If the hacker has established remote access to the vessel (perhaps through satcoms, creating a back door through a phishing attack or a physical network implant) the next step might be to tamper with the GPS data stream on the vessel network.

An ‘ARP poisoning’ attack involves the hacker instructing the various systems on the network to send their data to via them. The hacker effectively inserts themselves in to the data stream in what is known as a ‘man in the middle’ attack. By adjusting the GPS position reports from the GPS receiver in the NMEA 0183 data stream, the systems can be fooled.

Unlike GPS jamming or spoofing attacks, where no position data or gross position errors are received, this type of hack is much more insidious: the change in position is gradual and far harder to detect.

There’s a reason that their security isn’t great – for many years OT networks were completely isolated from the internet and from corporate networks. The threat vector was primarily from physical attack, so they were kept behind lock and key in, for example, electricity substations and water pumping stations.

Utilities faced a barrage of OT hacking incidents as systems were accidentally (or thoughtlessly) connected to the internet in the 2000’s. This culminated in the Stuxnet incident in 2009 and 2010; an attack by nation states against the Iranian uranium enrichment programme that got out of hand. Lift systems in Germany were affected, production lines in the USA were compromised, all users of similar OT to the Iranians. Those familiar with the ‘notPetya’ incident at Maersk will note similarities here, though that was an IT attack, not OT.

You may also come across terms such as ICS (Industrial Control Systems) and SCADA (Supervisory Control and Data Acquisition) but generally we mean the serial data networks and devices that control machinery.

Chapter 1 of the Operators Course (Op) discussed how OT has become more IT and now there is a bridge between the two.  There were rumours that certain government organisations went `old school` to typewriters as it was the only way to guarantee security.

“The problem with a Typewriter, is that I can’t download the latest software patches to keep me safe from a Virus or Hacker…….”

Some questions may help provide a picture of vessel network segregation

“When was the last time a third party verified the segregation of the various networks on board”

“Which systems on the bridge have access to the OT network?”

“Does an OOW have access to bridge systems from anywhere other than the bridge?”

“Do any computers on the vessel business network have access to OT systems, e.g bay planning, ballast/trim, propulsion etc?”

“What steps have been put in place to ensure that the crew Wi-Fi network can only access the internet or other crew leisure systems?”

In addition to network segregation, another useful layer of protection is to ensure that key systems can only access the resources they need to.

For example, an internet browser on a computer on the vessel business network should not be able to access pornographic web sites.

All operators should have content filters in place to help ensure that crews do not (intentionally or accidentally) access web sites from business computers that may contain malware.

If content filters have been implemented by the operator, then the web site should be banned to users.