July 18, 2022

Cheap satellite internet for maritime systems is ushering in a new age of piracy at high sea.

A New Age of Piracy

Last week saw the announcement of SpaceX’s Starlink Maritime service designed for all types of vessels “from merchant vessels to oil rigs to premium yachts.” (https://www.starlink.com/maritime) Promising low-latency internet with download speeds of up to 350Mbps in some of the most remote waters of the world. All of this is for $5,000 per month plus $10,000 for hardware and $100 for shipping and handling. If you happen to be the owner of a super yacht or a cargo ship sailing the high seas today, you're probably used to spotty or expensive internet access provided through satellite communications. The potential for access to high-speed internet access just like your office in the city, virtually anywhere your boat can take you, is welcome news. However, there’s always a downside and this is no exception.

A nice ship you have here - Arrr !!

Many of the vessels traversing our oceans are old and operate using dated equipment and devices. If viewed from a cybersecurity lens, one could say they are ancient. When the idea of security is a locked bridge door, a gate at the port, or maybe an armed security guard, connecting a vessel to the internet should be a massive concern.

We all know how painful it can be if a cargo ship is inoperable. For one week in March 2021, the world watched as Suez Canal authorities and workers scrambled to re-float and free the 1,312 foot long and 200,000-ton Ever Given cargo ship as it sat on a sandbar blocking one of the world’s key shipping canals and putting billions of dollars in trade at risk. It’s still under investigation but it’s generally believed that the size of the ship and number of cargo containers acted as a sail during a nasty dust storm, pushing the ship off course where it lodged in the canal. Maybe some human mistakes as well thankfully it wasn’t a malicious cause.

Knowing how disruptive a week’s delay in cargo movement can be is a delightful piece of information for nefarious nation-states, cyber-criminal gangs, and hobbyist hackers. Now take a vessel on the high seas with antiquated equipment and connect it to the internet, and you have a perfect cybersecurity nightmare. It’s only a matter of time before we see more disruptions in the shipping industry but this time, they will be due to a lack of cyber-protection on most maritime vessels. I’ve spent some time researching cybersecurity in the maritime sector and it’s safe to say that the industry would get a failing grade when it comes to cyber-protection from hackers. There’s a great deal of work to do implementing standard cybersecurity protocols and enterprise security software solutions. Guidelines are being developed and become mandatory for future vessels, but even then, existing ones would still be exploitable for ransom.

The big problem with maritime is that much of the equipment and devices in operation are not capable of running standard security solutions or any software for that matter. How do we protect a vessel that may have critical equipment now connected to the internet but not capable of running the necessary malware protection? The easiest answer is rip and replace: replace the vessel or replace the critical equipment that is at risk and implement state of the art equipment. Wouldn’t that be great if we lived in perfect world where cost to upgrade or replace wasn’t a worry. Sadly, that’s not realistic, so we must consider other ways to realize the many benefits and value to connecting a vessel to the internet without compromising the security of the vessel.

One such method is the deployment of physics-based cybersecurity solutions. Here at Palitronica we’re working hard to pioneer and commercialize physics-based cybersecurity solutions, which provide cyber mission assurance for critical physical infrastructure. Our technology can identify changes in power patterns given off by critical powered equipment and devices. These patterns can be captured and analyzed to determine whether they are running properly or have been compromised with malware or unauthorized updates. This technology is perfectly suited for retrofit on multi-generational critical infrastructure, which solves a big maritime cybersecurity challenge. Could this be one of the key steps to ready vessels for the coming wave of connectivity, which will make them just one more connected device on the internet of things? We think so and we encourage you to learn more at www.palitronica.com.