back to article Shipping is so insecure we could have driven off in an oil rig, says Pen Test Partners

Penetration testers looking at commercial shipping and oil rigs discovered a litany of security blunders and vulnerabilities – including one set that would have let them take full control of a rig at sea. Pen Test Partners (PTP), an infosec consulting outfit that specialises in doing what its name says, reckoned that on the …

  1. Mad Chaz

    Surprised

    Well, not really. I suspect the rational for most of the info sec was "we're in the middle of the ocean, who's going to hack us?". Nevermind that the people on the ship are the bigger risk. That would cost money to fix!

    1. John Brown (no body) Silver badge

      Re: Surprised

      But when you consider the cost of the ship, the extra WiFi APs and maybe more data allowance for non-business use is..erm...a drop in the ocean.

      1. cdegroot

        Nothing new...

        I wouldn't be surprised if shipping containers would be a very low margin business. You have mega capital expenses (Google "MSC Gülsün") and a bunch of very large players that all offer pretty much exactly the same product: pick up container in Shanghai, drop it off in Rotterdam. That's the sort of business where you want to cut all non-essential costs.

        1. Anonymous Coward
          Anonymous Coward

          Re: Nothing new...

          "That's the sort of business where you want to cut all non-essential costs."

          And crew is one of those costs - I suspect some of these come down to people doing multiple jobs, particularly after the overcapacity issues during 2015-2018.

        2. Richocet

          Re: Nothing new...

          So are you aware that the crews of some of these ships are slaves? https://www.theguardian.com/law/2010/sep/30/modern-day-slavery-fishing-europe

          The rest are extremely poorly paid.

          1. Yet Another Anonymous coward Silver badge

            Re: Nothing new...

            But not on Maersk / MSC / CMA container ships

          2. IGotOut Silver badge

            Re: Nothing new...

            "https://www.theguardian.com/law/2010/sep/30/modern-day-slavery-fishing-europe"

            A ten year old article reporting on 4 year old (at that point) reports.

          3. John Brown (no body) Silver badge

            Re: Nothing new...

            Yeah, but we're talking about large container ships and cruise ships as per the article. And oil rigs.

    2. chivo243 Silver badge
      Pirate

      Re: Surprised

      Surprised the Captain let this info off the ship! Haar matey! Ya be goin nowheres dry! or sunny...

      now wheres me coat...

      1. MachDiamond Silver badge

        Re: Surprised

        "Surprised the Captain let this info off the ship! "

        You are assuming the Captain knows this is going on and is competent in computer networks. Driving a ship is a pretty specialist job.

    3. Anonymous Coward
      Anonymous Coward

      That's not unreasonable

      If the attacks are via unsecured wifi access points you'd need to get pretty damn close to perform this hack. This isn't something some guy halfway across the world could do, so it would be pretty obvious who is doing it.

      Now if they had control via satellite that would be more troubling, as that hack could happen from quite a distance...

      1. Cardinal

        Re: That's not unreasonable

        Well, you could have an evildoers launch getting pretty close to a loaded tanker, in, for example, the Straits of Hormuz. Lots of places around the world where sea room is rather confined and traffic is heavy, including the English Channel, the Bosphorus, Suez and Panama Canals, not to mention navigable rivers like the Elbe, Weser, Rhine, Mississippi etc.

        How about a drone?

        ,

        1. batfink

          Re: That's not unreasonable

          Bobbing about in a launch on the high seas alongside a passing merchant ship while trying to (a) find a spot where you can connect to the wi-fi (remember that the point of the rogue AP's was that wi-fi doesn't travel that well through a series of metal boxes), and (b) hoping this is one of the vulnerable ones, doesn't sound all that efficient to me.

          Less efficient than the traditional eyepatch/gun/parrot approach, say.

          1. Muscleguy

            Re: That's not unreasonable

            However guy with a device or two standing on the shore at the big canals the seaway into the Great Lakes etc and scanning for vulns in passing vessels is entirely possible. You can even bring your own deckchair.

            Think of the terrorist cells in Sinai or the drug cartels in Central America. Stop the ship in the canal, create a diversion and get your product on board.

            Creative minds in such spheres will be reading this and going ‘hmm’.

            Also if you can run the engine room from the bow that suggests someone amidships on a close shore can as well.

