The Maritime Hacking Village: Cyber Hacking for the Maritime Community

 

It is time to get serious about hacking  — and engaging the hacker community — as a pathway to a stronger maritime environment. All of us in the maritime industry appreciate our respective nation's reliance upon the maritime transportation system (MTS) for our very way of life. We all know the numbers: In the U.S., the MTS reportedly makes a $5.4 trillion contribution to the economy, representing about 25% of the U.S. gross domestic product and supporting 30 million jobs. Nearly 80% of global trade and nearly two-thirds of the world's total petroleum and other liquid energy supply is carried by ship. Overall, approximately 90% of any nation's imports/exports move by sea. Most global supply chains are existentially dependent upon maritime shipping.

Simultaneously, the maritime shipping industry is well aware that nations can and do use the seas as a means for statecraft. Nations rely upon the global economic supply chains, as a tool for influence, not to mention the more direct hard power projection capacity of naval forces. All these interactions have generated the normative quasi-legal landscape of the maritime domain upon which we conduct business.

From a cybersecurity perspective, the MTS is a target-rich environment, filled with an ever-increasing number of poorly understood — and, often, unanticipated — attack surfaces. The ongoing digital transformation driving autonomous, smart, and sustainable shipping, and further increasing the efficiency of the MTS, provides myriad cyber attack vectors. The connection of ships to the Internet via satellite communication, ship-to-shore communication required by fleet operation centers, satellite navigation and radio-based situational awareness systems (i.e., GPS and AIS), shipboard communications, and maritime cloud services are particular targets and points of entry to maritime systems on- and offshore.

Enter DEF CON and the Maritime Hacking Village (MHV)

The maiden voyage of the Maritime Hacking Village (https://maritimehackingvillage.com/) is this August at DEF CON 33, with a goal to deliver the first and only immersive maritime hacking experience for attendees to learn what it takes to exploit and defend real-world maritime systems. DEF CON (https://defcon.org/) is the world's premier professional hacker event. Hosted annually in Las Vegas, DEF CON draws audiences and participants that include computer security practitioners, educators, amateur and professional (mostly white hat) hackers, journalists, national and international policy makers, lawyers, federal employees and military personnel, students, researchers, and others with an interest in anything that can be "hacked" — from hardware, software, and communication systems to door locks, card readers, and security policy.

Our mission is simple. MHV is creating a space for stakeholders to come together and navigate the changing digital vulnerability tides. We provide a space that showcases the maritime sector's technological, geopolitical, and adversarial landscapes. Upon this landscape we will explore the systemic cybersecurity vulnerabilities in the systems which underpin global maritime defense and trade.

It is not enough simply to wait for vulnerabilities to emerge from attack. We need to find them and address them ourselves. Together, MHV hacks to facilitate the discovery and sharing of knowledge integral to the development of effective maritime cybersecurity policy, industry standards and regulations, vulnerability information sharing, cyber threat intelligence, and most importantly – a capable and trusted workforce and community-of-interest.

Despite the importance of the seas for commercial, recreational, and military use, no single stakeholder controls the implementation of policies and regulations. Stakeholders unanimously agree that from machines to systems to governance, the maritime domain is fundamentally insecure. Still, seemingly insurmountable access barriers are preventing the security community, and anyone else, from doing anything to help.

The purpose of Maritime Hacking Village is to eliminate these barriers – and to provide everyone with the access and resources necessary to engage in maritime vulnerability research and cybersecurity innovation. MHV is a safe, shared space where the security community (elite hackers, trusted providers, and young talent alike) can develop and demonstrate their competence in attacking and defending real maritime systems – and where maritime industry stakeholders can engage with this community on neutral ground to grow their arsenals of knowledge, tools, trusted and capable providers, and fresh talent. We at MHV believe that this work together will create rising tides of awareness, information sharing, and innovation that will lift all ships and allow us to gradually secure the maritime sector.

MHV's demo floor will host a variety of advanced commercial maritime systems available for the conference attendees to try their hand at hacking. MHV will also host various learning events, including a multi-vendor capture-the-flag (CTF) contest that involves hacking challenges related to maritime bridge testbeds, real maritime radio (AIS, SATCOM) hacking, port systems hacking, social engineering and transportation badge counterfeiting, maritime grand theft auto, "swarm AI"-enabled unmanned watercraft, and a premier Open Source Intelligence (OSINT) CTF contest . Speakers and panels will discuss a broad set of topics about maritime policy, cybersecurity regulation (e.g., the new US Coast Guard cyber rules), maritime cyber research, new product development, maritime autonomous systems, next-gen maritime architectures, weaponizing OSINT, and much more. MHV will also have a policy suite where key invited policy makers will have their own space to meet and delve deeper into regulation and policy coordination that draws together the technical, systemic and governance elements necessary to chart a new course for the maritime industry – one that will ultimately make all of our maritime systems more secure.

MHV planning has been ongoing for many months and we are still seeking sponsors, equipment and challenge providers, maritime operators, and speakers. We invite the maritime community to actively engage with us in the Maritime Hacking Village. We look forward to seeing you in Las Vegas.

Gary C. Kessler is President of Gary Kessler Associates, a principal consultant at Fathom5, and a member of the advisory board of Cydome. Nina Kollars is a professor at the U.S. Naval War College. Duncan Woodbury is President and CEO of Liberas. All are the co-founders and co-directors of the Maritime Hacking Village.