{"id":29244,"date":"2023-05-06T22:08:24","date_gmt":"2023-05-06T20:08:24","guid":{"rendered":"https:\/\/marineforum.online\/?p=29244"},"modified":"2023-05-08T13:24:49","modified_gmt":"2023-05-08T11:24:49","slug":"it-security-on-board-the-fkie-security-laboratory","status":"publish","type":"post","link":"https:\/\/marineforum.online\/en\/it-sicherheit-an-bord-sicherheitslabor-der-fkie\/","title":{"rendered":"IT security on board - FKIE security laboratory"},"content":{"rendered":"<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">As reported by Informationsdienst Wissenschaft (idw) on 2 May 2023, the \"Maritime Cyber Security\" research group at the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) is building a maritime security laboratory together with the Fraunhofer Center for Maritime Logistics and Services (Fraunhofer CML). The aim is to simulate, recognise and defend against cyber attacks on ships.<\/span><\/span><\/span><\/p>\n<p><strong><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">Ships as potential targets<\/span><\/span><\/span><\/strong><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">Cyberattacks on industry and critical infrastructure are increasing worldwide. Ships, which transport billions of tonnes of goods around the world every year, are also potential targets as part of global supply chains. Overall, the need for networking is increasing - whether it is to be able to control routes ideally, monitor the flow of goods or enable the crew to connect to home. This makes maritime systems more susceptible to cyberattacks, as IT-supported on-board systems are often poorly secured.<\/span><\/span><\/span><\/p>\n<p><strong><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">Realistic test environment with stationary ship bridge<\/span><\/span><\/span><\/strong><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">According to the Fraunhofer FKIE, three types of attack are conceivable:<\/span><\/span><\/span><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">+ General attacks, not specifically aimed at ships, are the most common threat. A USB stick infected with a malicious programme and inserted into the on-board computer is enough.<\/span><\/span><\/span><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">+ Targeted attacks, carried out with a high level of expertise, that simply make ships disappear from the radar, for example.<\/span><\/span><\/span><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">+ Electromagnetic warfare (electronic warfare), when satellite-based positioning is influenced by jamming transmitters or high-frequency radio waves.<\/span><\/span><\/span><\/p>\n<figure id=\"attachment_29245\" aria-describedby=\"caption-attachment-29245\" style=\"width: 584px\" class=\"wp-caption alignleft\"><img fetchpriority=\"high\" decoding=\"async\" class=\"wp-image-29245\" src=\"\/wp-content\/uploads\/2023\/05\/deu-Manipulation-des-Radarbilds-durch-das-Bridge-Attack-Tool-BRAT-fkie-300x169.jpg\" alt=\"\" width=\"584\" height=\"329\" srcset=\"\/wp-content\/uploads\/2023\/05\/deu-Manipulation-des-Radarbilds-durch-das-Bridge-Attack-Tool-BRAT-fkie-300x169.jpg 300w, \/wp-content\/uploads\/2023\/05\/deu-Manipulation-des-Radarbilds-durch-das-Bridge-Attack-Tool-BRAT-fkie-1024x576.jpg 1024w, \/wp-content\/uploads\/2023\/05\/deu-Manipulation-des-Radarbilds-durch-das-Bridge-Attack-Tool-BRAT-fkie-768x432.jpg 768w, \/wp-content\/uploads\/2023\/05\/deu-Manipulation-des-Radarbilds-durch-das-Bridge-Attack-Tool-BRAT-fkie-1080x608.jpg 1080w, \/wp-content\/uploads\/2023\/05\/deu-Manipulation-des-Radarbilds-durch-das-Bridge-Attack-Tool-BRAT-fkie-750x422.jpg 750w, \/wp-content\/uploads\/2023\/05\/deu-Manipulation-des-Radarbilds-durch-das-Bridge-Attack-Tool-BRAT-fkie-1140x641.jpg 1140w, \/wp-content\/uploads\/2023\/05\/deu-Manipulation-des-Radarbilds-durch-das-Bridge-Attack-Tool-BRAT-fkie.jpg 1440w\" sizes=\"(max-width: 584px) 100vw, 584px\" \/><figcaption id=\"caption-attachment-29245\" class=\"wp-caption-text\">Manipulation of the radar image using the Bridge Attack Tool (BRAT). Photo: FKIE<\/figcaption><\/figure>\n<p><strong><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">Simulation in the laboratory<\/span><\/span><\/span><\/strong><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">These different types of attack with an impact on the real world can be simulated in the maritime security laboratory. As part of the MaCy (Maritime Cyber Security Laboratory) project in Hamburg, the Fraunhofer CML is currently developing a realistic ship's bridge into a cyber security laboratory. This environment provides all the instruments and systems on land that can also be found at sea, such as bridge hardware, marine radio and AIS (Automatic Identification System) transmitters\/receivers, as well as radar equipment or ECDIS (Electronic Chart Display and Information System) for navigation. Within the test environment, various devices and procedures are used to generate, recognise, investigate and, ideally, prevent IT security incidents. <\/span><\/span><\/span><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">The \"Bridge Attack Tool\" (BRAT) can be used to carry out various attacks, attacks, malfunctions or manipulations of the radar and navigation systems and show their effects on the on-board systems. After the analysis, industry partners can be made aware of existing weaknesses, supported in technical improvements and practical countermeasures can be developed.