Cookies help us deliver the best experience on our website. By using our website, you agree to our use of cookies Dismiss

Suppliers not providing equipment with sufficient security, says Naval Dome CEO

“Most companies are operating critical systems that are protected, at best, by only the most basic security solution,” says Naval Dome’s Itai Sela “Most companies are operating critical systems that are protected, at best, by only the most basic security solution,” says Naval Dome’s Itai Sela

As the global shipping industry learns that the UK-flagged Stena Impero seized by Iranian forces in July was 'spoofed' and begins to accept the extent to which vessels unprepared for a cyber event can be affected, Itai Sela, CEO of cybersecurity pioneer Naval Dome, says that original equipment manufacturers are not doing enough to provide end users with the level of protection required to secure critical systems.

{mprestriction ids="1,2"} Speaking to delegates attending a conference today organised by the Maritime and Port Authority of Singapore (MPA), Mr Sela said: “There is no high-level cybersecurity on operational systems aboard ships, on offshore oil and gas platforms, or ports and terminals. Few OEMs and system providers are supplying equipment with level 4 security, resulting in end-users being unable to get a true picture of the integrity of their critical systems. It’s like driving with your eyes closed.”

Going on to explain that increasing reliance on connected systems and IoT technologies is leaving infrastructure vulnerable, he told attendees at Singapore’s annual International Safety@Sea Week that investing in equipment without the highest level of protection could result in financial loss, damage to assets, the environment, even loss of life.

“Today, the world is more interconnected than ever before and while this has considerable advantages, we become less secure, more vulnerable, with cyber events happening on a daily basis.

“So what do we do? Wait until January 2021 when IMO cybersecurity rules enter into force? The cyber hacker won’t wait until you have proper protection in place, so why should you?”

He explained that over the past decade, cybersecurity has not kept pace with the rapid development of autonomous, connected IoT-based systems that are now becoming commonplace across the sectors.

“We have visited companies operating across the industry – shipping companies, cruise lines, oil and gas contractors, ports and terminals – and what we find is alarming. Typically, most companies are operating critical systems that are protected, at best, by only the most basic security solution.”

According to DNV GL type approval criteria and IEC 62443 standards security Level (SL) 1, the most basic, provides protection against casual or coincidental violation. SL2 to SL4 cover increasing protection levels against intentional violation, depending on sophistication of means, and the likely level of resources, motivation and skills of potential offenders. SL4 protects against the highly motivated, highly sophisticated attack.

“The obvious thing to do,” said Mr Sela, “is to ask your system provider what level of cybersecurity each of their systems are provided with and, if not SL4, request they upgrade or replace them.”

Commenting on the rise in the number of GPS spoofing and jamming incidents, Mr Sela told shipping and port executives that Naval Dome analysts have noted an increase in the Persian Gulf, The Black Sea and SE Asia.

Spoofing, when the satellite signal is changed and manipulated once it has been received by a global positioning system (GPS), shifts the phase of the signal to present spurious positional data and information, placing the asset in a different position to that in which it is in reality. 

“Spoofing is more common as it is more sophisticated, more effective – but we know jamming is taking place in Syria and Lebanon,” he said. “Most spoofing is carried out by States, although in SE Asia and the Red Sea, pirates are using rudimentary spoofing systems bought on the internet to direct ships to danger areas.”

While there are some companies that claim to offer solutions that can prevent spoofing and jamming, a process that saturates the GPS so that no satellite signal or data can be received, Mr Sela said that these systems are either inordinately expensive or cheap and ineffective.

“We recommend that all critical systems have in place a cyber defence system capable of anomaly detection, which will alert operators to odd jumps/drifts in position based on previous and current positions, planned route and ship speed. This will provide an indication that the GPS may be compromised. 

“Once alerted to an anomalous event, crews need to cross check position with speed and other sensors, the Gyro compass, etc. AIS can also be used to detect other vessels in the area. However, if other vessel positions have jumped, then this can also indicate a problem with their GPS.”

Mr Sela went on to reveal that Naval Dome is seeing an increase in the number of spoofing incidents at ports, especially those where container handling equipment, such as ship-to-shore cranes, reach stackers and straddle carriers, relies on GPS to move and transfer containers to specific locations.

“Typically, positional data is dependent on signals from three or more satellites, but if just one is compromised, then it will give a false reading. Any interference to the GPS signal is likely to result in significant port congestion.” {/mprestriction}

Related items

  • Metrostar Management rolls out CyberOwl software

    CyberOwl has agreed a contract to provide its shipping cybersecurity technology to secure the Metrostar Management Corporation fleet. 

