There are new SOLAS weight in motion standards for containerised cargo requiring verified weights. In modern ports the container weight is checked by the straddle and the crane. The ships know how heavy they are and their trim. If all else fails, water lapping over the gunnels may alert the stevedores or the crew that something is amiss.
Container ship loading plans are 'easily hackable'
Security researchers have warned that it might be possible to destabilise a container ship by manipulating the vessel stowage plan or "Bay Plan". The issue stems from the absence of security in BAPLIE EDIFACT, a messaging system used to create ship loading and container stowage plans – for example which locations are occupied …
COMMENTS
-
-
Monday 20th November 2017 11:36 GMT Norman Nescio
Re: Overload
If all else fails, water lapping over the gunnels may alert the stevedores or the crew that something is amiss.
I'd hope someone might notice if the water went above the Plimsoll line before it reached the gunwales.
...but the issue here is not necessarily overloading, as such, but distributing the load to affect the dynamic stability of the ship, which is more subtle, and wouldn't show up via the Plimsoll line. It's like loading a car - you put the heavy stuff as low as possible, and the light stuff at the top - but in a ship you also have to avoid putting too much mass away from the centre-line, or too far forward or sternwards.
Some disaster porn of the consequences of container weight misdeclaration here: Consequences of container weight misdeclaration – a pictorial:
An interesting blow-by-blow account of salvaging a stranded container ship: M/V Rena (Each blog entry has pictures)
And parametric rolling - why load distribution is important - includes a nice picture of the Bay Chay Bridge with a few containers missing.
-
Monday 20th November 2017 21:41 GMT LesC
Re: Overload
Brit insurance outfit the P&I Club have a few videos of managing containers (TEU not Kuberdocker) up on Youpewdepie the one linked has a rather entertaining start at what suspiciously looks like Alton Towers from a while back. There are the full length versions out there too. The title name's not that bad either - or the rollercoaster scenes - container devs please note ;)
https://www.youtube.com/watch?v=L6zUT55bnJ8&t=293s
-
-
-
-
-
Monday 20th November 2017 13:17 GMT Anonymous Coward
Re: some sort of a climax / monoculture / outsourcing
Yes,at some stage the climax will be that there are not enough people that know how the real world works, and cloud based, outsourced, arms-length providers full of qualified but inexperienced PFY's will be running your businesses. None of them will know what the others are doing, and things will go wrong. IIRC an Arianne rocket was aborted due to software between engine and navigation using different units - I am sure both pieces of software were perfect in testing...
It is not easy to train people in real life and experience, I've found.
In this instance, at least, its only containers full of pollutants falling into the sea...
-
This post has been deleted by its author
-
-
-
Monday 20th November 2017 11:10 GMT Paul Cooper
This report (https://www.gov.uk/maib-reports/listing-flooding-and-grounding-of-vehicle-carrier-hoegh-osaka) shows the causes of the grounding of a car and truck carrier. The grounding was caused by a combination of a) inaccurate recording of the weight of vehicles loaded and b) failure of the system for measuring the contents of tanks, resulting in the officers relying on adding and subtracting weight as the contents changed. The latter is subject to errors well-understood by most here and resulted in the figures being used bearing little relationship to reality.
Basically, how could a hacker cause more problems than arise without malice anyway?
-
This post has been deleted by its author
-
Monday 20th November 2017 12:55 GMT Anonymous Coward
Would it be possible to destabilize a ship by reducing the cargo during transit?
Could somebody destabilize a container ship by filling containers with a volatile liquid like isopropyl alcohol, and then opening the barrels via a remote-control so that the contents evaporate and the contain weights change dramatically while the ship is at sea?
That seems like an awful lot of work to pull off, but you could pack a perfectly legal and fairly common substance into multiple containers and then let nature unload the containers for you while in transit.
-
Monday 20th November 2017 19:14 GMT a_yank_lurker
Re: Would it be possible to destabilize a ship by reducing the cargo during transit?
