The Prospect of Cyber Security for Autonomous Ships in Korea
September 17, 2020 MARITIME CYBER SECURITY
Development of Autonomous ship technologies in Korea compared to Europe.
It is undeniable that Korea is a leading country in the shipbuilding industry. After Hyundai Heavy industries entered shipbuilding in 1968, Korea got ahead of Japan becoming the 1st in the global shipbuilding industry and rose to the number five spot as a maritime powerhouse. Nonetheless, it is said that the technology development of autonomous ships in Korea is about 5 years behind compared to Europe.
Many companies around the world are working on maritime autonomous surface ships, among which Kongsberg and Rolls-Royce seem to be more ahead of others. As Norway’s Kongsberg Maritime acquired Rolls-Royce Commercial Marine in April 2019, they are now fully integrated and the autonomous shipping projects are being conducted under a new organization.
Korean technological innovation toward autonomous ships
Recently, the Korean government announced $132 million will be spent on developing autonomous sailing technology for six years, to achieve the goal of commercializing oceangoing ships that meet level 3 autonomous navigation defined by the International Maritime Organization (IMO).
To realize a fully unmanned autonomous ship soon, the technology development of autonomous vessels such as intelligent navigation system, instrumental automation systems, communication systems, and land operation management system is required and best combined to allow a vessel to operate safely.
Three big shipbuilders in Korea – Hyundai Heavy Industries, Samsung Heavy Industries, and Daewoo Shipbuilding and Marine Engineering – have already set out to the sector, and their current autonomous ship solutions can reach the first stage of ship autonomy.
However, none of them have yet to reach the stage of remotely controlled ships. Most important about autonomous ships is how to combine maritime ship equipment with information, communication technologies with operational technology ensuring cyber-security and establishing massive infrastructure, where autonomous ships will operate with smart docking systems at ports, other maritime facilities.
What technology is needed and how can it be best combined to allow a vessel to operate autonomously?
The technology needed to make a vessel operate autonomously consists of three main parts, ship control systems, digital connectivity from ships to shores, and onshore infrastructures. The first one concerns what the vessels run autonomously. Subsystems such as sensors, positioning systems, other technologies can detect obstacles on a voyage should reliably, securely function. The data gathered from sensors are jointly collected, what is called sensor fusion, and goes back into the vessels’ autonomous navigation system to make decisions based on it. This is a part of the integration occurring of information, communication technologies and operation technology. Many experts worry that autonomous ships can be hijacked as this system is vulnerable to hacking, putting stakeholders at risk.
The autonomous navigation of vessels is similar to self-driving cars in terms of scanning surrounding and detecting obstacles using vehicle sensors like camera, radar, and lidar. However, it is also different than a self-driving vehicle in that every vessel in a certain size is tracked. monitored under the Automatic Identification System (AIS), an automatic system using transceivers on ships, which provides much more information for ship autonomous navigation systems than is available to cars. Vessels sailing on the open oceans also go slower than cars.
For an autonomous ship to auto berth and cross, many sensors on the ships which interact with the main system can allow the ship to dock without crews on board. Even when a ship on this technology, however, is fully operated without crews, it should be connected to a control station, where humans would remotely monitor the ships and their sensors and should be able to take control manually for security as well. Moreover, full autonomy is not the first stage, we would reach middle levels of automation before going fully unmanned.
The Korean government is supporting the project for maritime transport, where a vessel can be controlled remotely when the crew on board first. Even this partial automation can help reduce costs and ease the burden of maritime companies in shortage of laborers. The labor shortage has been a known issue in the shipping industry as it is hard to find qualified employees. So, automation, whether full or partial, can help fill the gap of shortage.
However, this probably means that the technology requires new workers to become more qualified. Although a study of the social impact shows that workers could lose their jobs in several maritime areas due to automation, new jobs can simultaneously be created such as controlling MASS remotely due to there being a control center.
What will be the potential threats for owners and operators of autonomous vessel in the future?
As the benefits of autonomous vessels are multiple and tempting, a variety of organizations, private or public, within the maritime industry have turned toward autonomy to address impediments associated with ship transportation. Progresses in machine learning, ship sensors, and related technologies are not only making the autonomy of ships increasingly feasible but economically attractive. Autonomous vessels are expected to reduce operating expenditures since costs with their crews, all human support facilities, systems, and storage removed.
However, despite these cost-effective advantages, potential threats associated with cyber-attacks must not be neglected. The risks and vulnerabilities linked to autonomous shipping should be anticipated and properly managed with the related technologies advancing. Increased interconnectivity between vessels and onshore infrastructure also increases potential cyber-attacks on ships. Therefore, it is essential to weigh the cyber-risk contours to rank and mitigate any vulnerabilities. As Operational Technology (OT) systems are increasingly automated, the maritime industry has already witnessed cyber-security incidents which led to ships going off their course.
While the existing ships rely on separate systems for managing OT functionality such as bridge, propulsion, and power control, these systems seem to reach the end of life with new technologies adopted. Maritime company owners and operators have been getting OT systems locally and remotely connected via satellite communications and the internet, leading ultimately to a convergence of IT and OT. Sensors on equipment onboard ships transfer data through communication technology (CT). These new integrated technologies are a double-edged sword, which can enable autonomous systems to operate smoothly but put also the growing automation at a greater risk.
To tackle growing concerns about security threats, IMO has a deadline of 1st January 2021 for Maritime Cyber Risk Management to be addressed in ships’ Safety Management Systems. The main focus of the cyber-security program is to put measures in place to protect both OT and IT. It is estimated that cyber-attacks on the maritime industry operation technology (OT) systems have dramatically increased over the last three years.
As these cyber-attacks can have economic impacts and ripple effects on port infrastructures, it might not be easy for vulnerable ports to be fully recovered through insurance policies after OT systems are attacked. The network connecting traffic controls, cranes, vessel berth systems, and cargo handling systems are currently under threat and will be more venerable to cyberattacks especially after fully or partially autonomous vessels emerge in ports. To make matters worse, unlike IT systems, OT systems are more vulnerable to threat as they don’t have a dashboard which allows operators to monitor the condition of all connected systems. The maritime industry progressing towards more digitalization and increasing the reliance on networked and autonomous systems, more numerous vulnerabilities will keep emerging
Unless systems on vessels are properly managed, a large loophole of new cyber-security for hackers to break into can spring up intimidating. With the maritime industry and its digital exposure getting similar to industrial systems and OT, maritime companies must go faster into the direction of protecting their systems and provide a reliable and safe operating environment from a security perspective. Proactive measures must be developed and applied to OT systems since maintaining effective cybersecurity isn’t just an IT issue but is a fundamental operational imperative.
How Korea respond to maritime security challenges
In preparation for IMO’s Maritime Safety Committee’s resolution “Cyber Risk Management in Safety Management System (MSC.428 (98))” to come into effect, Korean Register of Shipping (KR) has been working together with major shipbuilders to enhance and support the application and verification of ship cybersecurity rules. KR signed a memorandum of understating (MoU) with Hyundai LNG Shipping to conduct joint research on the application, verification, and development of Guideline for Maritime Cyber Security last year. It also signed MoU with Samsung Heavy Industries (SHI) to conduct a joint study on the “Ship Cyber Security Network Construction and Design Safety Evaluation this year.
KR seems to be leading a maritime digital transformation in Korea. It established its own maritime cyber security certification system providing a cyber security certification service for maritime companies. KR has been known for its extensive work on cyber security measures working on big data platforms and e-certificate systems with industry. Moreover, the Korean Register aims to deliver 10 practical digital technologies before the end of 2020.