Parts-Syllabus
Part B
EM201 Advanced Navigation and Maritime Cyber Security
Cyber Security
Maritime Cyber Security on ships
Maritime Cyber security and safety management:dangers related to mobile devices; dangers of unsecured wireless networks;

Maritime Cyber security and safety management:dangers related to mobile devices; dangers of unsecured wireless networks;

Of course. This is a critical topic in the maritime industry, where the lines between information technology (IT), operational technology (OT), and physical safety are blurring.

Here is a detailed breakdown of the dangers related to mobile devices and unsecured wireless networks within the framework of Maritime Cybersecurity and Safety Management.

Introduction: The Evolving Threat Landscape at Sea

Historically, ship systems were isolated. A ship was a self-contained mechanical and electronic island. Today, vessels are highly connected nodes in a global logistics network. This digitization brings efficiency but also exposes ships to cyber threats that were once only a concern for shoreside offices. Mobile devices and wireless networks are two of the most significant and common vectors for these threats, directly impacting the safety of the crew, vessel, cargo, and the environment.

Under regulations like the IMO Resolution MSC.428(98), ship owners and managers are now required to address cyber risks within their Safety Management System (SMS) as part of the ISM Code.

1. Dangers Related to Mobile Devices (Smartphones, Tablets, Laptops)

Mobile devices, whether personal (Bring Your Own Device - BYOD) or company-issued, act as a bridge between the unsecured outside world and the ship’s critical networks.

A. Malware and Ransomware Vector

  • The Danger: A crew member’s personal phone or laptop becomes infected with malware (viruses, spyware, keyloggers) from a downloaded app, a malicious website, or a file received on shore. When they connect this device to the ship’s network (e.g., to charge it via a USB port on a bridge console or to use the ship’s Wi-Fi), the malware can spread.
  • Safety Implication: If the malware spreads from the crew Wi-Fi network to the ship’s Operational Technology (OT) network, it can compromise critical systems:
    • ECDIS (Electronic Chart Display and Information System): Could manipulate the ship’s position, display false chart data, or delete routes, leading to grounding or collision.
    • Engine Control & Monitoring: Could interfere with engine RPM, fuel flow, or cooling systems, leading to loss of propulsion or engine damage, potentially in a critical navigation area like a shipping lane or strait.
    • Cargo and Ballast Systems: Ransomware could lock the control system for ballast pumps or cargo loading computers, leading to incorrect stability calculations and risking the vessel’s integrity or capsizing.

B. Phishing and Social Engineering

  • The Danger: Mobile devices are a primary target for phishing attacks. A crew member might receive an email or SMS message that appears to be from the crewing agency, a port authority, or even the ship’s management company. These messages contain malicious links or attachments.
  • Example: An email with the subject “Urgent: Crew Change Details” contains a link to a fake login page. The crew member enters their credentials, which are then stolen.
  • Safety Implication: Stolen credentials can be used by attackers to gain remote access to the ship’s administrative or operational systems, allowing them to cause the same damage as malware introduced directly.

C. Data Leakage

  • The Danger: Sensitive information stored on a mobile device (e.g., ship’s network passwords, cargo manifests, voyage plans, crew lists) can be compromised if the device is lost, stolen, or accessed by an unauthorized app.
  • Safety Implication: A stolen voyage plan could facilitate piracy or targeted theft. Leaked network credentials provide a direct path for an attacker to access the ship’s systems.

D. Unintended Network Bridging

  • The Danger: A laptop connected to the ship’s wired operational network (e.g., for engine diagnostics) might also have its Wi-Fi or Bluetooth enabled, potentially connecting to an unsecured network or another compromised device simultaneously. This creates an unintended and unprotected bridge between a secure and an insecure environment.

2. Dangers of Unsecured Wireless Networks (Wi-Fi & Bluetooth)

Wireless networks, both on the vessel and in port, are a major point of vulnerability if not properly secured.

