Forget hacking a car – what does it take to hack an oil tanker?
By Steinar Låg, Principal Researcher Machine Transport; Petter Myrvang, Head of Security and Information Risk; and Anne Aune, Global Technical Trainee.
The internet is awash with scare stories about family cars being hackable. Luckily, it’s almost all scaremongering: the hacks that have taken place have been staged by researchers, searching for vulnerabilities as cars’ online connectivity increases.
Yet as the Internet of Things advances, and more and more systems like buildings, transportation, power grids and healthcare are connected, there is a growing, legitimate security concern. Unless manufacturers stay ahead of the game with super secure integrated systems, things will become hackable. This isn’t sci-fi: it has already been six years since the hacking of a nuclear plant in Iran.
Imagine the following newsflash: “An oil tanker has been hacked. Yesterday at 15:41, control systems of the SS Trojan Horse, which was leaving the Red Sea en route to Singapore, were compromised. Unknown cyber-criminals took control of the vessel’s navigation systems, leaving crew on-board helpless to steer. The SS Trojan Horse has been taken off course, and is now headed north east up the coast of Oman…”
This is fictional of course – for now. But what is the possibility of such an event making news headlines in the not-too-distant future?
Traditionally, once ships left port they have been isolated from communication with shore. That is no longer the case, as more ships and their equipment go online. This increasingly opens possibilities for monitoring, maintenance and navigation to be activated onshore, while the ship is on duty offshore. How do we ensure these control systems are accessible only to the right people?
So, what does it take to hack an oil tanker?
Petter Myrvang is head of Security and Information Risk Management at DNV GL. One particular fear ship owners have is that critical vessel functions, such as engine controls or navigation systems, could be targeted by cyber-attacks from shore.
Petter says while digitalization offers all industries many benefits, the reality is it also brings new risks which need to be monitored and controlled.
“Cyber-attack, such as hacking an oil tanker, is a scenario that is increasingly realistic as the shipping industry becomes more heavily dependent on cyber structures in all parts of their operations.” – Petter Myrvang, Head of Security and Information Risk
Having a clear overview of a ship’s entire system, as well as the criticality of all barriers, is the key to mitigating and controlling risks.
Why take ships online? What are the benefits of connectivity?
Remote maintenance, cutting out the high travel costs of service personnel, is a not-so-remote reality for the maritime industry. Picture the following scenario: Kevin is coordinating the maintenance of a ship in Kuala Lumpur. He monitors the condition of the ship from his office in Oslo. Smaller corrections can be done remotely by adjusting properties using his computer or his mobile phone. If larger manual actions need to be done, he guides a crew member on board the ship to perform the tasks while using a smart helmet with embedded sensors and communication capability.
DNV GL’s Technology Outlook 2025 was launched in Shanghai April 5th. The report forecasts the technology landscapes of the next decade. Maritime connectivity will have a dramatic effect on how the maritime industry manages information, with remote maintenance being one of the effects of this shift.
“Ship connectivity will enable a range of new opportunities for all players in the maritime community.” – Steinar Låg, Principal Researcher of Maritime Transport, DNV GL
A marine cyber-physical system comprises physical components that can be monitored, controlled, and optimised by smart sensors, advanced software and actuators (Technology Outlook 2025).
There are multiple benefits of maritime connectivity:
- The vessel is better integrated into the ship owner’s operations, for example through logistics applications, providing greater insight and improved operational efficiency.
- Crew and passengers can stay connected to home, lowering the barrier to embark on long sea voyages.
- Sensor-based condition monitoring schemes enable smarter and more proactive maintenance, resulting in cost savings and reduced downtime.
- Energy efficiency applications will optimise operational configuration of the vessel’s machinery and propulsion systems, reducing fuel consumption.
- Maritime safety and environmental compliance may be improved by automatic reporting of emissions and safety parameters.
- Remote control of different vessel functions, using shore-based data, resources and expertise.
Sensors and software will play an increasing role in all ship operations. As a consequence, it is critical that system integrators and third party assurance providers work together to make sure sensors and software are reliable enough for safe shipping operations.
Harnessing cyber security to maximize the benefits of digitalization
In 2015, DNV GL performed a study of digital vulnerabilities in the maritime sector for the Norwegian authorities. A successful cyber-attack is a result of multiple barriers being damaged or surpassed. These barriers are not only technical, and heavily rely on the nature of operations, the leadership and organizational awareness and capabilities. To prevent cyberattacks, they must be continuously monitored and maintained. The analysis highlighted vulnerabilities and barriers that must be mitigated and controlled to enhance the cyber safety of maritime systems.
DNV GL aims to ensure safe implementation of cyber structures. Petter Myrvang emphasizes that by implementing good cyber security systems, risks that can arise out of digitalization are continuously spotted, controlled and monitored – essentially maximizing the benefits of digitalization.
So, SS Trojan Horse is safe for now, but won’t be for much longer if the threat of cyber security is not taken at least as seriously by all the industry’s stakeholders as the current threat of piracy.
Interested in discussing this topic further? Join our Technology and Innovation group on LinkedIn.