Saturday, June 23, 2018

Future of hydrography

Whilst the primary purpose of hydrography remains the production of navigational charts, the role of hydrographers is changing fast.
Watch the video to find out about the innovative technology Fugro is developing that will ensure the global hydrographic community is positioned to play a more efficient, effective and important role in managing the marine environment and resources for a liveable world.

Friday, June 22, 2018

China is alone at sea. That means the U.S. has the advantage.

A Chinese aircraft carrier leaves Dalian, in China’s northeastern Liaoning Province, in May.
(Li Gang/Xinhua via AP)

From Washington Post by John Lee
John Lee is a nonresident fellow at the Hudson Institute in Washington and the United States Studies Center at the University of Sydney.
He served as senior national security adviser to the Australian foreign minister from 2016 to 2018.

Indian Prime Minister Narendra Modi delivered the dinner address at the Shangri-La Dialogue, an annual meeting of defense ministers held in Singapore.
As with keynotes by Australia’s Malcolm Turnbull and Japan’s Shinzo Abe in preceding years, Modi championed democratic principles and a free and open Indo-Pacific, while emphasizing respect for territorial rights and international law rights.

The next morning, during the opening plenary session, Defense Secretary Jim Mattis pursued the same theme but in far more pointed terms, calling out China for its intimidation and coercion of smaller nations in the region, which is what much of the room wanted to hear.

Although a number of senior Chinese military officials, including Lt. Gen. He Lei from the Academy of Military Science, were in the room, Mattis’s Chinese counterpart was not there to receive the message.
Beijing has not sent a defense minister to this elite gathering of 40 nations since 2011.

One might empathize with Beijing’s determination to downgrade what it sees as an annual China-bashing event.
But the fact that China has lost the room speaks to the myth that authoritarian countries have the strategic advantage because they can take the long view.

 courtesy of the Economist / Michael Morgenstem

Consider Chinese President Xi Jinping’s grand objective of achieving regional dominance through a combination of economic munificence and attempts to ease the United States out of the Indo-Pacific.
The latter can be achieved by degrading and weakening the United States’ alliances with regional powers, a strategy drawn directly from legendary strategist Sun Tzu.

In the last decade of the previous century, a more cautious China concluded relatively generous treaties with Russia, Kazakhstan, Kyrgyzstan and Tajikistan to resolve border disputes and improve ties.
With relations smoothed over, China’s economic weight eventually allowed it to replace Russia as the most significant player in Central Asia.

Xi is ignoring salient historical lessons.
By reigniting age-old territorial disputes or else cooking up history to justify new claims, such as in the East and South China Seas and in border disputes with India, the Chinese leader has managed to alienate almost every significant naval power in the Indo-Pacific.

Chinese navy ships sail through the Strait of Malacca. Photo: Xinhua

The harsh words aimed against Beijing over the weekend are just one diplomatic consequence resulting from a counterproductive approach.
U.S. alliances and military cooperation with Japan and Australia are strengthening, as they are with India, which has been driven to discard its non-alignment philosophy in all but name.
We have never seen a powerful United States, Japan, India and China at the same time.
Although Chinese strategists have long feared the formation of a hostile maritime coalition of great powers, Beijing’s hubris is pushing these countries in that direction.

A web of security relationships is also starting to form between India and Vietnam, Indonesia and others.
These are not decisive, but they complicate the environment for China.
Taiwan is also less willing to countenance unification with the mainland than ever before — denying Beijing a strategic asset that Gen. Douglas MacArthur once called  an “unsinkable aircraft carrier.” Control of Taiwan would enable the People’s Liberation Army Navy to break out into the Western Pacific.

Indeed, almost all significant maritime countries have moved from a neutral or hedging posture to a countering or balancing one to the extent that they are able.
This includes preparedness to host and support more U.S. military assets and closer naval and intelligence coordination with other countries in response to Chinese activity.

 courtesy of the Economist

All this is occurring at a time when China has emerged as the largest merchandise trading country in the world, dependent on the oceans for an overwhelming majority of this trade, and the largest trading partner to 16 nations in its region.

