There are possibly many people who believe that ships cannot be hacked or hijacked remotely. Well, the page linked below says it like it really is. There are security flaws in ships and they can be hacked...and potentially even hijacked. And, it can potentially take all too long before the captain or crew realize that something is going wrong. Then, once the crew realizes something is wrong, they may attempt to use the satphone to call for help, only to find that the satellite link has been hacked and is non-usable.
Now, let's say a ship is heading out of a harbor with a pilot in control, and it's steering has suddenly been negatively affected by a remote hacker. Suppose the hacker has taken control and turned the rudder to one side or the other, as the ship is approaching a bridge. Let us also say that the hacker has manipulated the digital rudder angle indicator (1)(2) so that it does not show that the rudder has been turned by the hacker. Well, when approaching a bridge, that can create a potentially deadly and destructive situation.
When a ship is out at sea and its rudder control has been hacked and manipulated, there may be time to implement manual control of the ship's rudder. But, if the position and heading readouts have been hacked and manipulated, it may be some time before the captain and crew realize that something is wrong. Once the error has been discovered, as the linked page notes, there is manual steering. But, manually steering a ship "is a royal pain and lends itself to incidents."
Now, let's say that a ship's engine and rudder controls have been hacked and manipulated. Let us say that the ship is heading toward a bridge, as it is leaving a harbor, when a hacker suddenly turns the ship's rudder and shuts down the ship's engine. What about manual engine control? Or, is there even time for this? Well, the page states: "Manual engine control is really quite difficult, particularly when manoeuvring." Yes, especially when trying to maneuver, when preparing to pass under a bridge.
The page linked below speaks about the serial network on a ship. The serial network is "for the operational technology (OT) systems, including steering, propulsion, ballast and navigation data, among many." And, when it comes to the serial network, it appears that it is relatively easy "to intercept and tamper with the data, almost invariably invisible to the crew." So, it appears that a hacker could readily manipulate the engine, steering and other systems, and the crew might not realize what is happening.
Now, the page linked below begins with these words: "Modern maritime ships are considered a privileged target for hackers and pirates that are increasing their pressure on the Maritime Shipping Industry." The page states further: "Modern maritime ships are often monitored and controlled remotely from shore-based facilities thousands of miles away to ensure efficiency. This creates a new platform for hackers and pirates to conduct targeted cyber attacks on ships." The page states further:
"The shipping industry is highly dependent on computer systems... Today our modern ships are completely computerized. Everything is connected to networks. Today's modern ships have complex cargo operations that are entirely connected through cyberspace. Cranes are moved by GPS." And, it states: "Every ship built has software that manages its engines; and that software is updated while the vessel is underway from the beach, and the Master doesn't even know that the software is being updated."
The linked page also states: "Security vulnerabilities in software used by the maritime industry could be exploited to cause ships to malfunction or run aground..." And, there is reason to suspect that these same security vulnerabilities could be exploited to cause a ship to have a major malfunction and then run into a bridge...creating a huge disaster. The page also shows that a rather cheap apparatus can be used to take complete control of a vessels sophisticated navigation system.
Well, the page linked below states: "The warnings had been issued for years. The techniques were simple enough — penetrate the platform through the onboard navigation system and then go horizontally across the onboard networks to gain control of key systems such as steering and the throttle. The hackers did exactly this -- surprisingly without foreknowledge of the specific systems they were to hack prior to beginning the penetration."
The page states that "remote-access hacking is possible as demonstrated in February 2017, when hackers took control of a German-owned container vessel traveling from Cyprus to Djibouti. The hackers compromised both steering and maneuver controls." The page also states: "The massive size of modern container ships...makes hacking their steering systems or forward speed a means of weaponizing the vessel." Well, is there a chance that a ship was weaponized, to take out the bridge in Baltimore?
As noted earlier on this page, it can sometimes take a while for a ship's crew to realize that their ship has been hacked and taken control of...and possibly sent on a course not intended by the crew. Well, the page linked above states: "Even when malicious control is discovered, as the cliche goes, it can be very difficult to regain control in a timely manner." And, if the rudder is turned and the engine shut off by a hacker, while a ship is preparing to pass under a bridge, the outcome can potentially be very devastating.
