I got an interesting email this morning from a long time reader and fellow blogger, John C.W. Bennet from MPSINT.com. As a reader John is well aware of my interest in cyber security issues as they relate to control systems. He forwarded me an interesting article from EWeek.com that summarizes a bunch of the discussion surrounding the current state of ICS security; nothing that most of us interested in ICS security haven’t seen before, but a nice summary article.
Coming from John though this article struck a completely different cord in my thought processes. You see John’s blog, Maritime Transportation Security News & Views, is one of my two main sources for MTSA information updates. With John’s maritime background my thoughts naturally turned to ships and I realized that modern shipping is based upon a whole slew of industrial control systems to manage operations on board. Certainly, I thought, those control systems have many of the same components as those we’ve been looking at the last couple of years or so in regards to ICS security issues. Therefore, one would expect that they would share many of the vulnerabilities that we have been discussing here.
At first glance one would assume that ships at sea were even more isolated than the proverbial (and nearly non-existent) air-gapped SCADA system. But, in the age of satellite communications, I’m sure that most of these ships (especially the modern ones) have internet access and are thus less air-gapped (sea-gapped?) than they might seem.
So my question to the ICS security community, has anyone looked at the security of onboard ship control systems?