🧵(1)The topic of bad actors being able to hack, navigate, and crash ships has been a subject of discussion in the travel and transportation industry for years. This is not new information to those of us in the transportation and cruise industry.

Here are a few examples:

"Modern container ships already face a number of serious perils at sea. Now new research from Pen Test Partners shows just how vulnerable these ships are to new dangers from hacking–including being steered off course and sunk–thanks to their use of always-on satellite communications and general lax security practices on board.

Pen Test Partners (PTP), a penetration testing and security services firm, demonstrated a number of methods for hacking into the satcom systems of ships, which can allow bad actors access to shipboard systems and wreak potential havoc for the vessels and the shipping industry.

PTP researchers applied expertise in IoT, automotive and SCADA hardware security to a Cobham (Thrane & Thrane) Fleet One satellite terminal and demonstrated various methods of intrusion this week at Infosecurity Europe, as well as published their findings online.

“Ship security is in its infancy–most of these types of issues were fixed years ago in mainstream IT systems,” PTP consultant Ken Munro wrote in a blog post outlining its finding. “The advent of always-on satellite connections has exposed shipping to hacking attacks. Vessel owners and operators need to address these issues quickly, or more shipping security incidents will occur.”

@charliekirk11 @glennbeck @ConceptualJames
securityledger.com/2018/06/contai…

(2)"In February 2017 hackers reportedly took control of the navigation systems of a German-owned 8,250 teu container vessel en route from Cyprus to Djibouti for 10 hours. “Suddenly the captain could not manoeuvre,” an industry source who did not wish to be identified told Fairplay sister title Safety At Sea (SAS). “The IT system of the vessel was completely hacked.”

There are three German shipowners that operate eight vessels between 8,200 and 8,300 teu, according to IHS Markit data, one of which confirmed knowledge of the attack to SAS but denied it was a vessel from their own company."

rntfnd.org/2017/11/25/hac…

(3)"A system used to track shipping vessels worldwide has been shown to be easily hijacked. Researchers found that it is possible to cause fake vessels to appear, real ones to disappear, and to issue false emergency alerts using cheap radio equipment."

technologyreview.com/2013/10/18/829…

(4)"In 2013, Professor Todd Humphries of the University of Texas made news by demonstrating how he could “takeover” navigation of a large yacht by co-opting its navigation system with false GPS signals. Even though the captain and crew knew what was going to happen, the vessel was out of sight of land and the changes in course were too subtle for them to detect.

In the most recent edition of the Institute of Navigation’s Journal “Navigation” Professor Humphries and a colleague explain over the course of 16 pages how it was done. From the paper’s abstract:

“An attacker’s ability to control a maritime surface vessel by broadcasting counterfeit civil Global Positioning System (GPS) signals is analyzed and demonstrated. The aim of this work is to explore civil maritime transportation’s vulnerability to deceptive GPS signals and to develop a detection technique that is compatible with sensors commonly available on modern ships. It is shown that despite access to a variety of high-quality navigation and surveillance sensors, modern maritime navigation depends crucially on satellite navigation and that a deception attack can be disguised as the effects of slowly-changing ocean currents …”

But bad actors need not be able to penetrate the complex formulas of this technical paper in order to pose a significant hazard to shipping. At the annual Defcon hackers’ convention in 2015 a Chinese technologist gave step by step instructions on how to build a GPS spoofing device and was selling kits for $300.

Maritime executives and security professionals should take note."

maritime-executive.com/editorials/how…

(5) And from the cruise industry:

"Operational safety

Cruise ships are complex systems with numerous interconnected systems, including navigation, propulsion, and communication systems. A cyber attack can disrupt or disable these systems, potentially causing significant safety hazards, including the loss of control of the vessel or collision with other ships or obstacles."

.port-it.nl/cybersecurity-…

(6)I have been involved in the travel and transportation industry for over 20 years. During the years of 2013-2017, there were frequent discussions about the hackability of ships. However, as time went on, our meetings shifted towards topics such as sustainability, diversity equity and inclusion, and ESG related issues. Surprisingly, it appeared that no one was truly interested in resolving the issues at hand.

In mid-2020, the conversations about a "hack attack" resumed in full force. Talks regarding a complete revamp of our ships and systems became more prevalent. The direction of these discussions began to focus on the replacement of entire fleets of ships, driven by both cybersecurity concerns and sustainability goals.

Industry insiders are well aware that numerous ships can be taken offline, hacked, and exploited to cause distribution disruptions or even more severe consequences.