Wednesday, June 20, 2018

Germany BSH layer update in the GeoGarage platform

86 nautical charts updated & 11 new charts added

Posted by at No comments:
Labels:

Sailing the mysteries of old maps


From ERC

Dr Joaquim Alves Gaspar is a man of the sea.
After many years in the Portuguese Navy, he gave up plans to become an admiral in favour of pursuing a PhD in the History of Cartography.
This second career led him to receive an ERC Starting Grant, the first awarded in this budding discipline.
With his highly multidisciplinary team (he likes to say that, to work with him, one must be a mathematician fluent in Latin), and the experience obtained as a navigator and navigational instructor, Dr Gaspar hopes to understand how and when the first nautical charts were created.
The MEDEA-CHART team is the best place in Portugal, and probably in the world, to study the history of nautical cartography, hoping that this work will provide the domain with its rightful recognition within world history.

What is your research project about?

Our project is about the origin, the technical evolution and the use of nautical cartography in Europe.
This includes the medieval charts of the Mediterranean, what historians call portolan charts, and the early modern charts, first of the Atlantic and then of the whole world.
These charts, which preceded the Mercator projection (designed in 1569, and on which current navigation is based), didn't even consider the Earth as round!
In fact, although people of course knew about it, the constraints of navigational methods dictated that a flat-earth model be used until mid-18th century.
The MEDEA-CHART project is about studying these apparently naïve forms of cartographic representation, which were used for so much discovery and exploration.

What do you hope to achieve with your grant?

We hope to resolve some historiographical issues which have eluded scholars of cartography for a very long time.
For example, when and how were the first nautical charts constructed?
The earliest existent chart is the Carta Pisana (1275-1280).
But we suspect a long tradition before that, and we know nothing about its development.
Also, how were they updated with new geographical information?
These issues are particularly relevant for the medieval ones, but similar questions could be asked for the more recent, so-called, latitude charts of the Atlantic, which were developed by the Portuguese following the introduction of astronomical navigation.
This new model was based on the traditional charts of the Mediterranean but we don’t know exactly how it evolved from them.
These are two aspects we want to explore.
In addition, we'd like to understand how those charts were used to navigate.
We know almost nothing about that but we hope to by the end of this project.

We hope to resolve some historiographical issues which have eluded scholars of cartography for a very long time.
For example, when and how were the first nautical charts constructed?
How were they updated with new geographical information? (Carta Pisana – 1275-1280)

This research is quite unique, was the ERC support important for the discipline itself?

Absolutely, it was the very first ERC grant in the field of the History of Cartography.
My biggest wish is to include the History of Cartography, now a bit of a niche subject, into the History of Science.
I believe it belongs in this field because of its extraordinary relevance in the period of geographic discovery and maritime expansion.
Nautical charts weren't used only for navigation but also for the construction of the first coherent image of the whole world.
They were the most important source of geographical information during a period when the world was being discovered, explored and mapped by Europeans.
When we see those lavish atlases and maps of the world of the 16th and 17th century, we don’t realise that most of that information came from nautical charts, which were instruments for navigation not intended to depict the world.
Even more surprisingly, nautical charts were constructed not by scholars, but by artisans.
They were scientific tools made and used by illiterate workers, and this is in itself quite notable for the History of Science.
Finally, for the first time, we are using a multidisciplinary approach to study these maps, an approach which is extremely powerful and has already proven its potential.

Tell us more about this multidisciplinarity.

Essentially, not only do we study the sources using the traditional methods of historical research, but we also use geometrical analysis, mathematical modelling, radiocarbon dating and multispectral imaging technology.
Seven people work with me in the team, only one is a traditional historian.
We have three physicists, a philosopher, a computer science engineer, a neuroscientist and a navy officer.
One of them ia an American senior investigator and the world expert of the Piri Reis map (a well-known Turkish portolan chart from the 16th century).
We look at the charts themselves, lots of them.
But then written sources explaining how those charts came to be don't exist, so we try to understand the creation process by examining the charts themselves physically and mathematically, as well as interpreting the few textual sources where they are mentioned.

