vessels by transmitting electronic data with other nearby vessels, AIS base stations, and satellites. Information transmitted can include the position, the speed and the direction the vessel is heading in, among other things. The International Maritime Organisation (IMO) mandated AIS in all passenger and commercial vessels weighing in at over 300 tonnes.
In an experiment to test how secure the AIS was, Trend Micro researchers managed to break into the system and change the data being transmitted.
They did this by manipulating the Internet providers AIS was using to transmit information. They could modify vessel details like the position, the course, the cargo, the flag and the name of the vessel. It was also possible to create fake vessels that could show up in any location.
The researchers then used a basic transceiver to expose flaws in the AIS communication systems. They could send false distress signals, false weather information and even switch off the AIS entirely in a vessel.
These loopholes in the AIS could be used by hostile parties to alter data being transmitted in vessels, with the potential to cause dangerous safety risks, disrupt marine law enforcement, and sabotage rival economic activity. Terrorist organisations could even exploit this weakness as well, given little technical know-how is required.
In an article dated April 23, 2014, Jeremy Wagstaff states:
“In the maritime industry, the number of known cases is low as attacks often remain invisible to the company, or businesses don’t want to report them forfear of alarming investors, regulators or insurers, security experts say.
“There are few reports that hackers have compromised maritime cyber security. But researchers say they have discovered significant holes in the three key technologies sailors use to navigate: GPS, marine Automatic Identification System (AIS), and a system for viewing digital nautical charts called Electronic Chart Display and Information System (ECDIS).”
“While data on the extent of the maritime industry’s exposure to cyber crime is hard to come by, a study of the related energy sector by insurance brokers Willis this month found that the industry ‘may be sitting on an uninsured time bomb’.”
There are a number of discussion papers published on the global threat to the maritime industry – does this threat spill over to Australia’s domestic maritime industry?
