This part of the paper analyses the two main components of the MTS as identified initially and tries to examine how vulnerable these are to potential malicious cyber related activities. The paper will try to untangle the complexity of the sub-components of ports and ships, highlight the consequences of a cyber-related disruption to these components, while categorising the affected fields from such an incident. Consequent findings are the result of research conducted by the authors, consisting of desk-based research and qualitative, semi-structured interviews with industry practitioners, government officials, and academics, and were informed by the discussions instigated during a workshop with industry experts.
4.1. Port’s Cyber Ecosystem
A port, as a cyber ecosystem, is a complex set of land and waterside systems and procedures, where the human factor still retains a predominant role. Over the last few years this ecosystem has rapidly become more digitalized, allowing the sector to thrive [
21]. Naturally, this increased digitalization is expanding the attack landscape for cyber criminals and other threat actors, but also increases the likelihood of unintentional human error by, unfamiliar to the new technologies and cyber-hygiene practices and standards, company rotating crew staff. According to Allianz Global Corporate & Specialty [
22], more than 75% of the marine casualties and accidents are attributable to human errors. The adoption of software-enabled systems and services offer a wide range of access points from where malicious software may infiltrate one or more of the port’s systems. A breach to any of these systems or services may cause a wide range of disruptions to the port environment, varying from tampering with timely, efficient, and safe port operations, jeopardising health and safety of port and third-party staff, causing financial losses, environmental pollution and damaging an entity’s reputation to facilitating smuggling or trafficking [
23,
24].
The cyber ecosystem or “cyber environment”, as defined in the UK Department for Transport (DfT) Code of Practice, comprises the interconnected networks of both information and cyber-physical systems that use electronic, computer-based, and wireless systems, including information, services and social and business functions that exist only in cyberspace [
14]. Applying this definition to ports, four main components can be identified: buildings, linear infrastructure, plant and machinery, and information and communication systems [
14]. These four main components consist of 18 sub-components as illustrated in
Table 1.
These four main components are interconnected with a wide range of operational and administrative processes, run by port staff and external third-party providers. In the event of a cyber incident occurring to one or more of these components, the consequences can be categorized in four distinct fields: data, human element, physical and environmental. The vulnerabilities, consequences, and affected fields within the port environment are illustrated in
Figure 3. Specifically, each of the sub-components is coloured based on the level of vulnerability (green: low, amber: medium, red: high). Consequently, a triangle colour based on the severity of the consequences is placed on its subcomponents (green: low, amber: medium, red: high). Finally, a circle consisting of the initial of each affected field (D: Data, E: Environment, H: Human, P: Physical) is placed on each sub-component.
Figure 3.
Port Components (Vulnerabilities, Consequences and Affected Fields). Note: This graphical illustration was generated with the support of Chatham House. Source: Authors.
Figure 3.
Port Components (Vulnerabilities, Consequences and Affected Fields). Note: This graphical illustration was generated with the support of Chatham House. Source: Authors.
Looking at the four port components initially, the buildings, linear infrastructure, plant and machinery and information and communication systems, as the diagram illustrates, plant and machinery used for cargo handling and port management, is the most vulnerable of the four aforementioned components, since it relies heavily on Operational Technology (OT) and, predominantly, Supervisory Control and Data Acquisition (SCADA) systems. These systems are the bulk systems of every port and regardless of the level of vulnerability, the consequences of a cyber attack on most of them are classified as severe, having an impact on more or less all of the aforementioned fields (data, environment, human, physical). Having said that, the most vulnerable sub-systems are the power plants, which are usually continuously connected to the regional main power controlling stations, forming, in this way, a part of the entire Critical National Infrastructure (CNI).
The second most vulnerable component is the information and communication systems, which are, a priori, related to data manipulation. Even though all the subcomponents are based on software, most of them are only connected to the internal port IT or OT network. An exception is the financial management and monitoring services used in order to conduct all financial activities of the port-based companies and port authority, which are constantly connected to the internet. Even though limited access to these services and systems may not halt port operations, it will certainly lead to financial instability, which in its turn could lead to other related disruptions, such as reputational damage and third-party compensation. Such an escalation could result in major disruptions of the port’s business cycle.
Thirdly, the Vessel Traffic Control Tower (VTCT) is the most vulnerable sub-component of the Building category. The VTCT’s operations rely on ship-to-shore, ship-to-ship communications, all of which use non-encrypted channels of the electromagnetic spectrum, and vessel management software. Port offices are also vulnerable to cyber-attacks as the entire breadth of port operations is monitored and, in some cases, managed by this facility. The consequences of a cyber attack to these two subcomponents are ranked as severe since such an incident would result in major disruption to port operations, from a seaside and shore side perspective. Port gates in one of Maersk’s terminals at a major port in Europe, where all office-based systems were not usable due to the NotPetya malware, were shut as a result, causing lengthy delays and queues of trucks waiting to pick up containers.