          2. Cuddles

            Re: That's not unreasonable

            "Bobbing about in a launch on the high seas alongside a passing merchant ship while trying to (a) find a spot where you can connect to the wi-fi (remember that the point of the rogue AP's was that wi-fi doesn't travel that well through a series of metal boxes), and (b) hoping this is one of the vulnerable ones, doesn't sound all that efficient to me."

            Or you could just wait until it's in port. The vulnerabilities still exist when the ships are not out by themselves on the high seas.

            As for hoping it's one of the vulnerable ones, I rather suspect that the list of vulnerable ships is extremely similar to the list of ships.

          3. hmv

            Re: That's not unreasonable

            WiFi can sometimes travel a surprisingly long distance if you have a decent antenna and there's not much between you and the target. And ships are surprisingly often near land (as a minimum, twice each journey).

            I suspect nothing will change until it's "You're not allowed to dock here until you have ${some basic security certification}".

      2. steviebuk Silver badge

        Re: That's not unreasonable

        You can, could have someone sneak in via boat and hide under the rig. With a powerful enough aerial they could pick up the WIFI. You could have a rogue employee who either is annoyed or in an attempt to steal secrets got a job there specifically to exploit the week network.

        1. Pascal Monett Silver badge

          I don't think of the high seas as a place where you'd lug a powerful aerial on a boat to hack passing cargo container wifi. The open ocean is not exactly a comfortable place to be, unless you're in a very big ship.

          And even then, things can get rough.

          Poor infosec in the middle of the Pacific ? I think the cargo companies can live with that.

          1. Muscleguy

            I’m in Dundee, the rigs are just over the horizon and in known positions. Sea kayaks (I did a refresher course recently) have a depression at the front for a compass for heading for places over the horizon. You make the jump to St Kilda that way for eg. I would go out to Bell Rock locally the same way because it is not visible from shore being too low down.

            The rigs are kayakable to and the weather forecast is pretty good these days. Kayaks are very, very buoyant and you can raft up with colleagues in rough seas as the Inuit do.

            Here in Scotland we have the legend of the Selkies, who take the form of seals on the sea and walk as men on land. Inuit wear sealskin and their kayaks are sealskin and they wear them. There are historic records of Inuit turning up in Scotland. Young males sometimes got wanderlust and got quite a distance.

            So don’t discount the possibility. Also here in Dundee we have self powered mobile rigs docked all the time. One was recently subject to Extinction Rebellion protest, three young women with climbing gear climbed one of the legs (they stick up in the air when docked, used to block CH5 analogue services). You could get close to one in a kayak or small boat quite easily. All the local yacht clubs are just east of the rig docks. Running a rig into the Tay Road Bridge would cause a lot of disruption. It is not far West of the rig so you wouldn’t have to take it far. If it went right through a span of the Road Bridge you could carry on to the Tay Bridge carrying the East Coast mainline.

            We also get cruise ships in dock in the summer. Same thing applies.

            1. Intractable Potsherd

              @muscleguy: You beat me to it by 4 minutes!

              1. Muscleguy

                And note there is NO dedicated, on station rig defence unit in the British Armed Forces. The Norwegians have one. The SNP’s Independence White Paper proposed to create one and base it on the East Coast along with surface ships.

                There are NO surface naval ships based in the East Coast or the Northern Isles Scapa Flow is history as a naval base. The British rigs are utterly and completely unprotected. We would have to ask the Norwegians to help.

                So any attackers would have quite some time to cause havoc before being bothered. I expect Polis Scotland would have to try.

                1. Avatar of They
                  Thumb Up

                  Possibly

                  Anyone taking an oil rig in the UK would probably find the Special Boat Service (SBS) dropping them a 'call.' I believe they have the maritime counter terrorism role.

                  Being the same as the SAS in terms of role and training, that 'call' would be at the working end of some violence.

                  1. Korev Silver badge

                    Re: Possibly

                    IIRC the Royal Marines also have this as part of their roles. I suspect the RM dropping round for a cuppa wouldn't take much longer than the SBS.

                2. matt 83

                  Don't people usually fly to oil rigs? Pretty sure they're be in reach of the RAF and they'd get there a lot quicker than any surface ship.

                  1. SkippyBing

                    Remember that hi-jacked merchant ship around Christmas 2018? Basically that but on a static target. Mostly RN aircraft for that role incidentally.

                3. SkippyBing

                  'There are NO surface naval ships based in the East Coast or the Northern Isles Scapa Flow is history as a naval base.'

                  If only there was some way of moving ships there under their own power...

