Canada establishes a center for research into IT security specifically for ships, ports and their supply chains. They are more and more often the target of attack, which is not only expensive but also dangerous. The defense against digital pirates on the high seas creates particular difficulties. In the first year, the new research center at the Polytechnique Montréal University of Technology aims to identify the greatest weaknesses.
The shipping industry has some catching up to do in terms of IT security. The French blog Cybermarétique.fr has about 80 known incidents collected. The spectrum ranges from encryption Trojans and classic hacking to jamming and spoofing with GPS and manipulation of the automatic identification system (AIS). The NotPetya attack on Mærsk became famous; at that time Maerst expected losses of up to $ 300 million.
Ships and ports are becoming more and more connected. Understandably, it is extremely expensive when a system is left on the other side of the world and repair teams have to be dispatched. But networking too often allows attackers to bring ships and ports under their control from a distance. Then they can extort high ransom money and steer ships, their crew and cargo into ruin. This can cost human lives and cause great environmental damage.
Long lead times
In addition to attacks via the Internet, there is a threat of attacks from the cargo, via data carriers brought by sailors, via port systems and even networked trucks that bring cargo to ships. And once the ship is on the move and hacked, it is difficult to get IT specialists to work on site.
– Her Majesty’s Canadian Ship Harry DeWolf under construction at Irving Shipyard in Halifax, Nova Scotia (2018). The Arctic patrol ship was commissioned in 2011 and handed over to the Canadian Navy in 2020. In open water it should reach 31 km / h, as an icebreaker a good 5 km / h.
(Picture: Daniel AJ Sokolov)
Long lead times are a particular problem for shipping. Building a larger ship takes years, not including planning and tendering. This year, for the first time, the International Maritime Organization (IMO) encourages shipowners to write safety management concepts for the IT of their ships. The German Federal Office for Information Security (BSI) is also calling for more cybersecurity on the oceans.
That was decided by the IMO but already in June 2017. That shows how long lead times are customary in the industry. Introducing new security concepts takes years. At the same time, attackers can exploit IT vulnerabilities to a considerable extent within hours.
Together with companies
The new research center in Montreal is now faced with the challenge of identifying the most urgent construction sites this year. The Canadian scientists will then work out countermeasures for at least another four years. The center is managed by the computer science professors Nora Boulahia Cuppens and José Fernandez.
–
–
–
They receive support from the local shipyard Chantier Davie Canada and the nautical IT security company Neptune Cyber, who together contribute 1.7 million Canadian dollars (1.1 million euros), partly in kind. Over the project duration, which is initially set to run for five years, around ten master’s and doctoral students at Polytechnique Montréal will develop into relevant specialists.
(ds)
– .
