UK-based Penetration testing experts Pen Test Partners said that there is possibility hackers to deliberately cause an imbalance of cargo without the crew being aware by manipulating the loading data of its hull stress monitoring systems (HSMS). This could cause the sinking of a bulk carrier, they said. Few weeks ago, the company had warned that hackers could also cause environmental damage by forcing emergency ballast water, as a result of bay plan manipulation.
As explained by senior partner Ken Munro, this could be feasible due to the fact that when HSMS were first developed, there was no concept of a vessel being connected to the internet, allowing it to be accessed remotely. Therefore, many HSMS are just PCs connected to the ships’ network.
“A hacker could interrupt the loading data being fed to and from the monitoring system, having previously compromised the network either via the satcom unit or a phishing e-mail.” Mr Munro said.
”Once in control, hackers can manipulate the loading of cargo and turn off any stress monitoring alarms that would alert crew to any undue strain on the vessel,” he continued.
HSMS vendors and all ship control and reporting system manufacturers need to take security very seriously, otherwise their own systems could be used against the ship, the company noted.
“A Master puts his faith in the stress monitoring system to alert him to any load bearing issues, so the last thing he expects is for it to mis-report and threaten the very fabric of his ship.”