            2. Muscleguy

              And from Aunty just now

              https://www.bbc.co.uk/news/uk-scotland-north-east-orkney-shetland-51557281

              Cut the power to a rig and they evacuate everyone.

          2. rmason

            @Pascal

            Your issue there is that the average ship is of very little use, unless it comes back to land at some point.

            They won't magically become secure when docked.

      3. Lazlo Woodbine

        Re: That's not unreasonable

        Most of the vulnerabilities stem from staff usage, if the staff are doing personal browsing on the command & control network then it's not always going to end well...

  2. Alister
    Facepalm

    That blanked out username looks suspiciously like "User"...

    1. sanmigueelbeer

      That blanked out username looks suspiciously like "User"

      Don't be silly. It is actually "admin" -- Because everyone knows it is always "user".

  3. The Man Who Fell To Earth Silver badge
    Alien

    Same old same old

    Board a Starship, and it's more of the same.

    1. Anonymous Coward
      Anonymous Coward

      Re: Same old same old

      My ships AI just pretends you hacked it... then plays with your mind as it does exactly what you asked "open the pod bay doors" but waits till your standing next to them.

    2. GnuTzu

      Re: Same old same old

      Capsize...

      It's 2020, and I'm just getting so board with this.

  4. Alan J. Wylie

    At a previous place of work, one of the consultants went to check the security of some of a cruise liner's systems, mostly for on-board purchases and charges. PCI DSS sort of thing. It only took a day or so, but they weren't going to change the ship's schedule, so he got a few free extra days lounging around before it next docked. Nice work, if you can get it.

  5. Anonymous Coward
    Stop

    "bridging designed gaps between...engineering control systems and human interface"

    Jesus, guys. I'm not even a technologist, and I know that is a horrible idea. All you need is some hacker or cyber-terrorist to grab control of a big container ship entering Hong Kong or something, and start using it to run down ferries and water taxis, or force the ship aground to pile a bunch of losses and liability on the owner, for the benefit of an unethical competitor.

    1. Drew Scriver

      Re: "bridging designed gaps between...engineering control systems and human interface"

      You can do a lot of damage with a large vessel, but "running down water taxis" isn't one of them. Kind of like a rhinoceros trying to pin down a squirrel.

      Running into another large ship (e.g. cruise ship) that is equally hard to maneuver would be a more likely issue. Or ramming an oil platform.

      1. wegie

        Re: "bridging designed gaps between...engineering control systems and human interface"

        Cruise ship? Nah. That's just civilian crap. You want your zombied tanker heading straight at the USS Gerald R Ford or HMS Queen Elizabeth in a port that doesn't have complete separation of civil and military vessals.

        1. SkippyBing

          Re: "bridging designed gaps between...engineering control systems and human interface"

          To be fair the ferries in Portsmouth can manage that without any evil intent whatsoever.

      2. TRT Silver badge

        Re: "bridging designed gaps between...engineering control systems and human interface"

        Yeah, you do can do a lot of damage in a very short time

      3. Avatar of They

        Re: "bridging designed gaps between...engineering control systems and human interface"

        To me you just grab the panamax in the panama canal (or Suez), kill all engines, drop the anchor and then scramble the codes so it can't be restarted.

        Disruption alone to international trade etc. No need to ram anything, no one is hurt etc. Abillity to get close because of the sides of the canal etc.

        Same with something like the Sydney landmarks, statue of liberty, oil terminal etc. Large static and high profile.

        1. Anonymous Coward
          Anonymous Coward

          Re: "bridging designed gaps between...engineering control systems and human interface"

          They just saw or blast-cut the anchor chains and tow it one way or the other to get it out of the way. Troublesome, yes, but it's not like the Canal isn't prepared for such things as a Panamax suddenly going adrift within.

          1. TRT Silver badge

            Re: "bridging designed gaps between...engineering control systems and human interface"

            Now if you could get control of the tow mules, you could cause some grief.

            1. Anonymous Coward
              Anonymous Coward

              Re: "bridging designed gaps between...engineering control systems and human interface"

              Thankfully, last I checked, running the mules requires a bit of a deft touch and a good eye, both of which require local presence. They may have monitoring equipment, but operations, like with the ships while they're in the canal, requires an actual person at the helm.

    2. cybergibbons

      Re: "bridging designed gaps between...engineering control systems and human interface"

      Honestly, this isn't the big risk.