Even more untimely for China is that it is attempting the difficult transition from a land-based mind-set established over several millennia toward becoming a dominant naval power for the first time in its history.
It is doing so without any true seafaring strategic allies or reliable security partners.

This brings us back to the apocryphal advantage of Chinese authoritarianism, the character of which is a direct cause of its lonely rise and strategic isolation.
The current Chinese approach to countries on its periphery is largely based on the same principles Xi is using to consolidate power for the Communist Party under his rule: convincing elites through economic seduction and dependency, or else threat and coercion.


Chinese military assets in the South China Sea.
courtesy of SCMP
Aid and investment are deployed to buy obeisance from ruling elites in countries such as Cambodia, Laos and Brunei.
When larger and more open countries pursue unfavorable policies, Beijing threatens them with economic punishments.
That was the case against South Korea when Seoul decided to deploy America’s Terminal High Altitude Area Defense antiballistic missile system after North Korea conducted its fourth nuclear test in January 2016.

Satellite images provided to CNN on June 11 show before and after images of Woody Island.

About one-third of countries earmarked to take part in the flagship Belt and Road initiative are at risk of being unable to pay back the loans.
While countries such as Sri Lanka, Mongolia and Pakistan have been forced to concede to agreements on terms favorable to Beijing, the initiative is solidifying China’s reputation as a predatory partner.

These are poor and fragile foundations for aligning long-term interests and securing lasting loyalties.
New governments discard allegiances sold by predecessors, as is occurring in Malaysia.
Oppressive debt creates long-term resentments, as it has done in Sri Lanka.

Constitutional changes, which could allow Xi to become his country’s first “leader for life” since Mao Zedong, are hardly reassuring.
A return to one-man rule further reinforces widespread suspicion of China’s increasingly hierarchical view of the world.

Confused messages and noise emanating from the White House are unhelpful.
However, China is still an incomplete maritime power, and resistance against Beijing is on the rise.
The advantage remains with the United States.

Links :

Thursday, June 21, 2018

Aeolus: wind satellite weathers technical storm


ESA’s Earth Explorer Aeolus satellite will be launched later this year to measure the world’s winds from space.
The satellite carries one of the most sophisticated instruments ever to be put into orbit: Aladin, which includes two powerful lasers, a large telescope and very sensitive receivers.
The laser generates ultraviolet light that is beamed down into the atmosphere to profile the world’s winds – a completely new approach to measuring the wind from space.
These vertical slices through the atmosphere, along with information it gathers on aerosols and clouds, will improve our understanding of atmospheric dynamics and contribute to climate research.
As well as advancing science, Aeolus will play an important role in improving weather forecasts.
The mission will also complement information about the atmosphere being provided by the Copernicus Sentinel missions.

From BBC by Jonathan Amos


They say there is no gain without pain, but when the European Space Agency (Esa) set out in 2002 to develop its Aeolus satellite, no-one could have imagined the grief the project would bring.

Designed to make the most comprehensive maps of winds across the Earth, the mission missed deadline after deadline as engineers struggled to get its key technology - an ultraviolet laser system - working for long enough to make the venture worth flying.

But now, 16 years on, the Aeolus satellite is finished and ready to ship to the launch pad.
And far from being snuck out the back door at night in embarrassment at the huge delay, the spacecraft will be mated to its launch rocket with something of a fanfare.

Esa is taking pride in the fact that it overcame a major technical challenge.

"Many times I remember people saying, 'there's just no point in continuing because it is simply not possible to build a UV laser for space'. But this is the DNA of Esa - we do the difficult things and we don't give up," said the agency's Earth observation director, Dr Josef Aschbacher.

It helped of course that Aeolus promises data that many experts still believe will be transformative.
From its vantage point some 320km above the planet, the laser will track the movement of molecules and tiny particles to get a handle on the direction and speed of the wind.

