Friday, March 26, 2021

How To Use Maritime Cyber To Cripple Power Projection

Imagine you are a Chinese planner tasked with limiting US response to an impending campaign to seize Taiwan.  Blocking the Panama Canal, and capsizing roll-on-roll-off vessels in ports, to block our sea-lift capabilities would certainly be a good start.  Let's review the elements  involved in such an operation.  

First, an attacker would have to get access to port facilities and their EDIFACT systems.  This has already been done numerous times "in the wild".  A noteworthy example was the breach of the Port of Antwerp discovered in 2012.  Attackers used physical devices placed onsite, phishing emails, and other techniques to gain access to the port's C-Point Nxtport environment, and manipulate EDIFACT messages.

While the attack on Antwerp was focused smuggling contraband in cargo containers, the same access and capabilities could be used to sink vessels. Pen Test Partners, in the UK, explained how this was possible back in 2017.

Now we can move on to blocking those sea lanes like the DC Beltway at rush hour.  We had a glimpse of how this could happen this week when the Ever Given, a container ship from Taiwan's Evergreen line, appeared to navigate in circles then lodged itself sideways in the middle of the Suez Canal before shutting down engines.

Attacking the engines on a ship, to shut them down the way it happened in the Suez this week, was something my team demonstrated with Auto-Maskin controllers in 2018. I would also like to note that even after we notified authorities, and Auto-Maskin, little was done to address the security vulnerabilities, no effort was made to rush out a patched firmware update.  The family of engine control units continued to be used by major marine diesel OEMs, often rebranded, leaving end-users unaware of the danger in their supply chain and engine room. 

Now, let's talk navigation.  A lot of researchers have demonstrated attacks on various components of a ship's navigation systems that could have easily resulted in the "interesting" AIS tracks that preceded the wreck.  One of them is my colleague Gary Kessler, who gave a talk about it at DEF CON last year.  He described how an attacker could subvert systems like AIS and ECDIS, and even cause coastal navigation lanes and related buoys to appear to "move", leading to disaster.  A number of  maritime incidents over recent years could be examples of such attacks "in the wild", but I'll decline making an assessment without more evidence.

So, as it relates to what happened in the Suez this week, what do I think about the chances the attack was the work of a sophisticated, cyber threat actor?  Well, I'm not saying it was aliens. But...


Ancient Aliens TV Show


 

 

1 comment:

  1. Madhya Pradesh Board 12th Model Paper 2022 Pdf Download Bhopal Board HSSC Question Paper 2022 with Answers for Arts, Science, Commerce, Hindi Medium, English Medium Model set for theoretical, objective, MCQ questions for general and vocational course. Madhya Pradesh 12th Model Paper 2022 For the academic year 2022, the Madhya Pradesh Board of Secondary and Higher Secondary Education has released the state model set or sample question paper for paper-1 and paper-2 theory, objective, and multiple choice questions for Hindi medium, English medium, and other medium government and private college students.

    ReplyDelete