CybersecurityWhy 50,000 ships are so vulnerable to cyberattacks

By Keith Martin and Rory Hopcraft

Published 14 June 2018

The 50,000 ships sailing the sea at any one time have joined an ever-expanding list of objects that can be hacked. Cybersecurity experts recently displayed how easy it was to break into a ship’s navigational equipment. This comes only a few years after researchers showed that they could fool the GPS of a superyacht into altering course. Once upon a time objects such as cars, toasters and tugboats only did what they were originally designed to do. Today the problem is that they all also talk to the internet. The maritime industry is undoubtedly behind other transportation sectors, such as aerospace, in cybersecurity terms. There also seems to be a lack of urgency to get the house in order. So the maritime industry seems particularly ill-equipped to deal with future challenges, such as the cybersecurity of fully autonomous vessels.

The 50,000 ships sailing the sea at any one time have joined an ever-expanding list of objects that can be hacked. Cybersecurity experts recently displayed how easy it was to break into a ship’s navigational equipment. This comes only a few years after researchers showed that they could fool the GPS of a superyacht into altering course. Once upon a time objects such as cars, toasters and tugboats only did what they were originally designed to do. Today the problem is that they all also talk to the internet.

The story so far
Stories about maritime cybersecurity are only going to proliferate. The maritime industry has been slow to realize that ships, just like everything else, are now part of cyberspace. The International Maritime Organization (IMO), the UN body charged with regulating maritime space, has been late and somewhat slow in considering appropriate regulation when it comes to cybersecurity.

In 2014, the IMO consulted their membership on what maritime cybersecurity guidelines should look like. Two years later they issued their interim cybersecurity risk management guidelines, which are broad and not particularly maritime specific. And now, unsurprisingly, ships are being hacked.

Complexity of the maritime industry
There are several core issues that make cybersecurity for the maritime industry particularly challenging to address.

First, there are many different classes of vessel, all of which operate in very different environments. These vessels tend to have different computer systems built into them. Significantly, many of these systems are built to last over 30 years. In other words, many ships run outdated and unsupported operating systems, which are often the ones most prone to cyber-attacks.