      It's either bricking hundreds of ships at a time, or disabling the BOP and causing a rig to drive off station and cause an ecological disaster.

    3. IGotOut Silver badge

      Re: "bridging designed gaps between...engineering control systems and human interface"

      Or point a gun at someone's head.

      It bought in 10's of millions for the Somalis after all.

      1. jake Silver badge

        Re: "bridging designed gaps between...engineering control systems and human interface"

        That's why merchant shipping in areas like that have a gun locker .... and a crew who know how to use it.

        1. cybergibbons

          Re: "bridging designed gaps between...engineering control systems and human interface"

          Urban myth. Virtually no merchant ships carry guns, and those that do, it's no the crew using them.

          1. gazthejourno (Written by Reg staff)

            Re: Re: "bridging designed gaps between...engineering control systems and human interface"

            Fun fact, the Civil Nuclear Constabulary deploy honest-to-god 30mm Vulcan cannon aboard civilian shipping. Not hard to guess why!

            1. jake Silver badge

              Re: "bridging designed gaps between...engineering control systems and human interface"

              "Not hard to guess why!"

              Because they are fun to play with would be my guess. And besides, why not? There's plenty of room to store ammo on board, unlike, say, aircraft or armored vehicles.

          2. jake Silver badge

            Re: "bridging designed gaps between...engineering control systems and human interface"

            Every merchant vessel I've worked on had a gun locker of one description or another. Granted, I only worked on them in port or on delivery and test runs, not while going about their business (coms, computers & controls mostly).

            1. cybergibbons

              Re: "bridging designed gaps between...engineering control systems and human interface"

              I've been on 15+ ships in the two years, none have carried weapons.

              1. cybergibbons

                Re: "bridging designed gaps between...engineering control systems and human interface"

                More to the point, that would require the crew are licensed to use firearms.

                What type of ship have you seen this on? What area of the world?

                1. John Brown (no body) Silver badge

                  Re: "bridging designed gaps between...engineering control systems and human interface"

                  "More to the point, that would require the crew are licensed to use firearms."

                  And not forgetting, licensed for each jurisdiction they make port in, bearing in mind that even locked away, those weapons may be illegal to even possess, as some British "security guards" discovered in India a year or three back.

                  1. The Oncoming Scorn Silver badge
                    Pirate

                    Re: "bridging designed gaps between...engineering control systems and human interface"

                    I worked with a young gentleman, some years back who took a job at C&W jumping ship from RACAL.

                    He confirmed that they all had weapons training for such an event as the ship potential hijacking (Gun boats) & access to the gun locker & as the most junior officer on the ship he got to ring the bell for New Year at midnight (When\wherever that happened to be the seas).

                    Hope you are well Mr Wxxxxxx, wherever life took you.

                2. jake Silver badge

                  Re: "bridging designed gaps between...engineering control systems and human interface"

                  Since when did one need a license to use weapons on the high seas? Who is the licensing authority? How is it enforced, and by whom?

                  I've seen this on most commercial ships that travel in dangerous parts of the world. I wouldn't expect to see it on shipping between, say, France, England and Denmark.

                  From what I understand from the Captains who actually do it, jettisoning "illegal" weaponry when entering the waters of countries where they are frowned upon is routine. Guns are cheap, cargo is not.

                  1. cybergibbons

                    Re: "bridging designed gaps between...engineering control systems and human interface"

                    Well, since you need to obey the law of the flag state of the vessel, which is pretty obvious, you need to obey their rules:

                    https://www.ics-shipping.org/docs/default-source/Piracy-Docs/comparison-of-flag-state-laws-on-armed-guards-and-arms-on-board-2017.pdf?sfvrsn=0

                    I've been on plenty of voyages passing dangerous parts of the world. No guns. It's a rarity.

              2. jake Silver badge

                Re: "bridging designed gaps between...engineering control systems and human interface"

                None that you know of, perhaps. Did you have a need to know?

                1. cybergibbons

                  Re: "bridging designed gaps between...engineering control systems and human interface"

                  Yes, give that I was one of the crew who would be supposedly trained to use them...

              3. SkippyBing

                Re: "bridging designed gaps between...engineering control systems and human interface"

                I've been on 15+ this century and they all did. Anecdote != data.

                1. cybergibbons

                  Re: "bridging designed gaps between...engineering control systems and human interface"

                  Which flag? What type of vessel?

