Maritime Cyber Security - Hacking on the High Seas

Modern sea going vessels are a complex blend of technologies from across the engineering disciplines. Vessels rely upon a variety of computerised systems to assist in navigation, stability, cargo management, monitoring and control of machinery - many of which are depended upon for safe operation. Ship to shore communications also plays an increasing role, both for business purposes and to allow the crew to maintain social connectedness with friends and family. While there are many benefits to increased connectedness, each communication channel provides a potential vector for a malicious attacker. From a design perspective, changes in vessels equipment such as the transition from solid-state electronics to software-based systems running on general purpose computing platforms (e.g. Microsoft Windows and Linux), have resulted in the unintended consequence of increasing the vulnerability of shipboard systems to malware infection. From an operational perspective, while officers and crew are trained to operate the technologies found on modern vessels, there is little training focus on the cyber security skills that would be needed to launch a timely and effective response to a cyber attack. This paper will investigate cyber strategies developed to protect shore based critical infrastructure and their applicability to the maritime industry. The discussion will identify the unique challenges faced by designers, builders and operators in building and operating a cyber-safe vessel.