Currently, we measure the dynamics of the atmosphere using an eclectic mix of tools - everything from whirling anemometers to other types of satellite that judge wind behaviour from the choppiness of seawater.
But these are all limited indications, telling us what is happening in particular places or at particular heights.

Aeolus, on the other hand, will attempt to build a truly global view of what the winds are doing on Earth, from the surface of the planet all the way up through the troposphere and into the stratosphere (from 0km to 30km).

How to measure the wind from space :
  • Aeolus will fire a laser through the atmosphere and measure the return signal
  • The light will scatter back off air molecules and particles moving in the wind
  • Meteorologists will adjust their numerical models to match this information
  • The biggest benefits should be in medium-range forecasts - a few days hence
  • Aeolus should pave the way for operational weather satellites with lasers

"The lack of wind profile observations is one of the most important gaps to fill in order to improve numerical weather prediction," Dr Florence Rabier, the DG at the European Centre for Medium-Range Weather Forecasts (ECMWF), told BBC News.
"The Aladin Doppler wind lidar instrument onboard Aeolus will be the first satellite instrument that provides wind profiles from space.
"We have very high expectations regarding the quality of the Aeolus wind profile data, and we are anticipating forecast quality to increase by 2-4% in the extra-tropics and up to 15% in the tropics. Aeolus is paving the way for significant improvements in weather forecasting".

There is an example that meteorologists quote from March 2014 - storminess that led to flooding in northern Europe.

When they did the post-event analysis to figure out why no-one had seen it coming, the conclusion was that inaccurate wind data six days previously had been used in the models.
Dr Alain Dabas from MeteoFrance explained: "The error was in the central Pacific at an altitude of about 11km. There was a mistake in the initial winds given to the models and that propagated to Europe.
"The question now is would Aeolus have solved this problem? Probably, yes."

It goes without saying that knowing what the wind is going to do reaches beyond just the nightly weather forecast on TV.
How it blows affects the distribution and transport of pollutants, and how quickly bad air in a hazy city, say, can be cleared away.

 The first Doppler Wind-Lidar in Space
Aeolus will measure global wind speeds in horizontal slices up to 30 km above the Earth’s surface and improve the performance of numerical weather forecasts.
Aeolus will bring improvement for climate research and modelling.
Aeolus will be the first satellite capable of observing wind activity in our atmosphere using laser technology to produce dynamic 3D maps.

Then there are the requirements of safety to consider - think sailors at sea, or construction on high-rise buildings. And don't forget the sectors whose whole reason to exist rests on the wind.

"For instance, the wind energy industry," said Dr Anne Grete Straume, Esa's Aeolus mission scientist.
"They're exploiting the winds and they need to know how much energy they can produce at any point in time. For that they need very accurate forecasts and we hope that our mission can help them with their management."

But all this depends on the UV laser doing its job.
The engineers are very confident now that it can.
They recently put the finished Aeolus satellite in a space chamber for six months to simulate the conditions of being in orbit.
The whole system passed with flying colours.

It is worth recalling some of the past frustrations.
The first problem was in finding diodes to generate laser light with a long enough lifetime.
When those were identified, the mission looked in great shape until engineers discovered their design wouldn't actually operate in a vacuum - a significant barrier for a space mission.

Tests revealed that in the absence of air, the laser was degrading its own optics; as the high-energy light hit the lenses and mirrors, it would blacken them.

Companies across Europe were pushed to develop new coatings for the various elements.
The key breakthrough, however, was to introduce a small amount of oxygen to the instrument to prevent surfaces carbonising.
It's a tiny puff of gas - 40 pascals' worth; the same pressure you might expect to develop from the presence of a photosynthesising plant.
But it is sufficient to oxidise contaminants and remove them.

"When we started, the only references we had were classified because these types of lasers are used to represent atomic bombs, and those technologies were totally locked out," said Anders Elfving, Esa's Aeolus project manager.
"The motivation for my team all these years was that there is no alternative, and of course the user community is still so enthusiastic for what we've built.
"We want to see what is invisible - to see the wind in clear skies. And I think active lidars like Aladin are the future - for much more accurate measurements of CO2 and other trace gases in the atmosphere."

