Hack the Boat

Reading time: 4 minutes

Category: Trends and Reports

Imagine you’re the captain of a massive ship, cruising through open waters at full speed. Suddenly, something feels off… Are you veering off course? But your monitors show everything is fine…

Is it a malfunction or could this be a cyber-attack?

Hans Quivooij is a experienced (IT) architecture and cybersecurity professional, currently serving as Chief Information Security Officer (CISO) at Damen Shipyards where he is responsible for ensuring digital security and developing strategic security initiatives.
 
With extensive IT experience, Hans has overseen complex global IT deployments, focusing on security by design. At Damen, he integrated security with IT architecture, making the company one of the first in the Netherlands to adopt the Zero Trust model.
 
Alongside CIO Aart Rupert, Hans transformed Damen from a fully decentralised IT organization to a Shared Service organisation with cyber security as a cornerstone. He frequently speaks on these topics, sharing his insights and experiences.

Though the recent Baltimore bridge collision wasn’t a cyber-attack, it did showcase a serious vulnerability in ship systems. A vulnerablity that could’ve easily been exploited by hackers, highlighting a truth that can no longer be denied – ships are easy targets for cybercriminals.

But why is it only more recently that this has come to light?

The maritime sector has seen a dramatic 900% increase in cybersecurity breaches within operational technology over recent years. Once considered safe due to isolation at sea, the industry now faces significant attacks causing operational failures and financial losses.

In this Hack the Boat episode of Threat Talks, recorded live at the Tugboat simulator at Damen Shipyards, we dive into the cyber threats that modern vessels face. With marine cybercrime steeply on the rise, what can maritime companies do to bring their IT and OT in line with today’s cybersecurity standards?

P.S. Think you can spot the secret code in this episode? Join the treasure hunt, submit the code and win your very own Threat Talks t-shirt!

Deep Dive – Securing AIS

Though a crucial tool in maritime navigation, situational awareness and search and rescue operations, AIS or Advanced Identification System is a vulnerable system that is prevalent in the maritime industry.

With a lack of authentication and signals that are not only unencrypted, but also easy to either spoof or jam, there are numerous vulnerabilities that can be exploited. And they have been – pirates use the AIS system to track high-value targets, where other bad actors will use the AIS system to either impersonate another ship, or simply make their own ship disappear to avoid getting caught sailing into illegal waters.

In this Deep Dive, join host Lieuwe Jan Koning and guests Rob Maas and Jeroen Scheerder as they unravel the scope of what is possible when it comes to hacking AIS, and look at the steps needed to secure AIS, making it a more reliable tool for the future.

Deep Dive – Ballast System Hack

A ship’s ballast system ensures it stays stable in rough seas and under heavy loads.

It works by using the one resource that’s always available at sea—water. Large compartments called ballast tanks fill and empty with seawater, helping the ship counterbalance shifting cargo and avoid tipping over.

But can such a system be hacked?

In this Deep Dive episode of Threat Talks, host Lieuwe Jan is joined by Luca Cipriano and Jeroen Scheerder to discuss how they built a realistic scale model of a container ship—and then hacked its ballast system, successfully tilting the ship.

Did you know?

Each series of Threat Talks episodes comes with it’s own infographic, detailing all the threats that were discussed.

If you’re looking for a brief overview of these threats, listing each specific step the hacker took, and what mitigations would’ve helped stop them, check out our Hack the Boat infographic!

ON2IT and Damen Shipyards @ the ONE Conference

At ON2IT and Damen Shipyards, we take our hacks very seriously. So seriously in fact, that Luca Cipriano and Jeroen Scheerder set out to build their own scale model of a container ship, just so they could demonstrate how vulnerable ballast systems really are.

During the presentation of our Hack the Boat demo at the ONE Conference early October, we highlighted the increased cybersecurity risk in the maritime industry by showing what threats and vulnerabilities are prevalent and what can be done against them.

Curious about what work went into this demo and how it was received at the ONE Conference?

Follow our Threat Talks podcast

Stay up to date with the latest developments in the world of cybersecurity! Alongside industry experts, we explore recent cyber threats, what their impact was and how to prevent these threats in the future.