In a recent article published by Ethical Hackers Pen Test Partners, they touch upon the vulnerability of container ships’ load planning system. An attack to this system can have financial, environmental and even fatal results.
Ship security has a long way to go to catch up with the level of security expected in corporate networks. They are remote, difficult to update and often offline for long periods. IT hardware is often old and not well maintained, Pen Test Partners state.
As the shipping industry relies on speed and efficiency, an attack to the load planning system can cause serious problems,
“Only around one third of that cargo is on-deck, most is hidden in the holds, under massive hatch covers. To get a container out from the bottom of the hold could involve removing 50 containers from that hatch cover, removing the hatch cover, then taking a further 8 containers to access the bottom of a stack,” Pen Test Partners say.
An attack on the system will result in confusion regarding where each container is, thus it would take weeks to manually re-inventory the ship, causing serious cost loss.
Furthermore, load planning software places heavier containers on the bottom of container stacks in order to keep the centre of gravity (CoG) low and maintain stability. A good load plan will keep the ship in the position, by taking on ballast water, which can reduce the weight of the cargo carried.
There are cost savings from better load planning too: for a container ship to be as efficient as possible, it must not sit too high or low in the water, and must be in trim. This can be controlled by taking on ballast water, which again takes time and reduces the weight of cargo carried.
This is important as huge pumps move the ballast water from one side of the ship to another to ensure it doesn’t tip over.
A possible attack can disrupt the balance of the ship, causing damage to the ship.
Moreover, products that are kept in Refrigerated containers (reefers) can rot, if a reefer is not plugged in an electrical source.
A possible cyber attack can also cause environmental issues.
Ballast water may need to be offloaded on the journey from port to port as the balance of the ship changes. Load planning software helps calculate this, ensuring optimum ballasting.
A disruption in the load plan software can create an out of balance/overweight situation and force an emergency offloading of ballast water and significant environmental problems and associated fines.
Concluding, Pen Test Partners mention that a probable source of attack are the floppy discs and USBs which transfer the load plan.
If a computer does not have a floppy disc driver then the plan cannot be uploaded.
Namely, the USB can be easily hacked and manipulated, in order for a malware to enter the system.
Shipping industry must invest in cyber security, in order to prevent these kind of attacks, Pen Test Partners noted.