The launch of Aeolus on a Vega rocket is currently set for 21 August.

Links :

Wednesday, June 20, 2018

Germany BSH layer update in the GeoGarage platform

86 nautical charts updated & 11 new charts added

Sailing the mysteries of old maps


From ERC

Dr Joaquim Alves Gaspar is a man of the sea.
After many years in the Portuguese Navy, he gave up plans to become an admiral in favour of pursuing a PhD in the History of Cartography.
This second career led him to receive an ERC Starting Grant, the first awarded in this budding discipline.
With his highly multidisciplinary team (he likes to say that, to work with him, one must be a mathematician fluent in Latin), and the experience obtained as a navigator and navigational instructor, Dr Gaspar hopes to understand how and when the first nautical charts were created.
The MEDEA-CHART team is the best place in Portugal, and probably in the world, to study the history of nautical cartography, hoping that this work will provide the domain with its rightful recognition within world history.

What is your research project about?

Our project is about the origin, the technical evolution and the use of nautical cartography in Europe.
This includes the medieval charts of the Mediterranean, what historians call portolan charts, and the early modern charts, first of the Atlantic and then of the whole world.
These charts, which preceded the Mercator projection (designed in 1569, and on which current navigation is based), didn't even consider the Earth as round!
In fact, although people of course knew about it, the constraints of navigational methods dictated that a flat-earth model be used until mid-18th century.
The MEDEA-CHART project is about studying these apparently naïve forms of cartographic representation, which were used for so much discovery and exploration.

What do you hope to achieve with your grant?

We hope to resolve some historiographical issues which have eluded scholars of cartography for a very long time.
For example, when and how were the first nautical charts constructed?
The earliest existent chart is the Carta Pisana (1275-1280).
But we suspect a long tradition before that, and we know nothing about its development.
Also, how were they updated with new geographical information?
These issues are particularly relevant for the medieval ones, but similar questions could be asked for the more recent, so-called, latitude charts of the Atlantic, which were developed by the Portuguese following the introduction of astronomical navigation.
This new model was based on the traditional charts of the Mediterranean but we don’t know exactly how it evolved from them.
These are two aspects we want to explore.
In addition, we'd like to understand how those charts were used to navigate.
We know almost nothing about that but we hope to by the end of this project.

We hope to resolve some historiographical issues which have eluded scholars of cartography for a very long time.
For example, when and how were the first nautical charts constructed?
How were they updated with new geographical information? (Carta Pisana – 1275-1280)

This research is quite unique, was the ERC support important for the discipline itself?

Absolutely, it was the very first ERC grant in the field of the History of Cartography.
My biggest wish is to include the History of Cartography, now a bit of a niche subject, into the History of Science.
I believe it belongs in this field because of its extraordinary relevance in the period of geographic discovery and maritime expansion.
Nautical charts weren't used only for navigation but also for the construction of the first coherent image of the whole world.
They were the most important source of geographical information during a period when the world was being discovered, explored and mapped by Europeans.
When we see those lavish atlases and maps of the world of the 16th and 17th century, we don’t realise that most of that information came from nautical charts, which were instruments for navigation not intended to depict the world.
Even more surprisingly, nautical charts were constructed not by scholars, but by artisans.
They were scientific tools made and used by illiterate workers, and this is in itself quite notable for the History of Science.
Finally, for the first time, we are using a multidisciplinary approach to study these maps, an approach which is extremely powerful and has already proven its potential.

Tell us more about this multidisciplinarity.

Essentially, not only do we study the sources using the traditional methods of historical research, but we also use geometrical analysis, mathematical modelling, radiocarbon dating and multispectral imaging technology.
Seven people work with me in the team, only one is a traditional historian.
We have three physicists, a philosopher, a computer science engineer, a neuroscientist and a navy officer.
One of them ia an American senior investigator and the world expert of the Piri Reis map (a well-known Turkish portolan chart from the 16th century).
We look at the charts themselves, lots of them.
But then written sources explaining how those charts came to be don't exist, so we try to understand the creation process by examining the charts themselves physically and mathematically, as well as interpreting the few textual sources where they are mentioned.

