Strengthening digital security in the face of potential Russian cyber-attacks is vital. As an illustration, banks have already begun fortifying their defences against such attacks. However, as sanctions and asset freezes start to bite, it’s not hard to imagine an attack on financial institutions, even if driven by spite rather than strategy.
The UK National Cyber Security Centre (NCSC) has also warned companies to “bolster their cyber security resilience in response to malicious cyber incidents in and around Ukraine”. So clearly, there needs to be a sharpening of collective cyber resilience.
Russia has been down this road before. They attacked Ukraine’s power grid utilising the NotPetya virus, which went on to cause chaos. Infecting most systems it touched. One of the most high profile to be hit was global shipping giant Maersk. Maersk responded to the attack by shutting down their entire network and reinstalling 4,000 servers and 45,000 workstations. However, they had accumulated a loss of $300 million due to severe business disruption by this time.
DIFFERENT KINDS OF ATTACK
It is not just about viruses and hacking. There are different kinds of cyber assault and many vulnerabilities to attack. One of which is the reliance on GPS for so many uses, not just infrastructure but air and sea traffic too.
Indeed, there are signs that Russia could be launching similar attacks now. Initially reported by Finnish airline pilots, there are concerns that GPS signals are being tampered with around the Russian Baltic enclave of Kaliningrad. Planes flying close to the Russian border near and south of Finland reported unusual activities with their GPS.
While there is no conclusive evidence for these GPS abnormalities, jamming of GPS has been a common technique employed by Russia. The GPS global navigation system works by sending signals from satellites above the Earth back down to receivers. Unfortunately, it is relatively easy to disturb the radio signal.
Signal jamming is the transmission of a noise signal across one or more GPS frequencies to disrupt or obscure signal transmissions in the area. While commercially available GPS jammers only work over a relatively short range, a few metres to perhaps a couple of miles. An increase in power to military-grade jamming can mean the loss of signal across areas of 100 miles or even more.
SHIPPING AND CYBER
The prospect is terrifying, but GPS interference is localised, unlike a cyber-attack with no ranges. Moreover, it’s not just a cyber attack that leaves ships vulnerable. Shipboard navigation systems rely on GPS signals, and jamming can cause severe issues for safe navigation. In addition, no signal means no live positioning for operations teams onshore. No signal leads to potential confusion between the vessel and shore teams and increases the likelihood of onboard sensor issues.
Jamming is relatively easy to spot, and any officer of the Watch worth their stripes should be alive to the impacts or signs. What is potentially more problematic is that of “spoofing”. GPS spoofing is an attack whose primary goal is to override a GPS-enabled device’s original location.
The attacker uses a radio transmitter that broadcasts fake GPS signals and interferes with GPS receivers nearby. As a result, those devices display fake GPS locations. So, unlike a jammed signal, this is more challenging as it could look like everything was working fine until the ship ends up on the rocks, for example.
Both jamming and spoofing are forms of attacks that can cause chaos and damage, and ships are likely to experience heightened instances, particularly in areas of dispute. NATO has already warned about the risk of GPS interference issues, AIS spoofing, other electronic interference and cyber attacks in the Black Sea area are “considered very high”. It is of great concern from the navigator on the bridge, the Master, through the entire shipping chain.
Geollect enriches clients with their awareness and decision making, pairing the right data solution with the right human experience at the right time. This approach is the start of your business becoming data-driven while remaining human-centric. To discuss your requirements or dive deeper into the current cyber situation and the impact on shipping, contact email@example.com