Executive Summary
We live in a world where autonomous vehicle (AV) technology is transitioning from a once far-fetched idea to a tangible reality. Self-driving cars will become mainstream soon, and the military and private sector are increasingly adopting unmanned aircraft systems – drones. AVs are not limited to the land and skies; they are also set to play an important role in maritime commerce and industry going forward. Maritime autonomous vehicles (MAVs) are boats or ships that – at present – operate on the water’s surface without the assistance of a human crew. More than 1,000 autonomous ships operated worldwide in 2021[1], with organizations across North America, Europe, and Asia continuing to invest in these advanced technologies. In 2021, experts valued the global autonomous maritime vehicle industry at over $6 billion and predict its value will grow to over $10 billion by 2030.[2]
The paper presents Partner Forces’ analysis of the current MAV technology, the threat landscape, and identified mitigation techniques to help operators and organizations reduce the risks associated with using MAVs.
Understanding Current MAV Technology
Presently, the MAV industry does not use standard definitions of autonomy, but they are typically organized into six increasing levels of autonomy. Figure 1, below, outlines the six increasing levels of maritime autonomy, starting with level zero, or no automation. Level one and two MAVs provide low levels of automation and are common in the maritime shipping and transportation sectors as well as the emergency services sector.[1] This level of automation helps to reduce costs by allowing for smaller crews and faster routes, improve safety by reducing the potential for human error, and enable quicker and more efficient rescue operations.
Level one ships provide decision support to the crew, but the decision-making authority still always rests with the crew. For example, operators of a level one ship set waypoints and determine the desired speed, then the ship navigates automatically and measures speed based on those manual inputs. The operators monitor the direction and speed and can make changes as necessary. Crew members of level two vessels can operate the ship from onboard or from the shore, and MAVs can suggest changes to speed, course, and other variables based on algorithms.[1]
Level three refers to remote, unmanned ships continuously monitored and controlled from the shore. Level four ships are capable of functioning autonomously but are regularly observed by a land-based team. Level five refers to monitored autonomy, a vessel that operates completely without human supervision but notifies operators of its decision making. Level six describes a fully autonomous MAV that uses machine learning to make decisions based on current surroundings and past situations. The operator is alerted only if the vessel fails to determine an action. Vessels at levels three through five are extremely rare at the current time.
Today, scientists are the primary users of remote or maritime autonomous vehicles for research, including climate monitoring in remote areas or real-time data collection and exchange in harsh environments. Scientists are adopting MAVs because they are more cost effective and able to monitor remote regions for longer periods of time than crewed vessels. [2] Human safety is of lower concern in the hard-to-reach areas where they are currently used due to negligible marine traffic.
Norway, Finland, and Japan are early movers in developing and adopting advanced MAV technology. Finland and Norway launched autonomous ferries in 2018, with Norway then successfully testing a remote container ship with crew onboard in 2021. In 2022, Japan launched two autonomous, unmanned shipping containers along its domestic routes.[3] None of these examples, however, represent a level five truly autonomous and unsupervised craft. Such a vessel is unlikely to be employed in any sector in the near future due to safety and security concerns, a lack of technical ability, and concerns regarding reliability.
MAVs’ primary vulnerabilities include human error, vulnerable and outdated onboard computer systems, and navigation system disruptions. Any crew member, maintenance worker, or employee unknowingly uploading malware to an autonomous or semi-autonomous ship is a vulnerability concern for MAV operators. Malicious cyber actors targeting the employees of maritime shipping and transportation companies with phishing attacks and compromised software could halt their operations and extract a large ransom. For example, the 2017 NotPetya attack crippled ships from some of the largest shipping companies resulting in more than $10 billion in damages.[1]
Vulnerable and outdated computer systems on commercial MAVs are also a concern. Ships employed in various sectors across the maritime industries often possess computer systems and software updates that lag significantly behind their land-based counterparts. Ship computers are inherently difficult to update, as companies must justify operational downtime and potential lost profits to call in ships to remedy a non-mechanical issue.[1] Maersk, one of the world’s largest shipping companies, was still running Windows 2000 at the time of the NotPetya attack.[2] This software was 17 years old at the time and no longer supported by Microsoft, making it incredibly vulnerable.
MAVs rely on many auxiliary systems to navigate the world independent of human intervention. Figure 2, below, visualizes the variety of systems and sensors MAVs interact with along their routes. Global Positioning System (GPS) technology and sensors depend on buoys and shipyard markings to locate and position themselves along a set route.[3] Threat actors could interfere with GPS systems through signal jamming, a direct attack on a supporting satellite, or an intrusion into a ship’s onboard GPS systems. These types of attacks could influence the ship’s movement sending a MAV off course or disabling navigation to cause a collision.[4] Interference with a MAV’s sensors or the markings it uses to orient itself in a crowded bay or shipyard could lead to similar dangerous situations. In fact, altering buoys and land-based systems is one of the lowest cost and easiest ways to conduct attacks that could still have a devastating impact.
