2023 GMTSC Symposium

Cyber-SHIP Lab (Plymouth University) Presentation

Disrupting Australian Trade – A Maritime Cyber-Attack: Presentation by CyberSHIP Lab (University of Plymouth) Like many ports across the world the Port of Fremantle has a long history of being an important nexus between land and sea. Officially opened in 1897, the harbour and its access to the Swan River, has played a major role in Western Australia’s development. It is the busiest cargo port in Western Australia, used by a mixed fleet including container ships, cruise ships and military vessels, making the port a strategically significant point in Australia’s national and economic security. This, along with the global demand for larger ships, which themselves are becoming increasingly digitally connected, make the port susceptible to cyber-physical attacks. These attacks make use of many of the founding features of the port, including its physical geography and could have a significant impact at a local, regional, and national level.

The University of Plymouth presentation will play out a carefully crafted, realistic scenario in which an attacker is able to compromise a container vessel’s propulsion and steering equipment as it enters the Port of Fremantle. The attack, developed in University of Plymouth’s Cyber-SHIP lab, will demonstrate how, through a simple social engineering attack, the malicious actor can get malware across the land-sea airgap. On activation, the malware compromises the command-and-control communications of critical ship systems, causing the ship to change its course. Through the aid of visualisation this presentation will illustrate the impact that this attack could have on the Port of Fremantle, including the long- term econometric implications.

The presented scenario represents a worst-case scenario for the port, developed using publicly available information, that a motivated group, or individual could replicate. However, as the conclusions of this presentation will discuss, there are various procedural and technological measures ranging from simple to complex that could be implemented to mitigate the risks of such an attack.