Austin Bay: cyber hack hijacking at sea is now a real threat
On August 9, US Secretary of State Antony Blinken vowed to punish Iran for attacking an oil tanker near the entrance to the Persian Gulf.
He specifically mentioned an attack that occurred in late July. An explosive explosion killed two crew members. The Defense Ministry believes Iran used drones to deliver the ammunition.
The safety of commercial tankers, cargo ships and barges is very important. Ships carry natural resources, food and manufactured goods; in total, they transport around 90% of annual world trade in volume and value.
Physical attacks on ships like the one condemned by Blinken leave physical evidence. Pirate attacks have their own category: theft at sea. Attacks by aerial drones, robot ships, commandos and saboteurs may give plausible deniability to the nation-state, but the physical evidence offers clues.
However, cyber piracy and hijacking at sea appear to be a real threat to the global economy and environment.
A maritime cyber piracy can turn an oil tanker into a very great danger to navigation. In March 2021, a huge container ship blocked the Suez Canal. This accident disrupted the global supply chain. Intentionally blocking a channel with a hijacked cyber supertanker can hold an economy hostage and prevent the transit of an opponent’s warships without firing a shot.
In theory, hackers can steer the ship themselves and use it to ram other ships or destroy seaport infrastructure. A supertanker pushed onto a reef could spill a million barrels of oil and cause environmental disaster.
True, there have been relatively few reports of cyberattackers successfully hacking a ship at sea. However, on August 3, the Associated Press quoted marinetraffic.com as reporting that six tankers in the Gulf of Oman had announced almost simultaneously that their Automatic Identification System (AIS) trackers were “not under (their own) command”. This usually means that the ship cannot steer and may have lost power.
Over the past 20 years, large commercial vessels have increasingly relied on digital automated control and remote monitoring systems. These systems allow ships to navigate with smaller crews. Digital sensors also improve overall mechanical performance and reduce operating costs.
However, digital addiction has paved the way for cyber attacks at sea – a real cyber piracy.
In April 2014, Reuters published a short but thought-provoking analysis that mentioned three key cyber vulnerabilities on board ships: GPS, Marine AIS “and a digital nautical chart display system called Electronic Chart Display and Information. System (ECDIS) ”.
The shipping industry knows that its seaports and ships are vulnerable. To be fair, industry officials recognized potential vulnerabilities two decades ago.
Now the attacks are accelerating. In an article published in July 2020, The Maritime Executive magazine reported: “In 2017, there were 50 significant OT (Operational Technology) hacks reported, rising to 120 in 2018 and over 310 last year. 2020 is expected to end with over 500 major cybersecurity breaches, and many more go unreported. “
Most of the reported hacks targeted seaports. For example, hackers have disabled cranes. Harbor cranes are a land-based technology, but they are vital to the shipping industry and the global supply chain.
The industry, however, is deeply concerned about vessels at sea. GPS spoofing on commercial vessels has occurred and has caused them to deviate from course. Maritime Executive cited cybersecurity expert Robert Rizika as expecting “cybersecurity-induced environmental pollution” attacks using ships in a seaport. According to Rizika, hackers could “easily override (ship’s) systems and valves to cause leaks and dump hazardous materials, ballast water, (and) fuel oil…” This is another version of the scenario. “Intentional environmental disaster”.
The “remote hacker in command of the ship” scenario is not entirely theoretical. The 2014 Reuters article mentioned an April 2014 cyberattack on a floating oil rig somewhere off the coast of Africa. The attacker “managed to tilt a floating oil rig to one side… forcing it to close.” According to the Reuters source, “it took a week to identify the cause and fix it.”
Cyber piracy at sea is a security threat that requires immediate responses.
Austin Bay is a syndicated columnist and author.