A. Eavesdropping (Man-in-the-Middle Attacks)

  • The Danger: On an unsecured or poorly secured Wi-Fi network (like a free “Port_Cafe_WiFi”), an attacker can position themselves between the user’s device and the internet. They can intercept, read, and even alter all the data being transmitted.
  • Safety Implication: A crew member trying to log into the company portal to check their payroll could have their username and password stolen. These same credentials might be used to access more sensitive ship systems. The attacker could also inject malicious code into a legitimate website the crew member is visiting, infecting their device.

B. “Evil Twin” Access Points

  • The Danger: An attacker sets up a malicious Wi-Fi network with a name that looks legitimate (e.g., naming it “Port_Free_Wi-Fi” when the real one is “Port-WiFi”). Crew members’ devices, often set to auto-connect to known networks, connect to the evil twin without their knowledge. The attacker now has full control over their network traffic.
  • Safety Implication: This is a primary method for executing man-in-the-middle attacks to steal credentials or inject malware that will later be carried aboard the vessel.

C. Lateral Movement within the Ship’s Network

  • The Danger: Many ships provide a single, flat Wi-Fi network for both crew welfare (internet, movies) and administrative or operational tasks. If one device on this network is compromised (e.g., a crew member’s phone), the attacker can use that foothold to scan the network and attack other connected devices.
  • Safety Implication: A virus on a crew phone could “move laterally” to the Captain’s laptop, which may be used to update electronic charts or sign off on the ballast water management plan. The compromise of one low-value target can lead to the compromise of a high-value, safety-critical system.

D. Denial of Service (DoS)

  • The Danger: An attacker can flood the ship’s Wi-Fi network with traffic, overwhelming it and preventing legitimate users from connecting.
  • Safety Implication: While often seen as a nuisance, this could be a safety issue if, for example, the Master needs to urgently download an updated weather forecast or a navigational warning (NAVADMIN) via the ship’s satellite internet connection, but the Wi-Fi network is unusable.

Mitigation and Best Practices for the Safety Management System (SMS)

Addressing these dangers requires a combination of policy, procedure, technical controls, and training, all documented within the ship’s SMS.

  1. Policy & Procedure:

    • BYOD Policy: Establish clear rules for the use of personal devices. This may include prohibiting their connection to OT networks or via USB to bridge systems.
    • Network Usage Policy: Define acceptable use for both crew welfare and operational networks. Prohibit downloading of unvetted software or visiting high-risk websites.

  2. Technical Controls:

    • Network Segmentation: This is the single most important technical defense. Create separate, isolated networks.
      • Crew/Welfare Network: For personal devices and internet access.
      • Administrative Network: For ship’s business and logistics.
      • Operational Technology (OT) Network: For critical systems like navigation, propulsion, and cargo.
      • These networks should be separated by firewalls, preventing traffic from the crew network from reaching the OT network.
    • Secure Wi-Fi: Use WPA2 or WPA3 encryption with a strong, complex password. Disable and hide the broadcast of the SSID (network name) for operational networks.
    • Endpoint Security: Mandate that any device (personal or corporate) connecting to any ship network must have up-to-date antivirus and anti-malware software.
    • Disable Unused Ports/Services: Physically block or disable USB ports on bridge and engine room consoles. Disable Bluetooth on critical computers.

  3. Crew Training and Awareness:

    • The Human Firewall: The crew is the first line of defense. Regular training is essential on:
      • Recognizing phishing attempts.
      • The dangers of public Wi-Fi.
      • The importance of not mixing personal devices with operational tasks.
      • Procedures for reporting a suspected cyber incident immediately.

  4. Incident Response Plan:

    • Develop a clear plan for what to do in case of a cyber-attack. Who should the crew contact? What are the immediate steps to contain the damage (e.g., disconnecting a network cable)?

By integrating these cybersecurity measures into the daily operations and safety culture of the vessel, shipping companies can effectively manage the risks posed by mobile devices and wireless networks, ensuring that technology serves, rather than jeopardizes, maritime safety.

Maritime Cyber security and safety management: Malware,viruses and spyware;Maritime Cyber security and safety management:desktop security;