VSATs are targeted by attackers because they provide access to other vessel infrastructure, and they are also a target in themselves. VSATs provide access to information technology (IT) and operational technology (OT) layers on a vessel, which are closely intertwined, making them a significant attack vector.
Cyberattacks on vessels can be executed by discovering and exploiting vulnerabilities in a sequential manner through the VSAT connection. An attacker may first penetrate telecom equipment and take control of the IT segment. Next they may find problems in segmentation and access the OT layer, and finally, they could control OT equipment. Access to the OT onboard a vessel could provide attackers with internal information, potentially making pirate attacks easier.
Attackers may also be able to arbitrarily intercept and modify Transmission Control Protocol sessions under certain network configurations, enabling man-in-the-middle and denial of service attacks against vessels at sea. Any such attacks may disrupt vessels’ trips and delay delivery of essential commodities.
As well as providing a way in to more severe attacks, VSAT connections themselves contain desirable data, which may be targeted for theft. In fact, researchers have been able to intercept unencrypted sensitive data from maritime VSAT telecommunications using simple equipment, and attackers could steal this data too. Attacks may range from the interception and alteration of navigational charts to theft of passport and credit card details.
VSATs may be attacked via insecure passwords, open ports and un-updated firmware. Regarding passwords, hackers check if standard passwords are used on VSAT antennas and if they are not, they may apply “brute force” techniques to penetrate them instead. Another way in is through open ports in telecom equipment. Hackers search for open ports in telecom equipment, in order to penetrate the vessel’s IT network, subsequently also leading them to the OT network. And finally, hackers may try to exploit known vulnerabilities in un-updated firmware of communication equipment, in order to gain access.
Considering the multiple ways in which VSATs could be impacted, there are also multiple ways to help mitigate against attacks. Cybersecurity policies and procedures are an important start, to ensure good cyber hygiene throughout companies. In addition, VSAT scanners improve cybersecurity discipline with constant checks, and they protect against 90 percent of attacks in this way. Finally, it is suggested to introduce intrusion detection systems and endpoints onto the vessel, in order to protect against insider attacks and improve OT protection.
Jessie Hamill-Stewart is a cybersecurity PhD student at University of Bristol and University of Bath.
Andrew Sallay is the CEO and co-founder of cybersecurity company Reperion.
The opinions expressed herein are the author's and not necessarily those of iShipNet.<