Finally, the linear infrastructure, consisting of road and rail networks, access control points, utilities, and cargo handling systems, is, as easily understood, the least vulnerable of the four, due to its physical nature and the limited cyber elements incorporated in this. Having said that, even though the physical component of rail systems and utilities are not vulnerable, the monitoring, control and alarm systems encapsulated in them can, potentially, be affected by a cyber incident that could affect their normal operations, from a safety perspective. Such an incident would, consequently, affect the overall port operations.
4.2. Ship’s Cyber Ecosystem
The ship, as a cyber environment, is what sets the challenges of the maritime sector apart from other industries. While the other components of the MTS are frequently similar to components present in other industries, the ship is the sector’s most valuable asset and one which is, most of the time, operating independently at sea. While a port may operate similarly to other CNI assets, a ship, currently, when at sea does not rely on internet connectivity in order to conduct its main operations, i.e., navigation, engine control and cargo monitoring. There are although several subcomponents, critical to the ship’s operations, that have moved from analogue to digital mode of operation. For that reason and due to the importance of the ship as a key asset of the MTS, the same SOSA is adopted.
Unlike the port, where four key components were identified, in the ship environment the various systems used to maintain reliable and consistent ship operability can be categorised in two main components: deck and engine. These two main components consist of 20 sub-components as illustrated in
Table 2.
Based on research findings and as illustrated in
Figure 4, there are several subcomponents which present low vulnerability to cyber attacks, a few of the deck’s subcomponents are extremely vulnerable. The deck comprises of both IT and OT systems, which are in most cases interconnected. According to the research findings, the most vulnerable subcomponent of the entire ship are the
crew entertainment facilities, including internet access. Even though it is gradually becoming common practice for most shipping companies to introduce network segregation to their IT infrastructure, separating the business from the crew network, it could be argued that this is not adequate to protect the ship’s operations. Although the two networks may be segregated, they both still use the sole IT infrastructure available on the ship. It only takes a careless seafarer to plug a malware-affected flash drive into the engine control system, to affect the engine management software, which in several cases still runs on a more vulnerable Windows XP environment [
25].
Figure 4.
Ship Components (Vulnerabilities, Consequences and Affected Fields). Note: When two triangles exist, they are introduced to indicate the difference in consequences based on the nature of the cyber incident. Source: Authors.
Figure 4.
Ship Components (Vulnerabilities, Consequences and Affected Fields). Note: When two triangles exist, they are introduced to indicate the difference in consequences based on the nature of the cyber incident. Source: Authors.
Additionally, the main subcomponent of the ship’s deck is the Bridge Control Console, where most of the other subcomponents are connected to facilitate the ship’s steering, navigation, cargo handling and most of its routine operational activities. Since modern ships operate with no more than three persons on duty at the bridge, it is important for the duty officer to have centralised control and monitoring of the ship’s main operations via such a console. This integrated console includes systems that require internet connectivity, such as the Fleet Management System, and others that require frequent updates, such as the Electronic Chart Display and Information System (ECDIS), constituting it as one of the most important and, at the same time, most vulnerable components in a ship’s bridge. If one of these components is exposed to malware, the ship’s safety can be jeopardised.
The second component, the engine, is primary composed of OT and SCADA systems that provide the ship with electrical power, propulsion, and safety monitoring. Even though most of these subcomponents operate independently, they could still be described as cyber-physical systems, since they are remotely controlled by the Engine Control Room System (ECRS) over computer-based software. Following the same centralised principle of operation, the ECRS, is the heart of the entire engine component, making it vital for the ship’s undisturbed continuity of operations. In that context, although on most ships, the ECRS is not connected to the internet, lately, at an increasing rate, vendors are requesting access to their shipboard installed systems, to monitor efficiency, performance, and consistency, which in turn, offers a potential back door to any malicious actors in accessing the ship’s cyber environment.
These findings illustrate the need for a holistic risk management approach, since the cyber threat landscape is growing in unprecedented rate and, as practice has indicated, no system can ever be ‘cyber proof’. This cyber risk management practice should focus on three main areas; (a) advising; (b) threat intelligence support; and (c) training. Cybersecurity is not limited to technology but involves people and business processes. Hackers will take advantage of the power of repetition that every individual is accustomed to and make their way into the enterprise ecosystem. Thus, comprehensive cyber risk management should be practised constantly within the maritime sector.