Report: 50,000 ships worldwide can be hacked

GoScanSSH

50,000 ships worldwide can be hacked, experts said. According to reports, cybersecurity experts recently demonstrated how easy it is to immerse navigational equipment into a boat. Researchers have shown how to fool the Global Positioning System (GPS) to change the route of a luxury yacht. Once upon a time, how to set up a car, a bread machine, a tugboat, etc., how they operate. The problem is that these things now connect to the Internet in addition to the original factory settings.

The report stated that reports on maritime cybersecurity would only increase rapidly in the future. The maritime industry has been slow to realise that ships, like everything else, are now connected to the internet. The United Nations, the agency responsible for managing the seas, is now somewhat late for the International Maritime Organization to consider establishing appropriate regulations on cybersecurity.

 

According to the report, in 2014, the International Maritime Organization solicited opinions on the guidelines for cybersecurity in the maritime industry. Two years later, they released temporary guidelines for cybersecurity risk management. This document is relatively broad and not specific enough. The results were not unexpected and caused the ship to be attacked by hackers.

The report believes that cybersecurity has become a thorny challenge for the maritime industry and is related to some critical issues.

First of all, ships divided into many categories, and the applicable conditions are entirely different. Therefore, separate computer systems often use. It is worth noting that many systems have a design life of more than 30 years.

Second, the operators of these marine computer systems are continually changing. Crew members are very fluid and often change their posts after receiving a brief notice. Therefore, they often use unfamiliar systems, thereby increasing the possibility of human-made cyber security incidents. Also, the maintenance work of the shipboard system, including the maintenance of the navigation system, is often contracted to a third party. The nature of this third party is mixed, and it is difficult to ensure safety.

Third, the connection between the shipboard system and the land system. Many shipping companies keep communicating with their ships. Therefore, the cyber security of boats also depends on the safety of land network equipment. For the International Maritime Organization, this issue is particularly problematic. The International Maritime Organization can bind the port rules and regulations and has little control over the systems and operating procedures used by shipping companies.

According to the report, in 2017, the International Maritime Organization revised two sets of general safety management regulations, clearly spelling out cybersecurity in the rules. The “International Ship and Port Facility Security Rules” and “International Safety Management Guidelines” provide detailed standards for the port and vessel operation risk management procedures. Making cybersecurity an integral part of these programs will at least allow operators to realise cyber risks. It hopes that this will be the beginning and there will be a complete set of rules for maritime network security.