Please wait...

Blog

Cybersecurity in a vessel

Cybersecurity Threats in the Maritime Industry and Mitigating Risks with AIS E26/E27

Communication 29, Sep 2024

In January 2023, the maritime industry faced a significant cybersecurity breach when DNV's ShipManager software was hit by a ransomware attack. ShipManager, a critical tool used by over 1,000 vessels globally for fleet management, maintenance tracking, and compliance monitoring, was taken offline, disrupting shipping operations worldwide. This incident highlights the growing vulnerability of the maritime sector to cyberattacks and the urgent need to adopt enhanced cybersecurity measures, such as the AIS E26/E27 standards.

The ShipManager Ransomware Attack: Details and Impact

The ransomware attack forced DNV to temporarily suspend ShipManager’s services, leaving over 1,000 vessels without access to crucial management tools. The inability to access fleet management data, maintenance schedules, and safety compliance information led to widespread operational disruptions. Specifically:

  • Fleet Management Disruptions: Ships relying on ShipManager were unable to track essential maintenance tasks, crew records, and vessel performance metrics.
  • Regulatory Compliance Risks: Ship operators faced potential non-compliance with international maritime regulations, as they were unable to monitor safety certifications and maintenance logs.
  • Supply Chain Delays: With systems offline, vessels faced delays, impacting cargo deliveries and leading to disruptions across global supply chains.

Attack Details: In the ShipManager ransomware attack, vessels relying on centralized software were unable to access fleet management data, track maintenance tasks, or monitor compliance metrics. This lack of access created widespread operational disruptions, making it difficult for ships to maintain regulatory standards and continue operations safely. Attackers typically exploit vulnerabilities in network protocols, using tactics such as phishing or exploiting outdated software to access critical systems. Once inside, ransomware encrypts essential data, holding it hostage for ransom payments.

This attack highlights the critical weakness of centralized, unprotected systems, especially in environments where access to real-time data is necessary for continuous operations. Systems like ShipManager often are the backbone of a vessel's operational technology (OT) infrastructure, making any disruption extremely costly and risky.

AIS E26/E27 Standards Implementation: The AIS E26/E27 standards provide specific technical solutions to mitigate these risks. These standards secure Automatic Identification Systems (AIS), which are integral to vessel communication and navigation. AIS communicates ship positions, headings, and other critical data between vessels and marine traffic services. Cybersecurity vulnerabilities in AIS could allow attackers to manipulate or disrupt this communication, leading to navigation errors or ship collisions.

AIS E26/E27 introduces encryption and robust authentication mechanisms, ensuring that only verified users can access AIS communications. For example, when a vessel transmits its position, E26/E27 encrypts the message, ensuring that third parties cannot intercept or modify the data. Furthermore, enhanced authentication prevents unauthorized access to the network, ensuring only legitimate vessels and shore stations communicate.

Technical Example: In the context of a ransomware attack on OT systems like ShipManager, the AIS E26/E27 standards provide several layers of protection. Firstly, they implement Transport Layer Security (TLS) to secure communications between ships and shore stations, making it extremely difficult for attackers to intercept or manipulate navigation data. This prevents "man-in-the-middle" attacks where an attacker might modify AIS data to disrupt vessel movements.

Additionally, AIS E26/E27 uses Public Key Infrastructure (PKI) to verify the identity of vessels and shore stations. For instance, when a ship attempts to communicate with a shore station, both systems exchange cryptographic keys to authenticate one another. If the system detects a forged or invalid key, the communication is blocked, ensuring that only trusted entities can access the network.

AIS E26/E27 also introduces Intrusion Detection Systems (IDS), which monitor traffic for abnormal patterns that could indicate an attempted cyberattack. For example, if an unusually high number of connection requests come from an unrecognized IP address, the IDS can automatically flag this as suspicious activity and isolate that connection to prevent further intrusion.

Comparison with Traditional Systems: Before the introduction of these cybersecurity standards, OT systems often relied on outdated communication protocols with limited encryption. Attackers could easily exploit vulnerabilities in older AIS systems by spoofing ship identities or injecting false data into the network. For instance, by impersonating a vessel, an attacker could create confusion in shipping lanes, leading to delays or collisions.

AIS E26/E27 mitigates this by ensuring that even if attackers gain access to one part of the network, they cannot spread malware or ransomware through encrypted channels. 

Resilience to Cyberattacks: AIS E26/E27 not only prevents unauthorized access but also enhances the resilience of maritime systems during cyberattacks. If an AIS communication system is compromised, the standards allow affected systems to be isolated without taking down the entire network. This containment strategy prevents the kind of widespread operational disruptions seen in the ShipManager attack, allowing vessels to continue safe operations even under duress.

By using these multi-layered security measures—encryption, authentication, intrusion detection, and isolation—the AIS E26/E27 standards significantly reduce the risk of successful cyberattacks, ensuring that maritime operations continue safely and efficiently.

Summary

The ShipManager ransomware attack exposed vulnerabilities in centralized, unprotected systems used in the maritime sector. In contrast, the AIS E26/E27 standards provide a robust solution by securing vessel communications through encryption, authentication, and real-time threat monitoring. By adopting these cybersecurity measures, shipping companies can greatly mitigate the risks posed by ransomware and other cyber threats, ensuring safer and more resilient operations.

How can we help you ?
Connect with our experts at HBMS through our dedicated support channel for specialized assistance tailored to your maritime requirements.
Contact us

About

As certified providers recognized by Lloyds Register of Shipping, we specialize in inspection and testing of Lifting Appliances and loose gear. Compliance with the Code for Lifting Appliances in a Marine Environment is ensured through thorough annual testing and examination by our competent professionals. Trust HBMS technicians as your advisors for compliance and peace of mind.