Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
43 Winter 2014 – 2015 Proceedings www.uscg.mil/proceedings for cyber vulnerabilities and consequences have naturally increased. Additionally, vessels themselves are also susceptible to cyber attacks. Navigation systems present a potential vul- nerability. For example, researchers from the University of Texas recently demonstrated that a global positioning sys- tem (GPS) receiver could be duped by broadcasting coun- terfeit GPS signals (GPS spoofng) to present a set of false coordinates. 4 Since modes, such as autopilot are reliant on GPS to guide the ship, this could result in devastating con- sequences. The Automatic Identifcation System (AIS) is another poten- tial source of vulnerability. A security software company found that AIS communications can be hijacked to create fake vessels and trigger false SOS or collision alerts. Other paper in July 2013 documenting extensive research into gaps in critical infrastructure cybersecurity of U.S. ports, which revealed that the level of cybersecurity awareness and cul- ture were relatively low among U.S. ports. 3 Although very few large-scale cyber attacks occur in the U.S., especially on maritime critical infrastructure, this is still important. Information gained from studying the large-scale cyber attacks of the past proves valuable to better understand some of the vulnerabilities and consequences to help calculate and reduce risk for today's operations. All of these case studies can be applied to the maritime critical infrastructure, since today's marine terminal opera- tions are moving more cargo faster, with fewer people and more automation. With port operations relying less on long- shoremen and more on automated systems, the opportunity Hack Attacks Rig Tilt Reuters reported that hackers were able to shut down a foating oil rig by tilting it. In a separate attack, a rig en route from South Korea to Brazil was so riddled with malware that its systems were brought to a standstill. It took 19 days of trouble- shooting and repairs to make it seaworthy again. 1 Aurora On September 26, 2007, through an experiment dubbed "Aurora," researchers attempted to prove that a cyber attack could have kinetic efects. The experiment involved controlled hacking into a replica of a power plant's control system. Researchers repor tedly changed the generator's operating cycle, sending it out of control and destroying it. The intent was to assess vulnerabilities in the power grid that could cause physical damage to develop efective defenses. 2 Stuxnet In 2009 and 2010, the computer worm "Stuxnet," designed to attack program- mable logic controllers (PLCs) in indus- trial control systems, destroyed nearly one-ffth of Iran's nuclear centrifuges at the uranium enrichment facility at Natanz. Stuxnet reportedly compromised Iranian PLCs and forced the centrifuge's rotor to change speeds, inducing excessive stress and vibrations that destroyed the machines. 3 Antwerp Attack A cyber attack closely related to everyday U.S. container port operations took place in the port of Antwerp, Belgium, during a two-year period beginning in June 2011. A Dutch-based trafficking group hid cocaine and heroin among legitimate containerized cargo on ships originating in South America, then hired sophisticated hackers to infltrate computer networks. The breach allowed the hackers to access secure data, giving them the location and security details of the drug-laden containers. This allowed the trafckers to send drivers to steal the containers before the legitimate owners arrived. The operation to hack the port companies reportedly happened in multiple phases, starting with malicious software being emailed to staf members, allowing the trafckers to remotely monitor company data. That initial breach was discov- ered and a frewall installed, after which hackers broke into the facility and ftted key-logging devices into computers, which allowed them to gain wireless keystrokes and screenshots of staf work- stations. 4 The Shamoon Virus On August 15, 2012, a cyber attack on the company Saudi Aramco infected 30,000 of its workstations with the self-replicating Shamoon Virus. Despite the company's vast resources, it took two weeks to recover from the attack. While this attack did not result in an oil spill, explosion, or major operation shutdown, the attack afected business processes and drilling and production data were likely lost. 5 Endnotes: 1. W a g s t a f f , J . ( 2 014 ) . A l l a t S e a : G l o b a l S h i p p i n g Fl e e t E x p o s e d t o H a c k i n g T h r e a t . R e u t e r s . Av a i l a b l e a t w w w. r e u t e r s . c o m / ar ticle/2014/04/23/us- c ybersecurit y-shipping- idUSBREA3M20820140423. 2. Meserve, J. (2007). Sources: Staged Cyber Attack Reveals Vulnerability in Power Grid. CNN. Available at www.cnn.com/2007/US/09/26/power.at.risk. 3. Kushner, David. "The Real Story of Stuxnet". ieee. org. IEEE Spectrum. 4. Bateman, T. (2013). Police Warning Af ter Drug Tra f f icke r s' Cyb e r-At tack . BBC News Europe. A v a i l a b l e a t w w w . b b c . c o m / n e w s / w o r l d - europe-24539417. 5. Bronk, C., and Eneken Tikk-Ringas. (2013). The Cyber Attack on Saudi Aramco. Survival: Global Politics and Strategy. April-May 2013, Vol. 55, Edition 2.