My biggest wish is to include the History of Cartography, now a bit of a niche subject, into the History of Science.
I believe it belongs in this field because of its extraordinary relevance in the period of geographic discovery and maritime expansion.
Nautical charts weren't used only for navigation but also for the construction of the first coherent image of the whole world.
(Anonymous Atlantic Chart – 1560)

How did you develop this passion for cartography?

I have been connected to the sea since I was a child.
I was always fascinated by maps and charts.
Charts and maps were part of my professional life in the navy but this particular interest in the History of Cartography began when I was sent to the Portuguese Navy Academy to teach cartography and hydrographic surveying.
Then I published two books on theoretical modern cartography.
That, at the time, was my real interest.
When the time came to decide about my career in the navy, about 15 years ago, I could have become an admiral but I realised that I had a bigger ambition.
I decided to start a PhD instead for which my background in the navy was ideal.
I was an expert in navigation, in hydrographical surveying and also in mathematical cartography, which are very powerful tools to approach the study of old nautical charts.

 What 16th century Arabs thought Europe looked like on top of an actual map of Europe

How did your career in the navy develop?

My experience in the navy was very rich.
I spent several years at sea in different kinds of ships, as a desk officer when I was very young, as an operation officer, a navigator, and then as a commanding officer.
But I also had the opportunity to study a lot.
I have a Masters in Physical Oceanography which I obtained in the United States, I taught for many years in the Naval Academy and I served in the Hydrographic Institute as an oceanographer and an expert in navigation.
Most of what I know directly related to my research subject I learned from the navy.

I have been connected to the sea since I was a child.
I was always fascinated by maps and charts.
Charts and maps were part of my professional life in the navy.
At a point in my career, I could have become an admiral but I realised that I had a bigger ambition so I decided to start a PhD instead and study the history of cartography.
(Diogo Homem portolan – 1563).

What motivated you to apply for the ERC?

Simply put, to pass a message.
To make a significant contribution to the training of a new generation of historians of cartography.
Not traditional historians, but researchers prepared to apply a multidisciplinary approach, including physical and numerical methods.
As far as I know, there is no undergraduate degree in the History of Cartography, and the only research team in Europe solely dedicated to the subject is mine.
Being awarded an ERC grant was the only way to have the resources to pass this message.

Links :
Posted by at No comments:
Labels:

Tuesday, June 19, 2018

Flooding from sea level rise threatens over 300,000 US coastal homes – study

Sea levels are rising. For many cities on the the eastern shores of the United States, the problem is existential.
Miami and Atlantic city fight to stay above water

From The Guardian by Oliver Milman

Climate change study predicts ‘staggering impact’ of swelling oceans on coastal communities within next 30 years

Sea level rise driven by climate change is set to pose an existential crisis to many US coastal communities, with new research finding that as many as 311,000 homes face being flooded every two weeks within the next 30 years.

The swelling oceans are forecast repeatedly to soak coastal residences collectively worth $120bn by 2045 if greenhouse gas emissions are not severely curtailed, experts warn.
This will potentially inflict a huge financial and emotional toll on the half a million Americans who live in the properties at risk of having their basements, backyards, garages or living rooms inundated every other week.

“The impact could well be staggering,” said Kristina Dahl, a senior climate scientist at the Union of Concerned Scientists (UCS).
“This level of flooding would be a tipping point where people in these communities would think it’s unsustainable.
“Even homes along the Gulf coast that are elevated would be affected, as they’d have to drive through salt water to get to work or face their kids’ school being cut off. You can imagine people walking away from mortgages, away from their homes.”

The UCS used federal data from a high sea level rise scenario projected by the National Oceanic and Atmospheric Administration, and combined it with property data from the online real estate company Zillow to quantify the level of risk across the lower 48 states.