My biggest wish is to include the History of Cartography, now a bit of a niche subject, into the History of Science.
I believe it belongs in this field because of its extraordinary relevance in the period of geographic discovery and maritime expansion.
Nautical charts weren't used only for navigation but also for the construction of the first coherent image of the whole world.
(Anonymous Atlantic Chart – 1560)

How did you develop this passion for cartography?

I have been connected to the sea since I was a child.
I was always fascinated by maps and charts.
Charts and maps were part of my professional life in the navy but this particular interest in the History of Cartography began when I was sent to the Portuguese Navy Academy to teach cartography and hydrographic surveying.
Then I published two books on theoretical modern cartography.
That, at the time, was my real interest.
When the time came to decide about my career in the navy, about 15 years ago, I could have become an admiral but I realised that I had a bigger ambition.
I decided to start a PhD instead for which my background in the navy was ideal.
I was an expert in navigation, in hydrographical surveying and also in mathematical cartography, which are very powerful tools to approach the study of old nautical charts.

 What 16th century Arabs thought Europe looked like on top of an actual map of Europe

How did your career in the navy develop?

My experience in the navy was very rich.
I spent several years at sea in different kinds of ships, as a desk officer when I was very young, as an operation officer, a navigator, and then as a commanding officer.
But I also had the opportunity to study a lot.
I have a Masters in Physical Oceanography which I obtained in the United States, I taught for many years in the Naval Academy and I served in the Hydrographic Institute as an oceanographer and an expert in navigation.
Most of what I know directly related to my research subject I learned from the navy.

I have been connected to the sea since I was a child.
I was always fascinated by maps and charts.
Charts and maps were part of my professional life in the navy.
At a point in my career, I could have become an admiral but I realised that I had a bigger ambition so I decided to start a PhD instead and study the history of cartography.
(Diogo Homem portolan – 1563).

What motivated you to apply for the ERC?

Simply put, to pass a message.
To make a significant contribution to the training of a new generation of historians of cartography.
Not traditional historians, but researchers prepared to apply a multidisciplinary approach, including physical and numerical methods.
As far as I know, there is no undergraduate degree in the History of Cartography, and the only research team in Europe solely dedicated to the subject is mine.
Being awarded an ERC grant was the only way to have the resources to pass this message.

Links :

Tuesday, June 19, 2018

Flooding from sea level rise threatens over 300,000 US coastal homes – study

Sea levels are rising. For many cities on the the eastern shores of the United States, the problem is existential.
Miami and Atlantic city fight to stay above water

From The Guardian by Oliver Milman

Climate change study predicts ‘staggering impact’ of swelling oceans on coastal communities within next 30 years

Sea level rise driven by climate change is set to pose an existential crisis to many US coastal communities, with new research finding that as many as 311,000 homes face being flooded every two weeks within the next 30 years.

The swelling oceans are forecast repeatedly to soak coastal residences collectively worth $120bn by 2045 if greenhouse gas emissions are not severely curtailed, experts warn.
This will potentially inflict a huge financial and emotional toll on the half a million Americans who live in the properties at risk of having their basements, backyards, garages or living rooms inundated every other week.

“The impact could well be staggering,” said Kristina Dahl, a senior climate scientist at the Union of Concerned Scientists (UCS).
“This level of flooding would be a tipping point where people in these communities would think it’s unsustainable.
“Even homes along the Gulf coast that are elevated would be affected, as they’d have to drive through salt water to get to work or face their kids’ school being cut off. You can imagine people walking away from mortgages, away from their homes.”

The UCS used federal data from a high sea level rise scenario projected by the National Oceanic and Atmospheric Administration, and combined it with property data from the online real estate company Zillow to quantify the level of risk across the lower 48 states.