However, MAVs in their current state pose a lower risk to critical infrastructure facilities or sensitive locations. Most MAVs today use a skeleton crew that can take control of the bridge should any issues arise, and many available MAVs are slow moving and cumbersome, enabling easy interdiction if they are compromised. Attacks at commercial ports and coastal transportation hubs have the potential to be disruptive and dangerous, halting commercial activity for a prolonged period or stranding passengers on a transportation vessel.[1] In the future, MAVs at autonomy level 4 and above will become commonplace. When this occurs, the potential for an attack on MAV systems becomes far more likely and more dangerous, as without a crew onboard to intervene a compromised MAV could cause a devastating collision or even be used to attack critical infrastructure on waterways.[2]
Cyberattacks on the maritime industry’s operational technology systems have increased precipitously in recent years, rising 900% from 2017 to 2020.[3] In 2019, the U.S. Coast Guard issued an official warning to ship owners after a malware attack significantly degraded the functionality of onboard critical control systems on a vessel headed to the Port of New York.[4] Threat actors also launched malware attacks against South Korea’s national flagship carrier HMM,[5] French containership company CMA CGM,[6] and international shipping line Mediterranean Shipping Company[7] over the past two years.
Impacts to Critical Infrastructure
An attack on today’s MAVs could result in financial loss, reputational damage, and compromise of sensitive data. Attacks that shut down shipping for an extended period or disable a profitable transportation vessel would create substantial financial losses for operators. These losses can impact manufacturers and vendors within the supply chain.[8] Reputational damage could also result from an attack on a company’s MAV systems. If an attack occurred due to negligence in updating MAV security systems, as was the case with Maersk, reputational damage may result leading to future business losses.[9] Lastly, an attack on a MAV used in transportation could result in the theft of passenger data. This eventuality has already happened at numerous cruise lines[10], and could become more common as ships become increasingly autonomous.
All critical infrastructure sectors that rely on international shipping are vulnerable to attacks on MAVs and their corresponding systems. This includes the vessel itself, waterways, ports, port operational equipment, and networks tying all these technologies together on sea and land. Specifically, the energy, critical manufacturing, chemical, and transportation systems sectors are particularly at risk. The energy sector still relies on imports of oil and natural gas to function smoothly despite higher domestic production,[11] and an attack on ships or ports could raise prices for consumers and threaten the fuel supply of certain power plants. The critical manufacturing sector is even more reliant on imports, with the vast majority of parts for advanced machinery
being produced abroad and subsequently sent to the U.S. for assembly.[1] The chemical sector also relies heavily on raw materials that are exported from abroad, making its supply chains vulnerable to shipping disruptions stemming from disabled ships or ports.[2] Lastly, the transportation systems sector is vulnerable as passenger vessels from cruise ships to ferries increasingly rely on MAV technology. If an attacker compromised these systems, passengers could be at risk to physical harm or their personal information getting stolen.
Mitigation Methods
Organizations can take several steps today to secure their MAVs or protect against the threat of MAVs. Implementing strong cybersecurity best practices, enterprise security procedures, and physical access controls are impactful initial mitigation strategies. Employers should train staff to recognize suspicious emails and avoid installing malicious software. For example, sophisticated spear phishing tactics are difficult to detect, but necessary to prevent costly attacks.[3]
Operators should conduct regular software updates on all MAV systems to protect against remote intrusion attempts.[4] It may be cumbersome to temporarily dock a ship to install new software, but the risk only grows as malicious cyber actors become more sophisticated. No software is perfect, and routine patches are necessary to keep critical MAV infrastructure reliably operational.
Furthermore, it is vital for land-based facilities that control, maintain, or support MAVs to be kept secure and have strong physical access controls.[5] These facilities represent another potential avenue for malicious actors to infiltrate MAV systems and every effort must be taken to ensure their security.
Conclusion
MAVs are already crucial to maritime shipping and transportation today and are set to become more important as technology advances. Their benefits include increased efficiency, safety, and precision in diverse sectors ranging from commercial shipping to scientific discovery. Despite these benefits, MAV operators must be vigilant in safeguarding their systems or their use could have catastrophic consequences. Malicious cyber actors that gain control of MAV systems could inflict financial, reputational or data security damage on their operators. These effects could be far reaching, affecting critical infrastructure sectors that are heavily reliant on international shipping. MAV operators must pay close attention to cybersecurity best practices, enterprise security procedures and physical access controls to maintain control of their systems and enjoy the benefits of MAV technology while limiting the risks inherent in its use.
