Thursday, June 15, 2023

The cyber vulnerabilities of dynamic positioning systems

 
DP systems are mission-critical for drillships and deepwater MODUs
(BSEE file image)


From Maritime Executive by Jessie Hamiil-Steward and Andrew Saillay

A dynamic positioning (DP) system is an automated and computerized system which directs and monitors a vessel’s position using various onboard sensors and drives the vessel forward using propellors and thrusters.
The system is often used in research ships and drilling vessels, as well as vessels used for installation and maintenance of offshore assets.
DP systems enable crew to maintain position for various types of operations without being anchored.
Because of their computerized and connected nature, DP systems are at risk of cybersecurity attacks.

There are three levels of DP systems, which build upon one another.
They are distinguished by the level of redundancies in case of failure and the precision required for different operations.
A more sophisticated DP system will have more thrusters to control the vessel’s position.
Regarding backups, Level I is the most basic, with few redundancies, while Level III contains backups in multiple systems.
DP systems are closely linked to many different physical components on a vessel, including the propulsion system, thrusters, rudders (if any), environmental sensors, generators, position reference systems and autopilot functionality.
Their connection to physical components increases the potential gravity of a successful cyberattack on a DP system.

Crews are dependent on functional DP systems in order to achieve their objectives, especially in situations that require precise positioning for extended periods of time.
Disruptions could result in unplanned downtime or even a health, safety, or environmental incident if the control and redundancy of DP systems is lost.
Disruptions could cost time and money.
Environmental or safety incidents could have more severe ramifications, up to and including the loss of life, particularly during underwater maintenance and inspections.

DP systems are also characterized by open interconnectivity, which leaves components exposed to cyberattacks.
For instance, primary and secondary components are not protected from exposure under Level II redundancies.
Therefore, DP systems could be targeted with malware which compromises connected power management functions.
They are also connected to and controlled by an additional computer onboard a vessel, so that if the computer system that controls the DP system is infected with malware, control of the DP system could be lost too.

Finally, DP systems have difficulty distinguishing between legitimate and illegitimate commands and broadcasts.
As a result, they could be targeted with botnets, which emit a false network broadcast.
DP systems are vulnerable to taking illegitimate actions which affects its connected components.
For instance, a change of direction could take a vessel off course, potentially jeopardizing a mission.

Similarly, DP systems are dependent on GNSS signals for reference points to guide its positioning function.
They are therefore vulnerable to spoofing, whereby false signals look like legitimate GNSS signals.
It could be deceived into thinking it is in a specific location, even if its position has shifted due to current or wind, which is especially concerning given that the DP system controls the vessel’s propulsion.

Jamming is an additional concern, as the system could not accurately remain in the same position without assistance of GNSS positioning signals.
GPS jamming was observed throughout 2018 and 2019 in northern Norway, but severe consequences were luckily avoided.
However, more than 280 vessels were reportedly affected in another jamming incident in South Korea, which completely disrupted some GPS signals and resulted in incorrect data for some others.
As DP systems are deeply affected by GPS spoofing and jamming, this cyber threat remains real and serious.

The risk is not entirely theoretical and some attacks have already happened.
In one instance, there was a loss of all analogue and digital RBUS input/output (I/O) signals, subsequently leading to loss of DP systems control, resulting in vessel position drift-off, 240m from the original position.
The issue was resolved with a firmware update, and it was a clear sign that this fundamental system can be disrupted.

In another case in 2017, the DP system of an oil drilling rig contained a virus which went undetected for nearly nineteen days.

The importance and vulnerabilities of DP systems makes implementing cyber measures crucial.
An end-to-end approach is recommended in order to tackle the cyber threat, alongside awareness, training and regular assessments of cyber threats.

No comments:

Post a Comment