1300 186 629

sales@tomax.com.au

Cyber Attack Alert for Ships
Following this week's cyber attack on Maersk, ships are becoming more vulnerable to cyber attacks as automation becomes increasingly popular within the industry. Cyber security expert Gerd Berner, who is carrying out PhD research on cyber security in maritime computer systems at the University of Tasmania, advised an attack on a ship-based computer system was a growing concern. “In years gone by, ships had low vulnerability because they used special purpose computer systems,” he said. “In the 90s they were in custom-built boxes, no hard disks, and they weren’t connected to a network.”

But now, on-board systems such as ECDIS and AIS are running on what Mr Berner said were basically “ruggedised” consumer systems, built to withstand conditions at sea, but running the same operating systems as shore-based computers, such as Windows. When a malware attack occurs, it usually takes advantage of a bug in the operating software, such as Windows. Software companies regularly issue patches for these bugs, or updates for the systems, which helps provide protection.

However, Mr Berner said as ships become more connected, they are becoming more vulnerable, as on-board systems are less likely to be monitored and updated regularly. “If a shore-based system goes offline, it obviously costs people money and inconvenience, etc.,” he said. “But if a ship-based system goes down, you’re dropping back into manual mode, which could have an impact on safety and the workload of the crew – it could be quite significant.”

He continued, pointing out as levels of automation increase and crew numbers decrease, issues of cyber security on ships are becoming more urgent. “It’s important to learn the lessons now on cyber security on ships so we have that knowledge as we move forward into those arenas,” Mr Berner said. “At least now there’s a reasonable number of people on these ships so there is the opportunity to step back into manual mode.”