INTRODUCTION
A major key player in the global economy is maritime transport. This particular industry is incessantly endeavoring economies of scale and efficiencies, prompting the presentation of bigger ships. Expanded utilization of Information innovation to accomplish automation has played a significant role in both ports and seas. The advanced technologies brought into play are impuissant to cybersecurity threats affecting sectors such as government, commercial, and production and government systems. This paper presents a prescriptive overview of the different cybersecurity threats within the maritime environment. Further, it appraises the indispensable need to create awareness and protect the in-effect marine industrial control systems.
Potential consequences of cybersecurity incidents include but are not limited to loss of life, economic and environmental damage, supply chain disruption, and potentially vessel destruction. It is imperative to examine the current systems used in marine transportation such as the cargo terminals, shipboard, and ports. The undying need to make improvements in maritime cyber-security is a factor that cannot be left pending. As you dive deeper into the paper, you will find outlined steps that tackle risk management, thus reducing cyber-security incidents.
Maritime transport involves two domains that are connected, although very distinct. Shore-based technologies are associated with port operations, and sea-borne elements are related to the ships' operation. IT is used in ports to efficiently handle passengers' surging growth, provide necessary border security, and manage the increased volume of trade. Security systems, communication systems, terminal automation systems, business systems, crane control systems, remote equipment monitoring are just some of the systems available in a port.
This particular range of systems illustrates the gradual complexity of computer-controlled systems majorly in the ships. The limitation of physical control by operators over the deemed critical systems has contributed significantly in the hyper-connectivity, making these vessels a great player in the internet dominated world. Control frameworks that work progressively to impact real results, in reality, are alluded to as cyber-physical systems and can cause grave damages emerging from failure or system glitches, conceivably bringing about death tolls and befouling of the environment. These cyber-physical systems must operate in a robust, safe, and secure way.
LITERATURE REVIEW
It goes unsaid that cybersecurity not only encompasses the technology but also process aspects and people. Cybersecurity can be defined as the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets’. Cybersecurity vulnerabilities are potentially caused by failure to follow standard operating procedures.
Cybersecurity awareness is almost non-existent in the maritime sector, as indicated by a report by ENISA. Critical systems typically refer to digital systems that use industrial control system technology alongside networking, thereby providing access to real-time information sharing with other shore-based systems. A malware attack on a large vessel could potentially damage the ship's key system and cause ripple effects on the economy as well as lives being lost aboard. As of October 2019, there exists no record of a hacking attack against any sea vessel by any malicious actor. An American telco provider reported rumors that hackers have teamed up with pirates to track high-value cargo in 2016 though no firm evidence exists.
Ships also rely on GPS for positioning and navigation, which is a potential vulnerability. GPS satellites are susceptible to jamming, especially if the signals are weak. The interference is made even easier as many devices that interfere with signals are readily available on the market. It has been reported that spoofing of signals creates false civil GPS signals, which then allows third parties to gain unauthorized access to the ship’s GPS receiver without being the ship's navigator. Wi-Fi technology present in the ship also provides another way for an attacker to gain control and potentially disable the control systems. This technology poses a major threat, especially when the protection is very poor, providing connectivity to these critical control systems.
The acronym CIA represents three essential principles: confidentiality, integrity, and availability. Confidentiality is an aspect that encompasses the privacy of data and limits authorization of who gets to access certain data. Integrity refers to the trustworthiness of the stored data. Last but not least, availability alludes to the authorized users having access to the system. These principles are very important to follow, especially when coming up with a marine system that addresses critical aspects.
ANALYSIS
The complexity and reach of threats in cybersecurity have grown and, consequently, a concern that should be considered an integral part of shipping management and offshore operations. Cybersecurity threats can emerge from malicious outsiders or malicious insiders. A malicious outsider is an external party that possesses no connection to the port operations. A good example is such as hacktivists, terrorists, among others. Malicious insiders are directly connected to the port; they could be employees, owners of the port, and contractors. They could decide to use their privilege for an unintended purpose. Non-malicious insiders could also cause potential threats through errors, omission, or even negligence.
The automation of cargo terminals has opened a gateway to disruption through the hacking and continuous use of malware, thus compromising the availability of sensitive information and further enabling the perpetrator to obtain commercial advantage. In a situation whereby one has access to cargo information, it is very easy for goods to be smuggled, stolen, and even engaged in fraudulent activities. This particular interference of the systems could potentially cause severe reputational damage. Assuming that the program logic of a heavy crane was interfered with, it could ultimately lead to cargo loss and, in very severe cases, death.
DISCUSSION
Examples of incidents reported and investigated by relevant maritime authorities are such as the Royal Majesty and Annabella accidents. It is recorded that the cause of these accidents was because of the GPS that failed as well as the load planning software deemed untrustworthy. Lack of proper understanding of the incompatibility between the autopilot system and interface made it difficult to spot the GPS failure. The error flag was set off; however, the autopilot system assumed that the receiver would stop sending data and thereby ignored the flag in the unit output. This scenario represents just how much ignorance and lack of knowledge can cause a great disaster.
Cybersecurity does not only entail preventing malignant activities. A survey conducted recently concerning data breaches shows that 37% were ascribed to crimes, 29% was a direct result of system glitches, and the remaining 35% was brought about by human factors such as errors and negligence. Close cooperation between stakeholders in the technological and maritime industry is needed to minimize the number and risk caused by vulnerabilities. Unpatched vulnerabilities that are left unsolved can cause existent vulnerabilities in the industrial control systems. By leaving known vulnerabilities, unpatched can essentially prompt an expansion in the dangers of cyber-attacks.
CONCLUSION
In conclusion, the increased integration of sophisticated marine IT systems into the global communication system has caused the maritime domain to be greatly involved in the cyberspace. This integration has led to an exposure of the systems to a large number of cyber-security threats. Low threat awareness levels and the need to improve these cybersecurity systems have been reported to improve services.
It is highly recommended that professional engineering organizations collaborate with maritime industry to come up with an awareness program. Cybersecurity awareness ought to be built into training programs for all the sailors and shore-based personnel. Steps ought to be taken to transfer knowledge and skills from those that already possess a greater experience of cybersecurity attacks to the maritime industry to protect the industrial control systems. The achievement of these improvements requires effective collaboration among key stakeholders.
Read More