The following is the text of a news release from Pen Test Partners:
(BUCKINGHAM, United Kingdom) — Penetration testing experts Pen Test Partners have highlighted how hackers could sink a bulk carrier by manipulating the loading data of its hull stress monitoring systems (HSMS) to deliberately cause an imbalance of cargo on the vessel without the crew being aware.
The consequences could be catastrophic with the vessel being put under intense strain leading to it breaking up and sinking.
“The reason it is feasible is that when HSMS were first developed, there was no concept of a vessel being connected to the Internet, allowing it to be accessed remotely. Therefore, many HSMS are just PCs connected to the ships’ network,” said senior partner Ken Munro.
“A hacker could interrupt the loading data being fed to and from the monitoring system, having previously compromised the network either via the satcom unit or a phishing e-mail.”
“Once in control, hackers can manipulate the loading of cargo and turn off any stress monitoring alarms that would alert crew to any undue strain on the vessel,” he continued.
HSMS vendors and all ship control and reporting system manufacturers need to take security very seriously indeed, otherwise their own systems could be used against the ship.
A master puts his faith in the stress monitoring system to alert him to any load bearing issues so the last thing he expects is for it to mis-report and threaten the very fabric of his ship.
Pen Test Partners recommend that all ship managers and operators ask probing questions of their technology and control systems suppliers and demand that they prove beyond reasonable doubt that their systems are secure and will remain secure throughout their operational life span.