http://arstechnica.com/information-technology/2015/12/hacked-at-sea-researchers-find-ships-data-recorders-vulnerable-to-attack/
By Sean Gallagher
Ars Technica
Dec 10, 2015
When the freighter El Faro was lost in a hurricane on October 1, one of
the goals of the salvage operation was to recover its voyage data recorder
(VDR)—the maritime equivalent of the "black box" carried aboard airliners.
The VDR, required aboard all large commercial ships (and any passenger
ships over 150 gross tons), collects a wealth of data about the ship's
systems as well as audio from the bridge of the ship, radio
communications, radar, and navigation data. Writing its data to storage
within a protective capsule with an acoustic beacon, the VDR is an
essential part of investigating any incident at sea, acting as an
automated version of a ship's logbook.
Sometimes, that data can be awfully inconvenient. While the data in the
VDR is the property of the ship owner, it can be taken by an investigator
in the event of an accident or other incident—and that may not always be
in the ship owner's (or crew's) interest. The VDRs aboard the cruise ship
Costa Concordia were used as evidence in the manslaughter trial of the
ship's captain and other crewmembers. Likewise, that data could be
valuable to others—especially if it can be tapped into live.
It turns out that some VDRs may not be very good witnesses. As a report
recently published by the security firm IOActive points out, VDRs can be
hacked, and their data can be stolen or destroyed.
The US Coast Guard is developing policies to help defend against
"transportation security incidents" caused by cyber-attacks against
shipping, including issuing guidance to vessel operators on how to secure
their systems and reviewing the design of required marine
systems—including VDRs. That's promising to be a tall order, especially
taking the breadth of systems installed on the over 80,000 cargo and
passenger vessels in the world. And given the types of criminal activity
recently highlighted by the New York Times' "Outlaw Ocean" reports,
there's plenty of reason for some ship operators to not want VDRs to be
secure—including covering up environmental issues, incidents at sea with
other vessels, and sometimes even murder.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
