It has been reported in the BBC that the UK’s former First Sea Lord, Lord West of Spithead, is concerned about the security of the UK’s naval and merchant ships, saying their navigation systems can easily be hacked through spoofing and jamming.
There is currently no system in place to achieve communication if satellites collapse or are infiltrated and Lord West of Spithead, who was the UK's first cyber-security minister under Prime Minister Gordon Brown, is convinced the government needs to act to protect the British fleet.
Nikos Mantas, Incident Response Expert, Obrela Security Industries reacts:
“The risks posed to warships and the commercial maritime industry from cyber attacks is very concerning. Obrela has witnessed a 33 percent increase in cyber attacks on ships in Q2 2021 compared to Q2 2020, so it is definitely an area of interest to attackers.
Modern ships use integrated computing units to assist the commander with the navigation, location and management of onboard cargo. IT equipment fuses with OT (Operational Technology) to make decisions more easily and guarantee the safety of all passengers and crew onboard. Modern vessel engineering utilizes components found in manufacturing units, making ships more akin to floating factories.
Although the steering of the vessel still relies mainly on actions performed by the crew, most functions from the engine-room are performed by cyber-physical systems. The malfunction of such components can lead to life-endangering situations, especially since the protocols used for communication and vessel location are obsolete and can be bypassed (even spoofed) by an attacker. Such systems are often left with default settings and credentials from their building process, becoming a lucrative target even for amateur attackers.
It will take a great deal of initiative by the International Maritime Organization and engaged stakeholders to re-assess not only vessel-to-shore communication protocols, but also guarantee that cyber-physical component suppliers and maintenance technicians meet standards for cybersecurity."