The easier way is to reassign the container weights so the heavier ones one carried high. If the weight distribution is bad enough the ship could easily capsize. Might a great idea of marine insurance fraud (with a few murders thrown in).
-
-
-
Monday 20th November 2017 13:35 GMT Nimby
Too much effort.
Considering the number of human-error accidents and nature-related losses that happen all the time, who needs malicious activity? That's what insurance is for.
Besides, on the open seas be pirates. Yo ho ho and a cargo container of rum!
Frankly, I'm surprised that the system works at all. Is it secure? No. But it's the kind of insecurity that doesn't need hackers to exploit, so who cares how hackable it is?
-
Tuesday 21st November 2017 23:41 GMT John Brown (no body)
Re: Too much effort.
"Frankly, I'm surprised that the system works at all. Is it secure? No. But it's the kind of insecurity that doesn't need hackers to exploit, so who cares how hackable it is?"
Maybe malicious actors never even thought of this before. Manipulating the system to smuggle or steal is one thing, but maybe no one ever made the leap to attempting to sink ships with it. Until someone publicly shouts from the rooftops that it's possible.
I do sometimes wonder if publishing info on theoretical threats is a good idea.
-
-
Monday 20th November 2017 13:51 GMT Chris Malme
Missing the point
While amusing to ponder, the research misses the point somewhat. There is nothing "secure" about the message itself. Security is provided by the method used to send/receive the message. While there are no doubt systems somewhere that still send such data in the clear, all EDI systems I have worked with in recent years use some kind of secure protocol for communications.
As for that "easily hackable" UNT segment. It was never intended as a precaution against intentional manipulation, but simply as a check-sum against communications problems, back in the days where everything was done via modem, and partial transmission of messages was possible should problems occur.
-
Monday 20th November 2017 16:16 GMT Anonymous Coward
Re: Missing the point
Indeed the manifests should be encrypted with the highest level of security possible before being given to the maritime and security agencies of every 3rd wold country that the ships pass near.
Had an incident here with a chemical fire on a train passing near our small town. Unlike trucks they have no requirement to carry hazmat records and the rail company refused to give any manifest information to the fire service - for reasons of commercial confidentiality. The railroads are exempt from local and state health and safety law.
In this case an easily hackable public record of what was on the train might have been useful.
-
-
Monday 20th November 2017 17:33 GMT Anonymous Coward
Relieved
that I don't drive ships for a living any more.
Bloody Metacentric heights, Centre of Gravity and Buoyancy, all calculated by hand, and you then find some bugger cheated the weights and tried to kill you.
Ah well. Wasn't my fault they swapped the 20' ft box of frozen fish with the 20' box of expensive Ferrari between reefer and deck stows. The car survived the freezing quite well. The same could not be said of the fish...
Nice video on the parametric rolling.
Some more stability basics for those who are interested:
https://en.wikipedia.org/wiki/Metacentric_height (interesting that even on a pretty large ship GM is measured in a few 10s of cms if I remember correctly)
https://en.wikipedia.org/wiki/Angle_of_loll (nasty scenario - timber ships are high risk)
-
Tuesday 21st November 2017 11:58 GMT Anonymous Coward
From my time working at a port
While EDI messages should be sent over secure methods, as a port operator with a government charter, you try mandating that without losing your license in many parts of the world. Some of our agents are barely computer literate and so we get EDI messages attached to emails; a sort of manual EDI... :/
We can be reasonably secure for the majors lines, and the local ones can at least narrow it down to a specific sending IP but without encryption, that's also not insurmountable to spoof.
However, even then, if you could get hold of an inbound manifest*, edit it, and send it to the planners attached to a spoofed email, they'd probably happily upload it into NAVIS** for you.
* The guys would notice pretty quickly if the stowplan didn't match up with what was coming off the ship. Not that that would matter if you just wanted to cause some chaos at a busy port, and scrambling a few simultanious ships' worth of data would be a decent attempt: port operator is out of pocket for all the bad staging moves and is fined for holding up ships.
** ugh