The scandal of the shipping industry’s cybersecurity void

I​n a series of blog posts, a cyber security specialist company has published details which lay out quite how easy it is for container ships’ cargo routing & loading plans to be compromised by malicious hacking. Or, be open to plain old industrial espionage.

The issues stem at least partly from the BAPLIE EDIFACT, an information exchange system used by shipping lines, port authorities and the immense container ships which plough their ways daily across the world’s oceans.

The messaging system was developed originally by the Shipping Message Development Group (SMDG).

Pen Test Partners have published blog posts which show that even simple manipulation of the messages exchanged in the BAPLIE EDIFACT could result in loss of life, wholesale fraud, or massive costs to shipping organizations, port authorities, and ultimately, leave countries without essential goods.

Until recently, loading plans were exchanged by floppy disk between ports and ships and are still exchanged, in many cases, by means of a USB stick changing hands. BAPLIE EDIFACT is contained in a simple CSV file which shows how each ship should be loaded/unloaded.

By changing the simple codes in the document, a range of malicious activities could be instigated, ranging from the merely annoying and slightly time-wasting, right up to a loss of life. By changing the VGM (verified gross mass) record for any container, for instance, the port could load a ship incorrectly, with heavier containers positioned high above the ship’s center of gravity, or (perhaps in combination with this), off to one side, causing massive instability and a dangerous list (lean).

Additionally, the codes in the CSV document also describe the special nature of loads or their particular requirements. For instance, loads that require refrigeration could be marked for loading away from power sources, meaning their contents would deteriorate, and the ensuing smell/effluent taint other containers’ contents.

Alternatively, notifications of a container’s explosive contents or low flashpoint temperature could be removed or altered, meaning that lives and cargos are put at risk.

As well as the melodramatic, terrorist-inspired visions of smelly, listing, capsizing and exploding ships, the time taken to correct misloads is considerable – containers are stacked dozens deep far inside a ship’s hold. Corrections to the load can, therefore, take hours, if not days to correct.

In order to keep costs as low as possible, every ship is loaded with very exact amounts of fuel and ballast, according to their load and the distance to be traveled. Changing the load details of a ship can therefore easily throw out these calculations, meaning that ships could be cast adrift at sea, or at best, overladen with unnecessary expensive fuel that in itself, adds to the load burden.

The integrity of the BAPLIE messaging system is critical for shipping, according to Pen Test Partners’s Ken Munro:

“I strongly encourage all operators, ports, and terminals to carry out a thorough review of their EDI systems to ensure that message tampering isn’t possible […] Already there is evidence of theft of valuable items from containers in port, potentially through insider access by criminals to load information. It doesn’t take much imagination to see some far more serious attacks.”

A closer look at how Patrol can help ensure all #safety and #security walkthrough requirements are completed on schedule. https://t.co/Vid1dj6Im7 #Cruise #shipping #maritime #vessel #Hospitality #hotel #resort #convention #regulation #insurance pic.twitter.com/L3ZUKm2NJB

— Zendelity (@Zendelity) February 26, 2018

As Munro alludes, criminals less interested in destabilizing or delaying ships but rather wanting to steal goods by rerouting containers, have used “COPRAR/COPARN/CODECO/COARRI” messages instead of BAPLIE. These cover shipping to terminal messaging and have been compromised by operators at ports physically changing codes at the dockside for quick gains – rerouting or concealing drugs traffic or for simple theft of whole containers.

Because ship-board systems are often offline for months at a time, they rarely get much attention or updating. Their precarious nature is however at odds with the six and seven figure sums at stake that are put in jeopardy by even the slightest modification of data that has scant, if any, protection.

Port authorities and shipping lines need to tend to their security laurels as soon as possible, it transpires.