The TalTech Center for Digital Forensics and Cyber Security and the Estonian Maritime Academy have received approximately 2.5 million euros from the European Union for the establishment of a center for maritime cybersecurity, informs LETA/BNS.
The objective of the five-year project is to develop the domain of cybersecurity in the maritime field and enhance the competence of TalTech through the involvement of top scientists from all over the world.
Dan Heering, one of the champions of the project at the Estonian Maritime Academy, said that maritime business has not taken cybersecurity seriously for a long time and much remains to be done in said field.
“Since there is little in terms of public information related to ‘successful’ cyberattacks and incidents related to ships, shipping companies are not taking the threat seriously too,” Heering said.
Heering said that when exploring the topic for his master’s thesis, he was surprised at most businesses’ indifference towards the problem. He attributed this to shortcomings in legislation, which does not direct shipowners to protecting themselves against cyber risks and providing training to ship crews.
From January of next year the requirement starts to apply to shipping companies that management of cyber risks must be made part of the company’s system of organization of safety at sea, the project manager said.
Lukewarm interest on the part of shippers to date may be also a result of their ignorance of the attacks committed and the damage caused by them. Also, businesses at present see reducing cyber risks rather as an expense, not an investment.
According to Heering, several incidents related to cyber attacks against ships have become public over the past decade. In 2019, a freight ship headed for New York contacted the US Coast Guard after the ship’s computer systems had suffered damage as a result of getting infected with malware and the vessel’s maneuvrability had deteriorated significantly.
Campbell Murray, expert on cyber crime, demonstrated at a conference on superyachts in 2017 that it is possible to take control of a vessel equipped with modern technology using a laptop computer in a short period of time. It took the specialist just 30 minutes to break into the vessel’s wifi network and get access to e-mails, delete or even alter them. In addition, Murray gained access to the financial data of the yacht’s owner and took control of the vessel’s CCTV cameras, satellite communication and navigation equipment. Technically, it was possible for him to sail the superyacht out of port being not onboard the vessel himself.
Olaf Maennel, professor at the TalTech Center for Digital Forensics and Cyber Security, said that managers of shipping companies are as yet unable to notice the dark clouds gathering over them. He said that ships are increasingly dependent on technology and the internet, as navigation maps and cargo documents need to be updated and satellite communication is used on an ever bigger scale.
“This means that the computer systems of ships are vulnerable to attack, and the damage may amount to hundreds of millions of euros for the bigger companies,” Maennel said.
The Estonian Maritime Academy of TalTech and the TalTech Department of Software Science in fall 2019 filed a joint application for the financing of the project with the Horizon 2020 ERA Chairs program, which received a positive financing decision in March this year.