12/15/2015 / By usafeaturesmedia
(Cyberwar.news) Large ships at sea larger than 150 gross tons are required by some governments to be equipped with a voyage data recorder (VDR), which is the maritime equivalent of the “black box” that is required aboard airliners. Like the airline version, the VDR collects a vast amount of information.
However, cybersecurity analysts have recently discovered that the devices are not hack-proof, finding that the wealth of data they collect can be stolen or wiped out, ARSTechnica reports.
At present the U.S. Coast Guard is working on policies aimed at defending against such “transportation security incidents” caused by cyber attacks against shipping. They will include guidance to ship operators about how to secure their systems as well as review of existing shipboard systems that will include VDRs.
Analysts say that is a huge undertaking, given the number of cargo and passenger vessels around the world – 80,000. Also, as The New York Times reported in its “Outlaw Ocean” series, there are lots of reasons why some ship operators don’t want VDRs to be secure – including covering up environmental issues, various incidents at sea with other vessels, and even murder.
ARSTechnica reported further:
IOActive researchers looked specifically at the Furuno VR-3000, a VDR that was involved in a case in 2012 where data for a period during which Italian marines aboard a freighter fired upon an Indian fishing vessel “mysteriously” corrupted before investigators could access it. The marines, who were embarked aboard the freighter Enrica Lexie, claimed that they were in international waters and believed the fishermen to be pirates. The data that could have proven their location, along with communications data, was lost.
… In another incident with a different, Windows XP-based VDR in 2012, data was corrupted when a crewmember on a Singapore-flagged ship inserted a USB drive into a port on the VDR—causing it to be infected with malware and for voice and navigation data to be overwritten. (No, that wasn’t a typo: it was a Windows XP-based black box.)
In April 2014, Reuters reported on the seaborne hacking threat as well, noting then that the “next hacker playground” would be oil tankers and container vessels that “move 90 percent of goods” around the globe.
Reuters noted further:
Hackers recently shut down a floating oil rig by tilting it, while another rig was so riddled with computer malware that it took 19 days to make it seaworthy again; Somali pirates help choose their targets by viewing navigational data online, prompting ships to either turn off their navigational devices, or fake the data so it looks like they’re somewhere else; and hackers infiltrated computers connected to the Belgian port of Antwerp, located specific containers, made off with their smuggled drugs and deleted the records.
Cyber analysts estimate that, by 2018, hacks against oil and gas infrastructure globally will cost $1.9 billion.
See also:
Tagged Under: