Cover: Guidelines on Cyber Security Onboard Ships, Third Edition.
Click on image to download PDF.
From Rivieramm by Martyn Wingrove
OSV owners need to protect DP systems from failures and the spoofing of GPS signals, while preparing crew to identify cyber threats
Offshore support vessel owners need to ensure their bridge teams, especially dynamic positioning (DP) operators, are aware of cyber threats, particularly from global positioning jamming and malware.
Although there has been no direct attack on DP vessels, they are still being impacted by jamming or spoofing of GPS in regions exposed to state players.
According to International Marine Contractors Association (IMCA), jamming signals from satellites to vessels’ position reference systems helped cause a 50% jump in DP events reported in 2018.
IMCA received 147 event reports in 2018, up from around 95 in 2017 and 80 in both 2015 and 2016.
IMCA technical adviser Capt. Andy Goldsmith said part of the jump was due to improved reporting by vessel owners, but not all of it could be explained that way.
Addressing the offshore vessel owners, operators and managers at Riviera’s Asian Offshore Support Journal Conference in Singapore on 18 September, Capt Goldsmith said: “A big part of this in 2018 was reference system signal jamming in the Middle East.”
Of the 147 events reported in 2018, 24 incidents involved a loss of automatic DP control, said Capt Goldsmith, 82 were labelled ‘undesired events’ and 41 came in under the heading ‘observations’.
He said the most frequent causes for DP events were electrical and human factors.
The electrical issues were due to “poor design, component selection and lack of maintenance and testing” he said.
Human factors included lack of knowledge, training or experience of DP functionality, operator error or insufficient processing and procedures.
Increased spoofing and jamming
In addition, DP operators should be equipped to identify any GPS signal issues, cross check with other position reference sensors and be prepared to take control of the vessel.
However, Naval Dome chief executive and cyber security expert Itai Sela thinks if there is a DP issue because of GPS spoofing and jamming, owners should not blame this on human error.
“There is an increase in spoofing and jamming of DP systems,” he tells OSJ.
“But, it is not enough to apportion blame on individuals or consider the breach of a critical system simply as a technical failure unless a cyber event has been ruled out.”
He warns owners to have greater awareness of other cyber threats to OSV bridge systems, including DP computers and controls.
This comes after an offshore drilling unit in the Gulf of Mexico lost control of its DP system due to malware incursion.
A report into the incident indicated viruses entered the system after crew members plugged in mobile devices on the bridge.
“Would this have been considered human error if the DP and associated operating technology were adequately protected and the hack thwarted,” asks Mr Sela.
“I doubt it. If cyber-crime continues to be designated a human factor event, then the industry does not fully grasp the cyber problem.”
OSV crew should be aware they can be the unwitting assistance to a cyber criminal by accidently spreading a virus on board.
“We should be careful not to attribute blame to the crews or individuals when systems malfunction due to a cyber incident,” says Mr Sela.
“After all, the hacker will always be able to penetrate systems unless a technical solution has been established to protect these systems.”
He thinks vessel systems and crew will always be vulnerable to potential cyber interference.
“Humans will always make mistakes and hackers will always find ways of circumventing them to find the weak spot,” says Mr Sela.
“We should bear in mind that a cyber incident is not a human error incident. They happen because systems are not sufficiently protected.”
Another cyber expert, SoftImpact maritime consultant Alexandros Theofilou, thinks OSV bridge systems, including DP are vulnerable to malware, viruses and hacking programs, through unauthorised use of USB memory devices.
“USB are commonly used to transfer data to port authorities and by service engineers,” he said at the Seatrade Offshore Marine & Workboats Middle East Conference in Dubai, in September.
“They can carry viruses, which can be blocked if there is antivirus. But they do not block everything, so think before plugging them in,” he warned.
Mr Theofilou demonstrated the ease by which a hacker could block usage of an onboard computer through a USB-based virus.
“When the program can damage ECDIS or change the depth alarm or jam GPS, this could cause vessels to crash, leading to damage and pollution,” he said.
Mr Theofilou thinks owners should train onshore personnel and crew to be aware of cyber threats and identify if there are issues.
“They should check passwords are not saved on laptops, that emails are not fake, set digital signatures on email, be wary of using open wifi for connectivity and use virtual private networks,” said Mr Theofilou.
“The human element is a vulnerable link, so training is important.”
To protect OSVs from the impact of a GPS jamming and spoofing, DP systems should have differential GPS with connectivity to various Global Navigation Satellite Systems (GNSS), such as Glonass, Galileo and Beidou where they are available.
DP systems should also source data from multiple position reference sensors.
Providers of differential GPS and position reference technology will present their products and services at the European Dynamic Positioning Conference and Annual Offshore Support Journal Conference, Exhibition and Awards, in London, on 4-6 February 2020.
Veripos provides Apex high-accuracy GNSS services with Precise Point Positioning (PPP), an absolute positioning technique that corrects all GNSS error sources such as: satellite orbit and clocks; tropospheric; ionospheric; and multipath errors.
PPP is not dependent on the location of reference stations and provides position accuracy regardless of location.
Veripos operates its own Orbit and Clock Determination System (OCDS) which derives real-time corrections for all available satellite constellations using proprietary algorithms.
The OCDS uses data from Veripos’ reference station network.
Apex can be complimented by Veripos’ Ultra service that provides real-time corrections using JPL’s OCDS and reference stations.
Albwardy Damen has started construction of a DMB 8020 Multibuster vessel with DP2
Middle East oil companies tighten OSV DP requirements
In the Middle East, national oil companies and energy majors are increasingly demanding OSVs, including construction vessels, have DP2 capabilities for the next round of term contracts.
Arga Energy managing director Vivek Seth says oil companies are demanding inclusion of OSVs of less than 15 years-old and with DP2 in the latest contract tenders.
“It is only a matter of time before there is an upswing in demand for high-quality assets,” he explains.
“There would then be a two-tier system, with high quality DP2 versus low quality.” Mr Seth adds DP2 vessels will be required by the engineering, procurement and construction contractors to support inspection, maintenance and repair work.
McDermott director of maritime operations in the Middle East and North Africa Doug Korth thinks offshore construction in the Middle East will increasingly involve DP vessels compared with moored units.
McDermott operates two derrick barges with mooring spreads in the region, but it is likely to require one with DP2, he tells OSJ.
Derrick barge DB 27 is more than 40 years’ old and DB 32 is over 12 years’ old.
They operate in Saudi Arabia, Qatar and United Arab Emirates, supported by a fleet of anchor-handling tugs and shallow water multicats.
Mr Korth expects offshore work for these derrick barges and a support fleet of around 150 OSVs and tugs will increase in 2021 and be sustained at higher levels to 2025.
“There will be so much volume we will need to look at bringing in a DP derrick barge,” he says.
This could be sourced by partnering with an owner, or leasing an idle unit or one half-finished in a shipyard with DP2.
Multicats increasingly need computer-controlled positioning, which is why Damen is installing DP systems on the latest models.
The latest example is a multicat Damen Shipyards’ Hardinxveld facilities in the Netherlands is building for Van Wijngaarden Marine Services.
This vessel, to be named Kilstroom, will be built to a Multi Cat 3013 design with a DP system and bollard pull of 38 tonnes.
It will be a multi-function vessel with twin, heavy-duty cranes, rugged fendering, all-round visibility, extensive deck space and shallow draught.
Van Wijngaarden Marine Services managing director Peter van Wijngaarden said Kilstroom will support marine construction, towage, dredging and offshore windfarm operations.
Damen’s partnership in the UAE, Albwardy Damen, has started constructing a Multibuster vessel, a cross between a multicat and shoalbuster, with DP2.
Albwardy Damen managing director Lars Seistrup says this 80-m vessel will be built for shallow water pipe and cable lay, anchor handling, platform upgrades, well stimulation and decommissioning projects.
It will be built to a DMB 8020 design with 45 tonnes of bollard pull for delivery in Q1 2021, he says.
“It will be built for the Middle East market with shallow draught, Caterpillar engines and Schottel propulsion,” says Mr Seistrup.
This package includes two Schottel Rudderpropeller (SRP) 360 fixed pitch, a retractable SRP 260 RT fixed-pitch propeller and a STT 2 fixed-pitch tunnel thruster, plus steering and control systems.
Hybrid systems and energy conservation
Schottel has introduced a hybrid approach to cutting energy consumption for thrusters.
Vice president for sales Roland Schwandt says Schottel’s synchronous Y-hybrid drive enables one engine to drive two SRPs using a new gearbox.
This could be linked to SyDrive hybrid diesel-electric propulsion with energy storage, electric motors and frequency drives.
“It is adaptable and can be used in retrofit projects,” says Mr Schwandt.
Topaz Energy & Marine head of information technology Kris Vedat says fuel optimisation will be a key differentiator for OSV owners in securing contracts.
He thinks data analytics on OSV consumption will enable owners to reduce fuel costs.
“Ultimately, it will become real-time reporting to enable owners to throttle down their consumption,” he says.
“We process a lot of energy data that would benefit operators. Then we ask chief engineers to trust the data and that will then drive on board decisions, not just relying on their experience.”
Mr Seth says producing electronic logs of energy consumption will help both shore managers and onboard crew to operate propulsion more effectively.
“Crew can use smart devices for reporting and see what the office expects and then try to beat these expectations,” he says.
- DigitalShip : Cybersecurity not a human error issue, says Naval Dome CEO
- HellenicShippingNews : / Safety At Sea And BIMCO Publish Cyber Security White Paper
- ZDnet : Hackers target transportation and shipping companies in new trojan malware campaign
- ArcWeb : Mitigating Cyber Risk in Maritime Applications
- ITPro : Modern cyber security bears great resemblance to the Titanic disaster, says Stena CISO
- WorkBoat : The state of maritime cybersecurity
- Maritime Executive : Orolia, Telko Parter on First ECDIS with Navigational Cybersecurity