How Easily Can a Ship’s ECDIS be Hacked?
What if the worst that could happen, happened? A security company named Naval Dome recently answered this question by showing a worst-case security threat situation with several cyber infiltration tests. The tests were conducted on systems used on a variety or large ships including container ships, super yachts, and tankers.
The results of the test? Not good. Overwhelmingly, the tests showed how easily hackers could infiltrate a ship’s system. During the tests, which were conducted with cooperation from the owners of the ships, Naval Dome was able to disable machinery, fool the radar display, shift the recorded position of a ship and other acts that could be dangerous if done by the wrong hands.
According to Naval Dome’s CTO, Asaf Shefi, one hack was accomplished with little more than an email to the captain’s computer. With this maneuver, Naval Dome was able to make the system’s display look normal while the ship was in danger of running aground.
This was possible because the Captain’s computer uses satellite to connect to the internet. Naval Dome’s virus file was connected to the Electronic Chart Display and Information System (ECDIS) when charts were updated through the satellite connection.
For the next attack, the radar was attacked. By going through the local Ethernet Switch Interface, they were able to get to the ECDIS, Voyage Data Recorder, and the Bridge Alert System. Another attack was accomplished with a compromised USB stick and resulted in tampering with the Machinery Control System.
What’s more, is that while this shows that it’s easy for a ship’s system to contract a virus. Shefi also said that an attack can come through from manufacturers of vessels because they can also be targeted.
While the maritime industry is not known for implementing new technology quickly, this is something that must be looked at now. As more of the systems on a ship are run through an internet connection and autonomous ships loom closer, these security flaws remain a constant vulnerability.