Under this scenario, where planet-warming emissions are barely constrained and the seas rise by about 6.5ft globally by the end of the century, 311,000 homes along the US coastline would face flooding on average 26 times a year within the next 30 years – a typical lifespan for a new mortgage.
Advertisement

The losses would multiply by the end of the century, with the research warning that as many as 2.4m homes, worth around a trillion dollars, could be put at risk.
Low-lying states would be particularly prone, with a million homes in Florida, 250,000 homes in New Jersey and 143,000 homes in New York at risk of chronic flooding by 2100.

With scientists' predictions starting to come true, Miami Beach residents must decide how to respond to the water that's invading their home.

This persistent flooding is likely to rattle the housing market by lowering property prices and making mortgages untenable in certain areas.
Flood insurance premiums could rise sharply, with people faced with the choice of increasing clean-up costs or retreating to higher ground inland.

“Unfortunately, in the years ahead many coastal communities will face declining property values as risk perceptions catch up with reality,” said Rachel Cleetus, an economist and climate policy director at UCS.
“In contrast with previous housing market crashes, values of properties chronically inundated due to sea level rise are unlikely to recover and will only continue to go further underwater, literally and figuratively.”

The report does not factor in future technological advances that could ameliorate the impact of rising seas, although the US would be starting from a relatively low base compared with some countries given that it does not have a national sea level rise plan.
And the current Trump administration has moved to erase the looming issue from consideration for federally funded infrastructure.

The oceans are rising by about 3mm a year due to the thermal expansion of seawater that’s warming because of the burning of fossil fuels by humans.
The melting of massive glaciers in Greenland and Antarctica is also pushing up the seas – Nasa announced last week that the amount of ice lost annually from Antarctica has tripled since 2012 to an enormous 241bn tons a year.

This slowly unfolding scenario is set to pose wrenching choices for many in the US. Previous research has suggested that about 13 million Americans may have to move due to sea level rise by the end of the century, with landlocked states such as Arizona and Wyoming set for a population surge.

“My flood insurance bill just went up by $100 this year, it went up $100 the year before,” said Philip Stoddard, the mayor of South Miami.
“People on the waterfront won’t be able to stay unless they are very wealthy. This isn’t a risk, it’s inevitable.
“Miami is a beautiful and interesting place to live – I’m looking at a lizard on my windowsill right now. But people will face a cost to live here that will creep up and up. At some point they will have to make a rational economic decision and they may relocate. Some people will make the trade-off to live here. Some won’t.”

Links :

Monday, June 18, 2018

Norway NHS layer update in the GeoGarage platform

105 nautical raster charts updated

Hacking, tracking, stealing and sinking ships

Further illustrating the real-world implications, Pen Test Partners has managed to link version details for ships’ satcom terminals to live GPS position data, to establish a clickable map where vulnerable ships can be highlighted with their real-time position
(it’s not updated however, thus ensuring it remains out of date and useless to hackers).

From PenTestPartners by Ken Munro

Pen Tester find several ways to hijack, track, steal and even sink shipping vessels

At Infosecurity Europe this year, we demonstrated multiple methods to interrupt the shipping industry, several of which haven’t been demonstrated in public before, to our knowledge.

Some of these issues were simply through poor security hygiene on board, but others were linked to the protocols used and systems provided by maritime product vendors.

Tracking and hacking ships: satellite communications

Our earlier satcom work is here but we took this much further at the show:
Shodan already publishes a ship tracker.
We think this only uses AIS data, publicly available.
We’ve broken new ground by linking satcom terminal version details to live GPS position data.

This, we think, is the first ever VULNERABLE ship tracker.
Two public data sets have been linked, so we now have a clickable map where vulnerable ships are highlighted with their real time position


It’s here http://ptp-shiptracker.herokuapp.com/ – note that we deliberately haven’t refreshed the data in use, ensuring it is out of date so that it can’t be used by hackers.
We’ll refresh it in time.

Many satcom terminals on ships are available on the public internet.
Many have default credentials, admin/1234 being very common.
These passwords were found on a ship only two weeks ago:


So that’s an easy way to hijack the satellite communications and take admin rights on the terminal on board.