  • KR issues first cybersecurity class notation to HHI for very large LPG carriers

    The Korean Register has presented Hyundai Heavy Industries (HHI) with the world’s first Cybersecurity (CS Ready) class notation for a very large liquefied petroleum gas (LPG) carrier.

  • A giant leap forward for maritime IoT

    Author: Andrew Loretta, director, maritime business development for ORBCOMM.

    We are proud to be a part of the recently announced partnership with AAC Clyde Space AB and SAAB AB that is ushering in a new era in maritime communications through the development of the next generation of a space-based very high frequency (VHF) Data Exchange System (VDES). As the maritime industry embraces digitalisation, we expect a greater emphasis on secure data exchange and ship to shore communication—and we look forward to facilitating this shift in operations through our technology in conjunction with our partners.

    As long-term providers of automatic identification system (AIS) solutions and a touchpoint for space-based maritime data, we at ORBCOMM relish the opportunity to demonstrate the benefits that the significantly increased bandwidth that VDES will offer not just our maritime customers but the supply chain as a whole.

    With up to 32 times more bandwidth than currently offered by AIS and two-way communication, the ground-breaking new system is the next natural step for satellite technology and will allow users to completely rethink the way they manage their fleets. VDES bridges the gap between ship and shore in a way that the industry has been crying out for.

    One of the changes we are most excited about is how innovators now have an open playing field to craft interesting technical solutions specifically for the maritime world without having to scale back their imaginations to match the limited accessibility. The sky is literally the limit once these new satellites come into play and we are keen to work with newcomers and support existing companies with bringing their visions to life so that they can propel this industry forward.

    We have already seen how our AIS data is used not just for real-time vessel and asset tracking, but also as a base line from which interesting insights can be drawn about the global fleet. A good example is a recent article by maritime expert and Navigate PR director Bill Lines, who used our partner Marine Traffic’s data in conjunction with information from the Baltic Exchange to create a snapshot of tanker operating expenses.  

    We already know that VDES can be integrated with existing vessel systems and we are keen to see how ship operators, managers and equipment manufacturers will use this data highways to improve navigation, boost safety, enforce regulations, reduce emissions via fuel consumption, and improve on-board decision making by delivering data-driven insight.

    Work on the project begins next month when AAC Clyde Space will begin manufacturing the satellite that will boast a VDES payload from Saab. We expect to complete the in-orbit VDES capability demonstration of the first EPIC 3U satellite in the first quarter 2023 and are happy to say that ORBCOMM customers can expect to receive AIS data from the new satellite and so will benefit from the project as it comes on line.

    As a larger constellation of VDES satellites is contemplated, we look forward to being the conduit for better-quality data in larger quantities. Our considerable IoT experience puts us in a prime position to reap the benefits of the technology as it evolves, and we are excited to work with our partners and guide them on the best path to maximize the benefits of using VDES technology.

    To learn more about the project, we encourage you to watch this video, which features Greg Flessate, ORBCOMM senior vice president and general manager for Government, AIS and Business Operations, as well as AAC Clyde Space chief executive officer Luis Gomes and Saab’s Christer Fuglesang being interviewed by Rachel Carroll, president and managing partner at Edison.

  • BV completes trial of remote surveys

    Bureau Veritas (BV) in Singapore, in collaboration with Nokia and Sembcorp Marine, has successfully completed remote surveys during the COVID-19 pandemic that pave the way for establishing a new class procedure for the remote inspection of vessels under construction.

  • Gizat rolls out air purification solution to maritime market

    Gizat Global Communication has signed an agreement with Aura Air to bring an innovative smart air purity solution to the maritime market in a bid to tackle pollution and the spread of bacteria onboard ships. The solution has proven a 99.9 per cent effectiveness against COVID -19.

Joomla SEF URLs by Artio

Login/Register

Register or Login to view even more of our content. Basic registration is free.

Register now

Digital Ship magazine provides the latest information about maritime satellite communications technology, software systems, navigation technology, computer networks, data management and TMSA. It is published ten times a year.

 

Address:
Digital Ship Ltd
Digital Ship - Digital Energy Journal
39-41 North Road
London
N7 9DP
United Kingdom

Copyright © 2020 Digital Ship Ltd. All rights reserved           Cookie Policy         Privacy Policy