Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

'Ethical' hackers highlight vulnerability in containership load planning process

 
November 29th 2017
Hackers could potentially cause environmental damage and incur heavy fines for shipping lines by using nefarious techniques, according to a recent report from security testing company Pen Test Partners.

Pen Test Partners LLP, a so-called ‘ethical hacking’ company that partly specializes in security testing of maritime control systems, has found what it says is a vulnerability in the load planning processes used by container ships that could lead to a hacker gaining access to planning data.

“Intercepting and modifying the messaging used in bay planning can be relatively straightforward if you know what you’re doing,” Pen Test Partners Senior Partner Ken Munro said. “We noticed a lack of security in the validation of the message’s integrity, and a simple phishing attack is all it takes to gain access.”

By modifying the messages, and therefore the loading plan itself, a hacker could cause a vessel to list by swapping the order that the containers are loaded, Pen Test Partners explained, adding that hackers could also potentially cause environmental damage and incur heavy fines for shipping lines by forcing emergency discharge of ballast water because of unexpected situations caused by bay plan manipulation.

Among other damage that could be caused is the switching off of refrigerated containers, which could cause the spoiling thousands of pounds of perishable food.

“Ship security has a long way to go to catch up with the level of security we expect in corporate networks,” Munro said. “They are remote, difficult to update, and their IT hardware is often old and not well maintained.”

Another issue that Pen Test Partners said it discovered was that USB sticks are commonly used to transfer the load plans from ship to port, a process that poses a major security risk because a USB infected with malware could cause series issues for port authorities.

“Ship owners and managers need to have a cyber security plan in place and should review their current IT systems to make sure that any potential weak points open to attack are closed as soon as possible,” Munro said.

Source

Keywords