Naval Dome: Electronics OEMs Should Boost Cyber Protections

Itai Sela (Naval Dome)

Published Aug 29, 2019 9:52 PM by The Maritime Executive

After multiple reports of hacking attempts against ships and port operators, maritime stakeholders are gaining more awareness of their potential vulnerabilities in the event of a cyberattack. At a conference in Singapore Thursday, Itai Sela, the CEO of maritime cybersecurity company Naval Dome, asserted that marine electronics OEMs may need to do more to build in robust cyber protection for mission-critical shipboard systems. According to Sela, high-level cybersecurity is hard to find in operational electronics systems aboard ships, offshore oil and gas platforms or ports and terminals. 

“Few OEMs and system providers are supplying equipment with level 4 security, resulting in end-users being unable to get a true picture of the integrity of their critical systems," he said. "It’s like driving with your eyes closed." (DNV GL type approval criteria define four levels of security: SL1, for deterring only casual or coincidental attempts at violation; and SL2-SL4, for increasing degrees of attack sophistication.) 

Sela warned that without a parallel investment in cybersecurity, the industry's increasing reliance on IoT technology and connectivity puts maritime interests at risk. “We have visited companies operating across the industry – shipping companies, cruise lines, oil and gas contractors, ports and terminals – and what we find is alarming. Typically, most companies are operating critical systems that are protected, at best, by only the most basic security solution," he said.

“The obvious thing to do is to ask your system provider what level of cyber security each of their systems are provided with and, if not SL4, request they upgrade or replace them," he said. 

Sela also addressed the spate of GPS spoofing incidents reported by vessel operators in recent months. Naval Dome is aware of an increase in spoofing activity in the Persian Gulf, the Black Sea and Southeast Asia, primarily by state actors. “We recommend that all critical systems have in place a cyber defence system capable of anomaly detection, which will alert operators to odd jumps or drifts in position based on previous and current positions, planned route and ship speed. This will provide an indication that the GPS may be compromised," he said. 

He also warned of a growing problem with spoofing at port facilities. Container handling equipment - straddle carriers, reach stackers and other heavy shoreside machinery - is reliant on GPS for navigating the terminal, and without a good signal, the terminal's functioning may be degraded. "Positional data is dependent on signals from three or more satellites, but if just one is compromised, then it will give a false reading. Any interference to the GPS signal is likely to result in significant port congestion," he said.