Parts-Syllabus
Part B
EM201 Advanced Navigation and Maritime Cyber Security
Cyber Security
Maritime Cyber Security on ships
Maritime Cyber security and safety management: Malware,viruses and spyware;

Maritime Cyber security and safety management: Malware,viruses and spyware;

Excellent and highly relevant topic. The convergence of Information Technology (IT) and Operational Technology (OT) on modern vessels has made maritime cybersecurity a critical component of the Safety Management System (SMS). Malware, viruses, and spyware are no longer just an office IT problem; they are a direct threat to the safety of the crew, the vessel, and the environment.

Here is a detailed breakdown of how these threats impact maritime operations and how they should be managed.

Part 1: Defining the Threats (Malware, Viruses, and Spyware)

First, let’s clarify the terms. Malware (Malicious Software) is the umbrella category for any software intentionally designed to cause disruption, steal data, or gain unauthorized access to a system.

1. Viruses

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code.

  • How it Works: It attaches to a clean file (like an executable, a document, or a software update file). When a user opens that infected file, the virus activates and spreads to other files on the system and network.
  • Maritime Example: A service technician brings a USB stick with a software update for the ECDIS (Electronic Chart Display and Information System). The update file is infected with a virus. When the update is run, the virus infects the ECDIS, potentially corrupting chart data or causing the system to crash during a critical navigation phase.

2. Spyware

Spyware is malware designed to secretly observe a user’s activity without their knowledge and report that information to the software’s author.

  • How it Works: It hides in the background, collecting information. This can include logging keystrokes (to steal passwords), capturing screenshots, harvesting email addresses, and tracking browsing habits.
  • Maritime Example: A crew member downloads a “free” movie-watching program onto the ship’s business computer. The program contains spyware that logs the keystrokes used to access the cargo manifest system. A criminal organization then uses these stolen credentials to access sensitive cargo data, facilitating piracy or theft at the next port.

3. Other Critical Malware Types in Maritime

  • Worms: Similar to viruses, but they can spread across a network on their own without any human interaction (i.e., without someone having to open an infected file). This makes them incredibly dangerous on a ship’s interconnected network.
  • Ransomware: This malware encrypts a vessel’s critical data (e.g., navigation plans, cargo lists, crew data) and demands a ransom payment (usually in cryptocurrency) for the decryption key. This can halt operations completely.
  • Trojans: Disguised as legitimate software, a Trojan horse creates a backdoor into a system, allowing a remote attacker to gain access and control.

Part 2: The Maritime Context - Attack Vectors and Vulnerabilities

How does malware actually get onto a ship? The isolated environment of a vessel creates unique challenges.

Common Attack Vectors:

  1. Removable Media (The #1 Threat):

    • USB sticks, external hard drives, and SD cards used by service technicians, port officials, or crew members. These devices may be infected from shore-based systems and then plugged directly into critical OT systems like the ECDIS or engine control console.

  2. Phishing and Social Engineering:

    • Deceptive emails sent to the ship’s email address (e.g., appearing to be from a port agent, charterer, or manning agency). These emails contain malicious attachments or links that, when clicked, install malware.

  3. Crew Personal Devices:

    • Crew connecting their personal, often unprotected, laptops, tablets, or phones to the ship’s network can introduce malware they picked up on shore.

  4. Lack of Network Segmentation:

    • This is a critical vulnerability. If the crew welfare network (for personal internet use) is not physically or logically separated from the ship’s operational network (for navigation and machinery), malware can easily “jump” from a crew member’s infected laptop to the ECDIS.

  5. Unsecured Remote Access:

    • Shore-based technicians often require remote access for diagnostics and maintenance. If these connections are not secure, they provide a direct backdoor for attackers.

  6. Compromised Software Updates:

    • Downloading updates for charts or software over a compromised satellite link or from a non-verified source can introduce malware directly into the system.

Part 3: Consequences for Safety and Operations

A cyber incident is a safety incident. The potential consequences are severe:

Consequence Category Specific Examples
Safety of Life and Vessel - Manipulation of ECDIS/GPS: Causing grounding, collision, or navigating into dangerous waters. - Loss of Propulsion/Steering: Disabling the engine or rudder control systems. - Disabling Alarms: Turning off fire, flooding, or machinery failure alarms.
Environmental Damage - Manipulation of Ballast Water Systems: Causing an illegal discharge and potential introduction of invasive species. - Loss of Control of Fuel Transfer: Leading to an oil spill.
Operational & Commercial - Ransomware on Cargo Systems: Halting loading/unloading operations, leading to huge financial penalties (demurrage). - Port State Control Detention: If critical systems are found to be non-functional or compromised. - Voyage Disruption: Inability to transmit required reports (e.g., to VTS) or receive weather updates.
Financial & Reputational - Data Theft: Loss of sensitive commercial data (cargo manifests, charter party details). - Ransom Payments: Direct financial loss to regain control of systems. - Increased Insurance Premiums: Insurers now assess cyber risk as part of their underwriting.

Part 4: Integration into the Safety Management System (SMS)

In accordance with IMO Resolution MSC.428(98), shipping companies are required to address cyber risks in their Safety Management Systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.

This means treating cyber risks just like any other operational risk (e.g., collision, fire). Here’s how to do it:

Key Elements of a Maritime Cyber Safety Management Plan

  1. Risk Assessment (Identify):

    • Asset Inventory: Identify all IT and OT systems onboard (e.g., ECDIS, VDR, GMDSS, AIS, Engine Control, Cargo Management, Crew Wi-Fi).
    • Threat Identification: Identify potential threats to each system (malware, unauthorized access, etc.).
    • Vulnerability Assessment: Analyze weaknesses in each system (e.g., unpatched software, weak passwords, no network segmentation).

  2. Protective Measures (Protect):

    • Network Segmentation: This is the most effective technical control. Isolate critical OT networks from non-essential IT and crew networks. A virus on the crew Wi-Fi should never be able to reach the bridge.
    • Access Control: Enforce strong, unique passwords. Use multi-factor authentication where possible. Limit user privileges so a crew member can’t accidentally install software on a critical system.
    • Malware Protection: Install and maintain up-to-date antivirus software on all capable systems.
    • Patch Management: Create a strict procedure for testing and applying software updates and security patches.
    • Strict USB/Removable Media Policy:
      • Prohibit the use of personal or unknown USB drives on critical systems.
      • Use a dedicated, sandboxed computer to scan all incoming media for malware before it is used.

  3. Incident Detection and Response (Detect & Respond):

    • Detection: Use system monitoring and logs to detect unusual activity.
    • Incident Response Plan: Have a clear, simple plan that the crew can follow.
      • Who to call? (Company DPA, IT/Cyber support)
      • What to do first? (e.g., Isolate the infected system from the network immediately).
      • What not to do? (e.g., Do not turn off the machine, as this can erase evidence. Do not pay a ransom without company approval).

  4. Recovery:

    • Maintain regular, verified backups of critical data and system configurations.
    • Ensure backups are stored offline or on a separate network so they are not affected by a ransomware attack.

  5. Crew Training and Awareness:

    • The crew is the first line of defense.
    • Conduct regular training on identifying phishing emails, the importance of password security, and the company’s USB policy.
    • Run drills, just like fire or abandon ship drills, to test the cyber incident response plan.

By integrating these elements into the familiar framework of the ISM Code, companies can move from seeing cybersecurity as a technical “IT problem” to what it truly is: a fundamental pillar of modern maritime safety.

Maritime Cyber security and safety management: identification of theft and compromise of classified data;Maritime Cyber security and safety management:dangers related to mobile devices; dangers of unsecured wireless networks;