In this article, we explore the reasons why Navarino developed Angel, the first cyber security system for shipping, and how it became an essential component of the maritime cyber revolution.
The ‘Third Industrial Revolution’, also more commonly known as the Digital Revolution, is the shift from long-trusted mechanical and analogue technology into the untapped world of cyber. It is the ‘era of Information’, a time in which ships no longer exist as archaic structures of isolation, but instead as hubs for data and analytics; constantly communicating with their onshore offices. This move towards smart shipping is becoming ever-more apparent.
However, as shipping technology companies are finding more ways to optimize communication for vessels, the shipping industry is still lagging behind in one major area – security. The stereotype that shipping remains a static industry is somewhat true, and this inability to push cyber security will, and already has, come at a cost.
Cybercrime revenues are reaching $1.5 trillion a year, according to estimates(MCGUIRE, 2018). Hosted on the Dark Web platform, cyber criminals have more than enough motive to reap havoc on an easy target such as maritime. In 2013, drug traffickers were using hackers to smuggle abundances of cocaine into major European shipping ports through changing data on computer systems (Freeman, 2013). In 2017, the world’s largest container carrying company, Maersk, was hit affecting 79 ports in 59 countries, costing them $300 million in revenue.Also in 2017, Svitzer revealed they had suffered a significant data breach which went unnoticed for 10 months and gave away access to the personal information of 400 employees (Safety4Sea, 18). In 2018, COSCO, even though it had taken steps to minimize security risks, were still attacked by a ransomware, halting its US port operations.
This short list of attacks is just an anecdotal account of a much larger list, one that will continue to grow if action isn’t taken.
These attacks aren’t just about taking information or gaining money either, they could be the start of something much more terrifying. Navigation and propulsion systems have the potential to be hacked, and vessels could easily be swayed off-course either through tricking crew with false sensor readings, or taking control of the systems directly. The opportunities for criminals are endless when it comes to cyber, and the question remains whether maritime is ready to prevent this.
Until recently, official maritime organizations hadn’t really taken into account the potentially disastrous global effects a hack on a vessel could have, and talks on cyber security remained minimal. In 2014 the IMO considered what the guidelines for cyber security should look like. In 2017, this guideline was issued at the ninety-sixth conference. It provides a broad and general view of what the risks could be, and what we could do to prevent and deter, but the truth is, they don’t really know what could happen, and no one does. Cyber integration into maritime is new, and the risks are unknown, and little exists to truly help.
This is changing, however, and maritime technology companies are beginning to invest in such systems; systems which are specific to the needs of maritime – that can be fully managed, are monitored 24/7, have complete oversight, and send continuously updated reports. Even though these cyber threats will evolve and swell, such systems can identify them and evolve with them. Therefore, it is no longer a question of whether maritime is ready to face these threats, but rather if they are willing to invest in such systems to face them. We, as an industry, are integrating new technologies into maritime everyday; where there is cyber technology, there must be security.
Angel is the first fully-managed cyber security system for shipping; its 24/7 monitoring and virtualized structure has become necessary to preventing this list of attacks growing any further. The intelligent system was designed with a network trap to lure out and identify malicious activity within the vessel, evolving parallel to the criminal malware.