Research
July 25

Ship Happens. Plugging the Leaks in Your Maritime Cyber Defenses

The joys of discussing crewless ships and their cybersecurity woes! This document delves into the world of Maritime Autonomous Surface Ships (MASS), where the absence of a crew doesn’t mean a lack of nightmares of cybersecurity, or legal tangles, and regulatory hurdles.

The maritime industry lags a whopping 20 years behind other sectors in cybersecurity. Cyber penetration tests have shown that hacking into ship systems like the Electronic Chart Display and Information System (ECDIS) is as easy as pie—a rather unsettling thought when those systems control steering and ballast.

As for the stakeholders, from ship manufacturers to insurers, everyone’s got a stake in this game. They’re all keen to steer the development and implementation of MASS, hopefully without hitting too many icebergs along the way but lot of money.

This document issues it addresses are grounded in reality. The integration of MASS into the global shipping industry is not just about technological advancement but securing that technology from threats that could sink it faster than a torpedo. The seriousness of ensuring safety, security, and compliance with international standards cannot be overstated, making this analysis a crucial navigational tool for anyone involved in the future of maritime operations.

-------------------------

This document offers a comprehensive analysis of the challenges associated with crewless ships, specifically addressing issues related to cybersecurity, technology, law, and regulation of Maritime Autonomous Surface Ships (MASS). The analysis delves into various critical aspects of MASS, including the technological advancements, legal and regulatory challenges, and cybersecurity implications associated with these uncrewed vessels, such as exploration of the current state and future prospects of MASS technology, emphasizing its potential to revolutionize the maritime industry, the unique cybersecurity risks posed by autonomous ships and the strategies being implemented to mitigate these risks.

The analysis highlights the intersection of maritime technology with regulatory and security concerns. It is particularly useful for security professionals, maritime industry stakeholders, policymakers, and academics. By understanding the implications of MASS deployment, these professionals can better navigate the complexities of integrating advanced autonomous technologies into the global shipping industry, ensuring safety, security, and compliance with international laws and standards.

The transformative potential of MASS is driven by advancements in big data, machine learning, and artificial intelligence. These technologies are set to revolutionize the $14 trillion shipping industry, traditionally reliant on human crews.

📌 Cybersecurity Lag in Maritime Industry: the maritime industry is significantly behind other sectors in terms of cybersecurity, approximately by 20 years. This lag presents unique vulnerabilities and challenges that are only beginning to be fully understood.

📌 Vulnerabilities in Ship Systems: cybersecurity vulnerabilities in maritime systems are highlighted by the ease with which critical systems can be accessed and manipulated. For example, cyber penetration tests have demonstrated the simplicity of hacking into ship systems like the Electronic Chart Display and Information System (ECDIS), radar displays, and critical operational systems such as steering and ballast.

📌 Challenges with Conventional Ships: in conventional ships, the cybersecurity risks are exacerbated by the use of outdated computer systems, often a decade old, and vulnerable satellite communication system. These vulnerabilities make ships susceptible to cyber-attacks that can compromise critical information and systems within minutes.

📌 Increased Risks with Uncrewed Ships: the transition to uncrewed, autonomous ships introduces a new layer of complexity to cybersecurity. Every system and operation on these ships depends on interconnected digital technologies, making them prime targets for cyber-attacks including monitoring, communication, and navigation, relies on digital connectivity.

📌 Need for Built-in Cybersecurity: the necessity of incorporating cybersecurity measures right from the design phase of maritime autonomous surface ships is crucial to ensure that these vessels are equipped to handle potential cyber threats and to safeguard their operational integrity.

📌 Regulatory and Policy Recommendations: It is suggested that policymakers and regulators need to be well-versed with technological capabilities to shape effective cybersecurity policies and regulations for maritime operations, UK’s Marine Guidance Note (MGN) 669 as an example of regulatory efforts to address cybersecurity in maritime operations.

📌 Stakeholder Interest: ship manufacturers, operators, insurers, and regulators, all of whom are keen to influence the development and implementation of MASS

The International Maritime Organization (IMO) has developed a four-point taxonomy to categorize Maritime Autonomous Surface Ships (MASS) based on the level of autonomy and human involvement:

📌 Degree 1: Ships with automated systems where humans are on board to operate and control.

📌 Degree 2: Remotely controlled ships with seafarers on board.

📌 Degree 3: Remotely controlled ships without seafarers on board.

📌 Degree 4: Fully autonomous ships that can operate without human intervention, either on board or remotely

📌Variety in MASS Design and Operation: The taxonomy underscores the diversity in design and operational capabilities of MASS, ranging from partially automated systems to fully autonomous operations. This diversity necessitates a nuanced approach to regulation and oversight.

📌Terminology Clarification: To avoid confusion due to the interchangeable use of terms like «remotely controlled» and «autonomous,» the term MASS is adopted as an overarching term for all categories within the taxonomy. Specific terms are used when referring to particular categories of vessels.

📌Diverse Applications and Sizes: MASS are not limited to a single type or size of vessel. They encompass a wide range of ships, from small, unmanned surface vehicles to large autonomous cargo ships. This diversity is reflected in their various applications, including commercial, civilian, law enforcement, and military uses.

📌Emergence and Integration of MASS: Autonomous ships are already emerging and being integrated into multiple sectors. This ongoing development necessitates a systematic and comprehensive analysis by policymakers, regulators, academia, and the public to ensure their safe, secure, and sustainable integration into international shipping.

unpacking with more detail (PDF)

Follow on TG & Boosty