The Maritime Industry’s Move to Automation: Will This Make It a Hacker’s Playland?
“Autonomous shipping is the future of the maritime industry. As disruptive as the smartphone, the smart ship will revolutionise the landscape of ship design and operations”- Mikael Mäkinen, President, Marine, Rolls-Royce
Maritime transport (and its associated technology) has a far-reaching, global influence that impacts most of the world’s citizens and businesses. According the United Nations Conference on Trade and Development, “Maritime transport is the backbone of international trade and the global economy. Around 80% of the global trade by volume and 70% of global trade by value are carried by sea and are handled by ports worldwide.” This staggering volume of goods is increasingly controlled by technology, including how cargo is transferred from ship-to-shore and shore-to-ship, and ultimately across oceans, seas, and inland lakes and rivers. While this technology has improved time and efficiency, leading to faster, more effective communications and safe transport, it has also rendered the industry a target to hackers, which, in turn, is a threat to our global economy.
Today’s maritime transport companies have moved their technologies beyond simple tracking and are now embracing automation in their day-to-day operations. Many aspects of the transport process can be automated; automated rubber tire gantry cranes, container cranes, trucks, and sensors are increasingly common in foreign terminals. It’s not unreasonable to expect that in the near future automation may encompass the entire maritime industry. Looming on the horizon are autonomous ships that could be soon traversing our waterways. These computer commanded ships could be a hacker’s delight.
In 2017 NotPetya, a malware-type software, attacked organizations around the world and caused an estimated $10 billion dollars of damage. Among them was Maersk, one of the largest shipping companies in the world. Maersk’s main headquarters in Denmark was at the center of this attack, and it spread throughout the company to the largest container terminal in the world. This Maersk terminal, located in Rotterdam, Netherlands, is nearly entirely automated. With NotPetya’s attack, the terminal’s operations came to an abrupt halt, completely stopping the transfer of containers (some of which were suspended in midair around the terminal!). The attack crippled Maersk ships and cargo was delayed, some for days.
Maersk wasn’t alone in its suffering. Other terminals around the world, such as Port Elizabeth in Newark, New Jersey, also came under fire and all computers were necessarily shut down. Truck drivers trying to get containers into the terminal could not move into or out of the port because all the automated scanners were shut down. Fortunately for Port Elizabeth as least, it had not yet moved to full container transfer automation within the terminal, which allowed cargo to move freely.
To date, NotPetya remains the largest global cyber attack and its resulting chaos illustrates the risk to the maritime industry and potential impact on trade and the economy. Following the attack, Maersk ordered teams of IT staffers to find and retrieve their lost data then restart their domain controller. After many failed attempts, it was by a stroke of luck that Maersk was eventually able to recover their domain from a computer in Ghana. That sole computer had been rendered offline at the time of the attack due to a power outage. It took days for Maersk's servers to come back online. In the meantime, the company had to resort to a manual means of transferring containers in order to continue moving cargo. It was later discovered that Maersk was still using Windows 2000 up until the attack. Microsoft did not support that outdated software in 2017, leaving the company’s system vulnerable.
The industry has already taken a next step in automation: fully autonomous ships. These ships are currently being tested in places like Norway, the United Kingdom, and Japan with a potential impact on thousands of future commercial vessels. Imagine the risk for catastrophic financial and civil loses should these multimillion-dollar ships be exposed to cyber attacks! Beyond the loss of goods is the mind boggling potential loss of life should an attack be directed towards ships or terminals transporting hazardous cargo. It is yet unclear if the autonomous ships currently being developed will be entirely self-sustaining, or if they will employ some sort of skeleton crew that could act as a fail safe, preventing a catastrophic outfall from a cyber attack.
From a business perspective autonomous ships make sense as they reduce the overall cost of operations. However, considering what is transported over the world’s oceans, it would not only be detrimental to the company that is hacked, but also to any local populations that would have to deal with the fallout of a maritime disaster in their area. Take, for example, LNG and chemical tankers carrying extremely hazardous cargo that must be kept at certain temperatures in very controlled environments. This LNG cargo must be maintained at -260 degrees Fahrenheit, in order to keep the fuel in a liquid, stable state. If such a ship were autonomous and hacked, the hacker would effectively have a floating weapon that they could use to inflict severe damage on a local port or foreign country.
After the NotPetya attack in 2017, many maritime companies began to reevaluate their cyber security programs with a goal of mitigating the risk and threat of a cyber-attack on their assets and company. This is not enough as the risk is not necessarily limited to company profits. As technology becomes more and more ensconced within ships and ports, the maritime industry, along with the U.S. Coast Guard, and other nation’s maritime security forces, must develop and implement new ways to enforce and detect threats of cyber attacks. With automation and computer technology becoming more prevalent in the maritime industry, cyber security will need to be addressed and systems heavily fortified to prevent future financial falls and, potentially, much greater losses.
While the maritime industry has entered an exciting new phase of technological advances, it has also opened the doors for new threats in the cyber realm. Unfortunately, with new innovations and technologies come new vulnerabilities and those in charge need to plan for these risks. Hacking is a very real threat which the maritime industry must face head on before a catastrophic event happens. Precautions must be taken to ensure sensitive company information, information on cargo, and the safety of maritime assets, are kept safe from those who wish to do harm.