The page linked below indicates that the hacking of ships is a very real problem. Regarding the information in the page, it states: "A COMPUTER security specialist has explained the ease with which criminals can take control of ships." Yes, it appears that criminals can easily take control of ships. Now, the security specialist also "said the operational technology (OT) which physically moves ships was often vulnerable despite advances in information technology security."
The page notes that in the three years leading to 2020, attacks on shipping increased 900%. Hackers gain control of ships through wireless access points. And, hackers do not have to be on the ship to gain control, but can do it from a distance. The page states: "Fuel and cargo systems could be hacked to trick a ship into thinking it was off balance...[so] its propulsion will not work." It also states that "cyberattacks were one of the biggest security threats to the shipping industry but incident reporting is 'virtually non-existent'."
The page linked below notes that remotely hacking ships "really isn't that difficult, and that's a problem." It states that "nothing connected to the internet is safe from hackers..." And, "the configuration of certain ships' satellite antenna systems leaves them wide open to attack..." To make things easier for hackers, there's the "ship-tracking map", from which hackers can choose which ship they want to take control of or victimize in one way or another.
The page linked below may be from 2015, but, looking at the information provided in this presentation, it appears that there is still a very serious problem with servers on ships being hacked. The 2015 page also mentions "an incident whereby a hacker brought a port on the U.S. eastern seaboard to a standstill." Yes, this was way before the 2024 Baltimore ship crash and bridge collapse disaster. When it comes to hackers, the page states: "Big container ships and cargo ports are especially vulnerable."
One cybersecurity expert mentioned in the linked page stated: "Modern ships are at the mercy of their central 'brains' -- highly automated and networked communications, navigational and operational systems that can literally run the ship without human help. The problem with these brains is that they are exceedingly vulnerable to cyber-attacks." Yes, this information is from 2015, but, has the ship hacking problem been greatly reduced since that time?
The page linked below is from July of 2021. It indicates that on the average, one ship is hacked every day, day in and day out. And, there is the potential for hackers to take control of ships and then weaponize (1) them, so they can be used for nefarious purposes. And, with the massive size of container ships, there is the potential that they can be turned into quite destructive battering rams. Is this what happened with the cargo ship Dali and the Key Bridge in Baltimore? (1)(2)(3)(4)(5)(6)(7)(8)
The page linked below states "that the advent of always-on satellite connections has exposed shipping to hacking attacks." It states further that "the operational technology (OT) systems that are used to control the steering gear, engines, ballast pumps and so on, communicate using NMEA 0183 messages. But there is no message authentication, encryption or validation of these messages, and they are in plain text." Based on what is stated in the page, it appears that all too many ships are extremely vulnerable to hacker attack.
The page also states: "Hacking incidents affecting firms in the shipping industry are more frequent than the general public could guess by perusing the news. Understandably, the companies are eager to keep them on the down-low, if they can, as they could negatively affect their business competitiveness..." So, it appears that the general public is intentionally kept in the dark about what is really going on, especially when it comes to ships being hacked and problems caused by hackers.
Now, the page linked above noted NMEA messages. Then, the page linked below speaks about crashing ships by hacking NMEA sentences. It speaks of NMEA GPS for navigation. But, it also states: "However, NMEA messaging is also used to control multiple systems on board: RS485 serial connections control ballast pumps, propulsion, steering and plenty more." And, the serial network may have connections to the satellite communications system, which can be used by remote hackers to gain access to ship controls.
The page states that "it really doesn't take much to get on to a ships network." Then, the ship's course can be modified. The page states: "A few degrees the wrong way for a few seconds at the wrong time in a congested area such as a separation scheme and a collision could happen." So, is it possible that a remote hacker changed the course of that ship Dali (1) and shut down its engine in the fleeting seconds before that crash which took down the Key Bridge in Baltimore?
The first page linked below speaks about the Shodan Ship Tracker. It states: "With additions, it could become trivially easy to select a potentially vulnerable ship on a map to attack." Then, the second linked page speaks about cybercriminals using ChatGPT to help them gain access to container ships. It also notes that "the services of hackers may be used by competitors of a certain carrier to disable its ships/aircraft and degrade performance, cause losses, reduce investor confidence, etc." Yes, business can be dirty!
