The Tallinn University of Technology (TalTech) Centre for Digital Forensics and Cyber Security and the Estonian Maritime Academy have received nearly 2.5 million euros from the European Union for the establishment of a maritime cyber security centre. This five-year project aims to develop cybersecurity in the maritime sector and increase TalTech's reputation by involving top researchers from around the world.
According to Dan Heering, one of the project leaders at the Maritime Academy, the maritime industry has not taken cybersecurity seriously for a long time and there is a lot to be done in this area. "As there is little publicly available information about "successful" cyber-attacks and incidents involving ships, shipping companies do not take the threat seriously," said Heering. He added that when researching the topic as part of his master's thesis, he found it surprising that most companies were indifferent to the problem. "This has been due to the lack of legislation that would compel shipowners to mitigate cyber risks and train their crews. However, from January next year, shipping companies will be required to implement cyber risk management in their safety management documentation," he added.
The lack of interest by shipping companies so far may also be due to a low awareness of the threat and the potential damage that a successful attack may cause. Also, companies currently see cyber risk management as an expense rather than an investment. However, according to Heering, several incidents have been publicised in the last 10 years. In 2019 there was the case of a cargo ship bound for New York having to contact the US Coast Guard due to a malware infection. This had affected the ship's computer systems significantly reduced its ability to manoeuvre safely.
In 2017, Campbell Murray, a cybercrime expert, demonstrated at a super-yacht conference that in a short time, it was possible to take over a ship equipped with modern technology using only a laptop. It took the IT professional 30 minutes to break into the ship's Wi-Fi network and access, delete, and even edit emails. In addition, Murray gained access to the financial data of the owner of the super-yacht and took control of the ship's security cameras, satellite communications and navigation equipment. Technically, it was possible to steer the super-yacht out of the harbour from the quayside.
According to Olaf Maennel, the professor for cybersecurity at the Centre for Digital Forensics and Cyber Security, the executives of shipping companies still cannot see the dark clouds gathering around them. Ships are increasingly dependent on technology and the Internet, with digital charts and manifests updated electronically, and satellite connections increasingly being used. "This means that ships' computer systems are vulnerable and the potential damage to larger companies can amount to hundreds of millions of euros," Maennel said.
In addition, he estimates that the number of autonomous machines connected to each other is expected to increase dramatically in the near future. It is therefore necessary to establish communication protocols resistant to cyber-attacks and to significantly increase crew awareness and preparedness for cyber incidents. To this end, the future cybersecurity centre plans to develop the existing master's and doctoral study programs, organise training events and conferences. For example, students studying to become helmsmen at the Estonian Maritime Academy next year will, for the first time, gain knowledge about cybersecurity and risk management.
In the autumn of 2019, the TalTech Estonian Maritime Academy and the Department of Software Science of the School of IT submitted a joint project application (MariCybERA) for the Horizon 2020 ERA Chairs programme, which received a positive funding decision in March this year. The aim of the ERA Chairs call is to help universities and other research institutions in the EU's convergence regions (including Estonia) and peripheral regions to significantly increase their competitiveness in obtaining research funding under the guidance of an outstanding researcher.