Risk & Reward of The Internet of (Maritime) Things
The Internet of Maritime Things (IoMT) is coming! Start planning now.
The Internet of Things (IoT) is already with us. You can get a doorbell camera that allows you to see on your smartphone who is at or approaching your front door. You can also get a refrigerator that keeps track of items inside and will advise you when you are running low (maybe on beer). It can also automatically place orders with your local grocery store for replenishment. Your automobile will attempt to keep you in your lane and avoid collisions while keeping track of where you are, getting you to your destination, and entertaining you. There is also a black box that keeps track of your speed. This black box also records your location, driving habits, and automotive health (among other things) and automatically sends that information to the car’s manufacturer. Smart speakers in your home or office will play the radio station or music you request. They are always on and can record other audio events, such as conversations. These recordings (or at least portions thereof) are automatically transmitted to the speaker’s manufacturer. And this is only the beginning.
If ports and vessels are all interconnected, transits could be arranged for optimum performance and safety. Cargoes could be loaded and unloaded with maximum efficiency. At sea, passages could be optimized, accounting for weather, sea conditions, marine hazards (such as rocks and shoals), and other traffic. The deck officer (whether physically or virtually present) would largely be there to meet legal requirements and to take the fall when things go wrong.
Computerized machines will monitor their own performance and schedule preventive maintenance. Sophisticated technology is being developed that will shut down if the purchaser attempts their own repairs or alterations. Manufacturers will have to work out how to maintain computerized equipment that has an extended lifespan. Currently, most computerized items, such as smartphones, are only supported for five years. Ships, though, have lifespans of three or more decades. What happens with future computerized ships? Who will keep the software and hardware operational and up-to-date when the ships are 10 or 20 years old? Will the then owner/operator/master install updates and changes as released? Will the ship builder (and its contractors) be able to monitor the vessel worldwide like car manufacturers can now? Can the ship builder shut down the ship (or certain equipment) if certain repairs are attempted without its authorization?
What happens when things go wrong? In the 1970s, the guided missile cruiser USS Yorktown (CG 48) was one of the most sophisticated warships in the US Navy, being known as a ‘smart ship’. On 21 September 1997, a storekeeper on board was ordering supplies while the ship was underway in the North Atlantic on an unescorted operation. A ‘division by zero error’ occurred. The ship’s computer system overloaded and shut down. The main computer was connected to everything electronic on the ship. All of that equipment ceased to operate. There was no propulsion. There was no ventilation. There were no regular lights. There was no radar. There was no fire control for the weapons systems. There were no communications. It took several hours to restore rudimentary radio contact so that the casualty could be reported to the chain of command. Other warships were diverted to render assistance. The cruiser was then towed back to its homeport in Norfolk. The incident was classified for some time.
What measures can a commercial vessel take if its computerized controls fail? In February 2019, a container ship approaching New York reported that its onboard computer network had been ‘totally debilitated’ by malware. A thorough analysis revealed that the malware significantly degraded the functionality of the ship’s computer system. Fortunately, in this instance, the essential vessel control systems had not been connected to the computer system. If they had been, this commercial vessel may have been found itself in a situation similar to that suffered by USS Yorktown. Adding more interconnected electronics in future smart-ships, though, increases the number of potential points of failure.
There is another issue to consider – cybersecurity.
When all computerized equipment is tied together (such as in a ‘smart home’ or a ‘smart ship’), access to one item can lead to access to all the connected devices. While some or even most of the connected devices may have high-level cybersecurity, if any of the devices have no or minimal security, it may allow a hacker access to the entire system. In 2017, a casino purchased an internet-connected fish tank, designed to allow remote control of the water temperature and salinity. The fish tank controls were placed in a unique portion of the casino’s computer network, separate from all financial systems. Hackers were able to gain access to the fish tank controls and then breach the entire network, copying a large amount of sensitive data.
The more computerized equipment that are integrated into a system the greater the number of potential targets for hackers.
Manufacturers of computerized equipment are aware of the vulnerability and have the means to reduce the risks. Few, though, invest much time and effort into the process. Risk reduction for each piece of equipment can be time-consuming and expensive, requiring the writing of complex lines of code and utilization of more capable and costly chips. There is little incentive to make those investments. Purchasers generally buy such equipment based on factors other than cybersecurity. Even if cybersecurity protocols are provided by a manufacturer, purchasers often fail to change the default passwords, effectively leaving the door unlocked.
If hackers can access a smart ship’s computer system (in either a targeted or random attack), they can effectively take control of the operation of the ship. Hackers have demonstrated the ability to take control of smart cars, operating the stereo, the windshield wipers, the engine, the brakes, and the steering wheel. Imagine what could be done with a compromised ship.
The Internet of Maritime Things is coming. It holds great promise, but also great risk. Industry’s role must be to optimize the promise while minimizing the risk.