<\/span><\/span><\/span><\/p>\n<p><strong><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">Recognition and display<\/span><\/span><\/span><\/strong><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">In order to fend off cyber attacks on board as early as possible, the team has developed an intrusion detection system that recognises anomalies, evaluates them as possible attacks and issues warnings and alarms as well as instructions and recommendations for action to the crew on a Cyber Incident Monitor (CIM).<\/span><\/span><\/span><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">These should be clear and easy to implement, even in stressful situations. To this end, warning messages and acoustic alarms are linked to information and decision-making aids, e.g. \"GPS not trustworthy!\". The concept of alarm and warning messages is adapted to the guidelines of the International Maritime Organisation (IMO) on bridge alarm management. The work on CIM and BRAT is being carried out together with other companies as part of a research project for the Federal Ministry for Digital and Transport Affairs.<\/span><\/span><\/span><\/p>\n<p><strong><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">Creating awareness ...<\/span><\/span><\/span><\/strong><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">With the help of the innovative maritime security laboratory, the Fraunhofer Institute aims to raise awareness of the dangers of cyberattacks at sea among companies, authorities and nautical experts and, together with partners from industry, develop measures to test and retrofit existing systems on the one hand and to provide research data for the development of new solutions on the other.<\/span><\/span><\/span><\/p>\n<p><strong><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">... Develop measures ...<\/span><\/span><\/span><\/strong><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">Just because cyber attacks on ships have not yet become known on a large scale does not mean that security should be neglected. Especially on older freighters that have been in operation for decades, many systems urgently need to be upgraded. Consistent prevention in combination with effective methods for recognising potential cyber attacks is the best protection.<\/span><\/span><\/span><\/p>\n<p><strong><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">... Understanding dependencies<\/span><\/span><\/span><\/strong><\/p>\n<p><span style=\"color: #1a1a1a;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"font-size: medium;\">The cargo ship \"Ever Given\" blocked the Suez Canal for six days in spring 2021. Even if the cause of the accident was not a cyber attack, it is easy to imagine what impact a successful attack against the digital navigation and communication systems of one or more freighters could have.<\/span><\/span><\/span><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.fraunhofer.de\/de\/presse\/presseinformationen\/2023\/mai-2023\/mehr-it-sicherheit-an-bord.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"><button class=\"mfo-button\">Further information on the article<\/button><\/a><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: Arial, sans-serif;\"><span style=\"color: #1a1a1a;\"><span style=\"font-size: medium;\">Further information on \"<\/span><\/span><span style=\"color: #101e2e;\"><span style=\"font-size: medium;\">Data, facts and figures on the maritime dependence of the Federal Republic of Germany\" <\/span><\/span><span style=\"color: #1a1a1a;\"><span style=\"font-size: medium;\">in the<\/span><\/span><\/span><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.bundeswehr.de\/de\/organisation\/marine\/aktuelles\/jahresbericht-marinekommando-2022-5511912\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"><button class=\"mfo-button\">Annual report naval command 2022<\/button><\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Wie der Informationsdienst Wissenschaft (idw) am 2. Mai 2023 berichtete, baut die Forschungsgruppe \u201eMaritime Cyber Security\u201c am Fraunhofer-Institut f\u00fcr Kommunikation, Informationsverarbeitung und Ergonomie (FKIE) zusammen mit dem Fraunhofer-Center f\u00fcr Maritime Logistik und Dienstleistungen (Fraunhofer CML) ein maritimes Sicherheitslabor auf. In diesem sollen Cyberangriffe auf Schiffe simuliert, erkannt und abgewehrt werden k\u00f6nnen. Schiffe als m\u00f6gliche Angriffsziele [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":29296,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","footnotes":""},"categories":[48,42,52],"tags":[5583,4108,5582,5580,5427,5584,5581],"class_list":["post-29244","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-schifffahrt-news","category-news","category-technologie-news","tag-cyberattacke","tag-cybersicherheit","tag-cybersimulation","tag-fkie","tag-fraunhofer-institut","tag-sicherheit-auf-see","tag-sicherheitslabor"],"acf":[],"_links":{"self":[{"href":"https:\/\/marineforum.online\/en\/wp-json\/wp\/v2\/posts\/29244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/marineforum.online\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/marineforum.online\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/marineforum.online\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/marineforum.online\/en\/wp-json\/wp\/v2\/comments?post=29244"}],"version-history":[{"count":0,"href":"https:\/\/marineforum.online\/en\/wp-json\/wp\/v2\/posts\/29244\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/marineforum.online\/en\/wp-json\/wp\/v2\/media\/29296"}],"wp:attachment":[{"href":"https:\/\/marineforum.online\/en\/wp-json\/wp\/v2\/media?parent=29244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/marineforum.online\/en\/wp-json\/wp\/v2\/categories?post=29244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/marineforum.online\/en\/wp-json\/wp\/v2\/tags?post=29244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}