The second page states: "Digitization has helped transform processes on merchant ships by automating many processes that were previously done manually. However, digitalization not only simplifies the work of ships, but also increases the risks of cyber attacks and increases the scale of potential damage." And, since the steering, propulsion systems and ballast pumps on ships are commonly computer controlled, the scale of potential damage which can occur basically depends on the nature and intent of the hacker.
Not only can hackers take control of steering and propulsion on ships, potentially with devastating results, but the pages linked below show that hackers can even capsize and sink ships. The page linked below states: "Insecure configurations and vulnerabilities in communications and navigation systems can allow hackers to remotely track, hijack and sink ships, according to researchers at penetration testing and cybersecurity firm Pen Test Partners."
The linked page goes on to state: "Satellite communications is the component that exposes ships to remote hacker attacks, as shown by Pen Test Partners last year and, at around the same time, by researchers at IOActive." And, it states further: "An even bigger problem, researchers warn, is that once an attacker gains access to the satcom terminal, they can move laterally to other systems. One of them is the Electronic Chart Display and Information System (ECDIS), which is used by vessels for navigation."
The February 2019 page, linked below, states: "'If one was suitably motivated, perhaps by a nation-state or a crime syndicate, one could bring about the sinking of a ship,' said Pen Test Partners researcher Ken Munro, in a stark assessment of maritime cyber-danger this week." The page notes that an "attacker would simply send the appropriate serial data to the ballast pump controllers, causing them all to pump from port to starboard ballast tanks. That change in trim alone could cause a capsize."
The page linked below notes that modern container ships are easy to hack through their always-on satellite communication systems. Then, the hacker exploits "a ship's OT system, which is used to control much of the critical control infrastructure on board, including the steering gear, engines and ballast pumps." And then, the outcome of the attack would depend on the intent of the hacker. They could just do something minor, or they could sink the ship, or possibly do something major, like running a ship into a bridge.
The pages linked below provide additional information about hacking and sinking ships. The second linked page notes the MV Derbyshire "which disappeared at sea with the loss of all hands... Investigations much later concluded that excessive stress as a result of flooding during heavy seas caused it to break up." And, to potentially set things up for sinking a bulk carrier in heavy seas, a hacker can manipulate the loading data. No one realizes the danger created, until the ship breaks in two and sinks.
The third linked page is about attacks to the load planning system on a container ship. It states: "Load plan software tells the port where to put each container for optimal efficiency." It also states: "Load planning software is used to place heavier containers towards the bottom of container stacks, and to prevent a stack from being overweight. This keeps the centre of gravity (CoG) low and maintains stability. Further, the balance or 'trim' of the ship is very important, so heavy containers are distributed evenly."
The third page states further: "How about if a hacker manipulated the load plan to deliberately put a ship out of balance? Disguise the data, so that the loading cranes unintentionally put the heavy containers at the top and on one side? Whilst some balancing actions are automatic, the transfer pumps may not be able to cope with a rapidly advancing, unanticipated out of balance situation." And, especially when operating in heavy seas, an out of balance ship can more easily be sent to the bottom...likely with loss of life!
The page linked below tells it like it is. It states: "Hacking on the high seas is no longer a matter of fiction. Security researchers discovered vulnerabilities in the communications and navigation networks used by the shipping industry which could potentially be exploited by hackers looking to track, hijack, redirect, steal and even sink shipping vessels." It notes that the shipping industry is "plagued by a lack of proper security hygiene, with many using default credentials on critical systems." Others use outdated systems.
The page linked below states: "There are plenty of ways to get malware on to a ship. Whether it's via satcoms, phishing, USB, crew Wi-Fi, dodgy DVDs etc." Once a hacker has set things up for disaster or has actually caused a ship to sink, the page indicates that they can hide the evidence of their hacking. The page states: "Any half-decent attacker can happily abuse these operating systems all day long and still cover their tracks effectively."
A hacker being able to hide the evidence of their hacking of a ship does create a major problem, especially for those who then have to investigate what actually caused a ship to crash or sink. The page linked above states that "many OT devices don't or can't log activity." This helps the hacker to hide their crime. In the midst of all this, it must again be noted that on average, one ship is hacked every day (1). This means that one ship per day can potentially be misdirected, grounded, sunk or weaponized (1)(2).