Under this scenario, where planet-warming emissions are barely constrained and the seas rise by about 6.5ft globally by the end of the century, 311,000 homes along the US coastline would face flooding on average 26 times a year within the next 30 years – a typical lifespan for a new mortgage.
Advertisement

The losses would multiply by the end of the century, with the research warning that as many as 2.4m homes, worth around a trillion dollars, could be put at risk.
Low-lying states would be particularly prone, with a million homes in Florida, 250,000 homes in New Jersey and 143,000 homes in New York at risk of chronic flooding by 2100.

With scientists' predictions starting to come true, Miami Beach residents must decide how to respond to the water that's invading their home.

This persistent flooding is likely to rattle the housing market by lowering property prices and making mortgages untenable in certain areas.
Flood insurance premiums could rise sharply, with people faced with the choice of increasing clean-up costs or retreating to higher ground inland.

“Unfortunately, in the years ahead many coastal communities will face declining property values as risk perceptions catch up with reality,” said Rachel Cleetus, an economist and climate policy director at UCS.
“In contrast with previous housing market crashes, values of properties chronically inundated due to sea level rise are unlikely to recover and will only continue to go further underwater, literally and figuratively.”

The report does not factor in future technological advances that could ameliorate the impact of rising seas, although the US would be starting from a relatively low base compared with some countries given that it does not have a national sea level rise plan.
And the current Trump administration has moved to erase the looming issue from consideration for federally funded infrastructure.

The oceans are rising by about 3mm a year due to the thermal expansion of seawater that’s warming because of the burning of fossil fuels by humans.
The melting of massive glaciers in Greenland and Antarctica is also pushing up the seas – Nasa announced last week that the amount of ice lost annually from Antarctica has tripled since 2012 to an enormous 241bn tons a year.

This slowly unfolding scenario is set to pose wrenching choices for many in the US. Previous research has suggested that about 13 million Americans may have to move due to sea level rise by the end of the century, with landlocked states such as Arizona and Wyoming set for a population surge.

“My flood insurance bill just went up by $100 this year, it went up $100 the year before,” said Philip Stoddard, the mayor of South Miami.
“People on the waterfront won’t be able to stay unless they are very wealthy. This isn’t a risk, it’s inevitable.
“Miami is a beautiful and interesting place to live – I’m looking at a lizard on my windowsill right now. But people will face a cost to live here that will creep up and up. At some point they will have to make a rational economic decision and they may relocate. Some people will make the trade-off to live here. Some won’t.”

Links :
Posted by at 4 comments:
Labels:

Monday, June 18, 2018

Norway NHS layer update in the GeoGarage platform

105 nautical raster charts updated
Posted by at No comments:
Labels:

Hacking, tracking, stealing and sinking ships

Further illustrating the real-world implications, Pen Test Partners has managed to link version details for ships’ satcom terminals to live GPS position data, to establish a clickable map where vulnerable ships can be highlighted with their real-time position
(it’s not updated however, thus ensuring it remains out of date and useless to hackers).

From PenTestPartners by Ken Munro

Pen Tester find several ways to hijack, track, steal and even sink shipping vessels

At Infosecurity Europe this year, we demonstrated multiple methods to interrupt the shipping industry, several of which haven’t been demonstrated in public before, to our knowledge.

Some of these issues were simply through poor security hygiene on board, but others were linked to the protocols used and systems provided by maritime product vendors.

Tracking and hacking ships: satellite communications

Our earlier satcom work is here but we took this much further at the show:
Shodan already publishes a ship tracker.
We think this only uses AIS data, publicly available.
We’ve broken new ground by linking satcom terminal version details to live GPS position data.

This, we think, is the first ever VULNERABLE ship tracker.
Two public data sets have been linked, so we now have a clickable map where vulnerable ships are highlighted with their real time position


It’s here http://ptp-shiptracker.herokuapp.com/ – note that we deliberately haven’t refreshed the data in use, ensuring it is out of date so that it can’t be used by hackers.
We’ll refresh it in time.

Many satcom terminals on ships are available on the public internet.
Many have default credentials, admin/1234 being very common.
These passwords were found on a ship only two weeks ago:


So that’s an easy way to hijack the satellite communications and take admin rights on the terminal on board.