Hardware hacking the satellite terminal

We applied our expertise in IoT, automotive and SCADA hardware security to a Cobham (Thrane & Thrane) Fleet One satellite terminal.
We haven’t seen much evidence in public of anyone looking hard at maritime satcom terminal hardware security before.
They’re expensive, which may explain it!

Caveat: all of the vulnerabilities we cover here are resolved by setting a strong admin password, as per the manufacturers guidance.
Either that, or they aren’t particularly significant.
We found much more, but the more significant findings have to be disclosed privately to Cobham first!


First, we found that the admin interfaces were over telnet and HTTP.
Pulling the firmware, we found a lack of firmware signing – the validation check was simply a CRC

Then, we discovered that we could edit the entire web application running on the terminal.
That lends itself to attacks.

Further, there was no rollback protection for the firmware.
This means that a hacker with some access could elevate privilege by installing an older more vulnerable firmware version.
Finally, we found the admin interface passwords were embedded in the configs, hashed with unsalted MD5.

Hardly ‘defence in depth’!
Reminder: these are all fixed by setting a strong admin password.
We found lots more, but can’t disclose these yet.

Sending a ship the wrong way: hacking the ECDIS

We often find a lack of network segregation on the vessel.
Hack the satcom terminal and you’re on the vessel network.

ECDIS are the electronic chart systems that are needed to navigate.
They can slave directly to the autopilot – most modern vessels are in ‘track control’ mode most of the time, where they follow the ECDIS course.

Hack the ECDIS and you may be able to crash the ship, particularly in fog.
Younger crews get ‘screen fixated’ all too often, believing the electronic screens instead of looking out of the window.

We tested over 20 different ECDIS units and found all sorts of crazy security flaws.
Most ran old operating systems, including one popular in the military that still runs Windows NT!

One interesting example had a poorly protected configuration interface.
Using this, we could ‘jump’ the boat by spoofing the position of the GPS receiver on the ship.
This is not GPS spoofing, this is telling the ECDIS that the GPS receiver is in a different position on the ship.
It’s similar to introducing a GPS offset (which we can also do!)
Here’s it jumping from one side to the other of Dover Harbour:


Blocking the English Channel?

Worse, we could reconfigure the ECDIS to make the ship appear to be a kilometre square:


This doesn’t sound bad, until you appreciate that the ECDIS often feeds the AIS transceiver – that’s the system that ships use to avoid colliding with each other.

So, simply spoof the ECDIS using the vulnerable config interface, ‘grow’ the ship and ‘jump’ it in to the shipping lanes.

Other ships AIS will alert the ships captain to a collision scenario.
It would be a brave captain indeed to continue down a busy, narrow shipping lane whilst the collision alarms are sounding.
Block the English Channel and you may start to affect our supply chain.

Going the wrong way: hacking NMEA 0183 messages

A completely different technique is to exploit the serial networks on board that control the Operation Technology (OT).
The ethernet and serial networks are often ‘bridged’ at several points, including the GPS, the satcom terminal, the ECDIS and many other points

OT systems are used to control the steering gear, engines, ballast pumps and lots more.
They communicate using NMEA 0183 messages.
Here are several such messages including steering heading, GPS, AIS and Bridge alarm data.


There is no message authentication, encryption or validation of these messages.
They’re plain text.
All we need to do is man in the middle and modify the data.
This isn’t GPS spoofing, which is well known and easy to detect, this is injecting small errors to slowly and insidiously force a ship off course.

If the autopilot is engaged, one could change the rudder command by modifying a GPS autopilot command like this:
Change R to L (Right to Left rudder command!) and then change the 2 byte XOR checksum at the end.

Conclusion

Ship security is in its infancy – most of these types of issues were fixed years ago in mainstream IT systems.

The advent of always-on satellite connections has exposed shipping to hacking attacks.
Vessel owners and operators need to address these issues quickly, or more shipping security incidents will occur.
What we’ve only seen in the movies will quickly become reality.

Links :

Sunday, June 17, 2018