In the first year that the Bank of England has agreed to include a maritime realistic disaster scenario into its general insurance stress test, the University of Plymouth’s Maritime Cyber Threats Research Group was asked to propose an appropriate maritime cyber stress test.

The stress test proposed concerns threat actors gaining access to the bridge systems of commercial seagoing vessels and compromising the control systems.

The intrusion goes undetected for weeks until the threat actor locks the rudder and propulsion system of a container ship causing it to hit a quay in the port of Singapore. A day later, the threat actor causes another container ship to hit a quay and cranes in the port of Los Angeles.

Physical damage is caused to the quay and cranes, there is some loss of cargo and some hull damage. The threat actor threatens further accidents unless a US$50 million ransom is paid by each of the top five cargo shipping companies (as measured by twenty-foot equivalent units (TEU) capacity).

As a precautionary measure, many ships stop their journeys and all container port authorities close their ports until the bridge systems of impacted ships are checked, disrupting the maritime supply chain accounting for 90% of world trade in goods.

It takes three days to determine which elements of the bridge system have been compromised and two more days to develop a solution.

The motivation of the threat attacker is more political than financial with the ransom demand adding to the confusion.

Our speaker today is Professor Kevin Jones, who, as a Director of the Maritime Cyber Threats Research Group, played an integral part in the submission of this RDS.

The scenario was conceived in line with the University’s work as part of the €7 million Cyber-MAR project, which aims to develop greater awareness of the cyber threats facing the global shipping fleet and the most effective ways of countering them.

It was then demoed in the Cyber-SHIP Lab, a unique, hardware-based maritime cyber security research and development platform supported by funding from Research England and several industry partners.

Speaker - Professor Kevin Jones

Kevin is the Executive Dean, Faculty of Science and Engineering at the University of Plymouth.  As a Director of the Maritime Cyber Threats Research Group, Kevin is currently investigating some of the most pressing technological threats posed to global shipping at all levels from theory through to practice. Under Kevin’s leadership the group has published widely on the security challenges facing the maritime sector, developed partnerships with businesses and in 2018 was the only UK representative at the US Coast Guard panels on Maritime Cyber Security. Finally, Kevin is playing an integral part in the recently formed Cyber-MAR network, a €7million European network which aims to enhance cyber preparedness across the maritime sector.