Hardware hacking the satellite terminal

We applied our expertise in IoT, automotive and SCADA hardware security to a Cobham (Thrane & Thrane) Fleet One satellite terminal.
We haven’t seen much evidence in public of anyone looking hard at maritime satcom terminal hardware security before.
They’re expensive, which may explain it!

Caveat: all of the vulnerabilities we cover here are resolved by setting a strong admin password, as per the manufacturers guidance.
Either that, or they aren’t particularly significant.
We found much more, but the more significant findings have to be disclosed privately to Cobham first!


First, we found that the admin interfaces were over telnet and HTTP.
Pulling the firmware, we found a lack of firmware signing – the validation check was simply a CRC

Then, we discovered that we could edit the entire web application running on the terminal.
That lends itself to attacks.

Further, there was no rollback protection for the firmware.
This means that a hacker with some access could elevate privilege by installing an older more vulnerable firmware version.
Finally, we found the admin interface passwords were embedded in the configs, hashed with unsalted MD5.

Hardly ‘defence in depth’!
Reminder: these are all fixed by setting a strong admin password.
We found lots more, but can’t disclose these yet.

Sending a ship the wrong way: hacking the ECDIS

We often find a lack of network segregation on the vessel.
Hack the satcom terminal and you’re on the vessel network.

ECDIS are the electronic chart systems that are needed to navigate.
They can slave directly to the autopilot – most modern vessels are in ‘track control’ mode most of the time, where they follow the ECDIS course.

Hack the ECDIS and you may be able to crash the ship, particularly in fog.
Younger crews get ‘screen fixated’ all too often, believing the electronic screens instead of looking out of the window.

We tested over 20 different ECDIS units and found all sorts of crazy security flaws.
Most ran old operating systems, including one popular in the military that still runs Windows NT!

One interesting example had a poorly protected configuration interface.
Using this, we could ‘jump’ the boat by spoofing the position of the GPS receiver on the ship.
This is not GPS spoofing, this is telling the ECDIS that the GPS receiver is in a different position on the ship.
It’s similar to introducing a GPS offset (which we can also do!)
Here’s it jumping from one side to the other of Dover Harbour:


Blocking the English Channel?

Worse, we could reconfigure the ECDIS to make the ship appear to be a kilometre square:


This doesn’t sound bad, until you appreciate that the ECDIS often feeds the AIS transceiver – that’s the system that ships use to avoid colliding with each other.

So, simply spoof the ECDIS using the vulnerable config interface, ‘grow’ the ship and ‘jump’ it in to the shipping lanes.

Other ships AIS will alert the ships captain to a collision scenario.
It would be a brave captain indeed to continue down a busy, narrow shipping lane whilst the collision alarms are sounding.
Block the English Channel and you may start to affect our supply chain.

Going the wrong way: hacking NMEA 0183 messages

A completely different technique is to exploit the serial networks on board that control the Operation Technology (OT).
The ethernet and serial networks are often ‘bridged’ at several points, including the GPS, the satcom terminal, the ECDIS and many other points

OT systems are used to control the steering gear, engines, ballast pumps and lots more.
They communicate using NMEA 0183 messages.
Here are several such messages including steering heading, GPS, AIS and Bridge alarm data.


There is no message authentication, encryption or validation of these messages.
They’re plain text.
All we need to do is man in the middle and modify the data.
This isn’t GPS spoofing, which is well known and easy to detect, this is injecting small errors to slowly and insidiously force a ship off course.

If the autopilot is engaged, one could change the rudder command by modifying a GPS autopilot command like this:
Change R to L (Right to Left rudder command!) and then change the 2 byte XOR checksum at the end.

Conclusion

Ship security is in its infancy – most of these types of issues were fixed years ago in mainstream IT systems.

The advent of always-on satellite connections has exposed shipping to hacking attacks.
Vessel owners and operators need to address these issues quickly, or more shipping security incidents will occur.
What we’ve only seen in the movies will quickly become reality.

Links :
Posted by at 1 comment:
Labels:
Subscribe to: Posts (Atom)