Resources Considered
- CISA Cybersecurity and Physical Security Convergence Action Guide gov/cybersecurity-and-physical-security-convergence
- CISA Insider Threat Mitigation cisa.gov/insider-threat-mitigation
- CISA Cyber Resources Hub cisa.gov/cyber-resource-hub
- CISA Cyber Hygiene Services cisa.gov/cyber-hygiene-services
- CISA Shields Up cisa.gov/shields-up
- CISA Stop Ransomware cisa.gov/stopransomware
- CISA Cybersecurity Advisors cisa.gov/csa
- CISA Protective Security Advisors cisa.gov/protective-security-advisors
- CISA Tabletop Exercises Packages cisa.gov/cisa-tabletop-exercises-packages
- NHTSA Autonomous Vehicle Safety https://www.nhtsa.gov/technology-innovation/automated-vehicles-safety#resources
- TSA Surface Transportation Toolkit tsa.gov/for-industry/surface-transportation-cybersecurity-toolkit
References
American Geosciences Institute. Which mineral commodities used in the United States need to be imported? American Geosciences Institute. 2022. Link
Androjna, Andrej, Tanja Brcko, Ivica Pavic, and Harm Greidanus. Assessing Cyber Challenges of Maritime Navigation. Journal of Marine Science and Engineering, Vol 8, Iss 10. 2020. Link
Next Move Strategy Consulting. Autonomous Ships Market by Autonomy Level (Semi-Autonomous and Fully-Autonomous), by Ship Type (Commercial, Passenger, and Defense), by Fuel Type (Carbon Neutral Fuels, LNG, Electric Batteries, and Heavy Fuel Oil/Marine Engine Fuel), by Component (Software and Hardware) – Global Opportunity Analysis and Industry Forecast, 2020 – 2030. October 2020. Link
CISA. Autonomous Ground Vehicle Security Guide: Transportation Systems Sector. Cybersecurity and Infrastructure Security Agency. 2020. Link
Danish Maritime Authority. Final Report: Analysis of Regulatory Barriers to the use of Autonomous Ships. 2018. Link
Dougherty, Jack Richard. Autonomous Vessels Are Becoming a Commercial Reality. The Maritime Executive, September 24, 2021. Link
Felski, Andrzej and Karolina Zwolak. The Ocean-Going Autonomous Ship-Challenges and Threats. Journal of Marine Science and Engineering. November 16th, 2019. Link
Hand, Marcus. MSC confirms malware attack caused website outage. 2020. Link
Harner, Chris, Chris Beck, and Blake Fleisher. The Law of Unintended Consequences: When companies are collateral damage in a cyberattack. Milliman White Paper. March 2020. Link
Moneywatch. Carnival Cruise data breach leaks personal information of customers and employees. CBS News. June 18th, 2021. Link
Paris, Costas. Container line CMA CGM hit by Cyberattack. 2020. Link
Prevljak, Nadia Hakirevic. HMM hit by cyber attack. 2021. Link
Rivero, Nicolas. Japan is home to the world’s first autonomous container ships. Quartz. February 12th, 2022. Link
Schmidt, Jake. The Maritime Industry’s Move to Automation: Will This Make it a Hacker’s Playland? The Institute of World Politics. 2021. Link
Tam, K. Cyber-Risk Assessment for Autonomous Ships. University of Plymouth School of Engineering, Computing and Mathematics. December 6th, 2018. Link
Torsekar, Mihir. Intermediate Goods Imports in Key U.S. Manufacturing Sectors. United States International Trade Commission. 2017. Link
Winder, Davey. U.S. Coast Guard Issues Alert after ship heading into port of New York hit by Cyberattack. 2019. Link
Wolf, Christopher. Where Does the U.S. Get its Oil? US News. February 28th, 2022. Link
Wolff Josephine. How the NotPetya attack is reshaping cyber insurance. Brookings. December 1st, 2021. Link
Zolich, Artur, David Palma, Kimmo Kansanen, Kay Fjortoft, Joao Sousa, Karl Johansson, Yuming Jiang, Hefeng Dong and Tor A. Johansen. Survey on Communication and Networks for Autonomous Marine Systems. Journal of Intelligent and Robotic Systems. April 28th, 2017. Link
Acknowledgements
Graphics by Joey Dierdorf
Support from Lauren Moeggenberg