  6. This post has been deleted by its author

  7. Androgynous Cow Herd

    So, the ship is 300M long...and you don't want to walk

    this is hardly an excuse. Many corporate campuses are larger and manage to have reasonable security.

    Being on a boat isn't an excuse. Having an IT crew unemployable on dry land might be.

    1. Mark192

      Doesn't matter how poor the excuse is

      If people are going to try to do it, it needs to be designed around so that they either can't or they can in a secure way.

      Just saying that's a poor excuse and they shouldn't have done it is of no bloody use whatsoever when faced with the expense of an avoidable incident.

      1. Doctor Syntax Silver badge

        Re: Doesn't matter how poor the excuse is

        "the expense of an avoidable incident."

        There's never a budget to prevent an incident but there's always a budget to mop up afterwards.

        1. Rich 11

          Re: Doesn't matter how poor the excuse is

          Unless the company thinks it can walk away without any liability:

          https://en.wikipedia.org/wiki/Jian_Seng

    2. Sgt_Oddball

      Re: So, the ship is 300M long...and you don't want to walk

      Try walking to the other end of the ship in a force 6 gale... Sometimes you just don't want to have to don the s'owesters just to do some minor change.

      Regarding the jury rigged WiFi.. I'd also wonder just what sort of sites were being visited by the crew? It's lonely out at sea afterall...

      1. Anonymous Coward
        Anonymous Coward

        Re: So, the ship is 300M long...and you don't want to walk

        "I'd also wonder just what sort of sites were being visited by the crew?"

        Captain Pugwash?

        1. Sgt_Oddball

          Re: So, the ship is 300M long...and you don't want to walk

          Rodger the cabin boy?

          1. jake Silver badge

            Re: So, the ship is 300M long...and you don't want to walk

            As long as you're both of age, and willing, who am I to question your choice of recreation?

          2. adam 40 Silver badge

            Re: So, the ship is 300M long...and you don't want to walk

            Seaman Staines?

      2. jake Silver badge

        Re: So, the ship is 300M long...and you don't want to walk

        "what sort of sites were being visited by the crew?"

        Who cares? It's lonely at sea.

        1. The Oncoming Scorn Silver badge
          Pirate

          Re: So, the ship is 300M long...and you don't want to walk

          Did everyone forget Master Bates!

          Sorry guys but the names cited are urban legends while hilarious & can imagine them being slipped in as a gag.

          Captain Pugwash

          Master Mate

          Barnabas

          Willy

          Tom the Cabin Boy

          1. William Towle
            Paris Hilton

            Re: So, the ship is 300M long...and you don't want to walk

            There were definitely at least some accidental references in things, though I don't recall any sniggering at school about Pugwash - and there would definitely have been some.

            Last year, Radio 4's Something Understood episode "The Voice" snuck in a cracker from Ivor the Engine:

            "Owen's not awake yet. Give him a blow, Ivor!"

            Ooer.

    3. cybergibbons

      Re: So, the ship is 300M long...and you don't want to walk

      This attitude is why there are problems.

      Last time I checked, I didn't need to put on a boiler suit, hard hat, safety boots, and gloves to go out to a PC in an air-conditioned space to fix a user's PC.

      Then there's the weather. People die on vessels going out 300m.

      https://www.londonpandi.com/knowledge/news-alerts/maib-report-on-fatal-accident-on-board-maersk-kithira/

      There are no IT crew. Outside of cruise ships, there is no one with training in this. It's down to the person who knows the most IT.

      Honestly, your comment is glib and pretty offensive, and totally lacking in understanding that not everyone is a desk jockey.

      1. jake Silver badge

        Re: So, the ship is 300M long...and you don't want to walk

        Exactly. You beat me to it.

    4. hmv

      Re: So, the ship is 300M long...and you don't want to walk

      On the other hand, most corporate campuses aren't dancing around in a force 10 gale.

  8. Pete 2 Silver badge

    Bad design

    I am told there is a principle in designing parks. You build the park, see where people want to walk, then build the paths along those lines. If a designer decides that a path will go from A to B, but people prefer to take a different route, they will.

    The same applies to security. It is just plain dumb for an infosec person to say "this is what users should do" and then build security around that. A better approach is to see what users actually want and then make those available in a secure manner.

    1. Anonymous Coward
    2. Anonymous Coward
      Anonymous Coward

      Re: Bad design

      Trouble is, designing parks and designing ships, especially things like container ships (where the cargo dictates the shape) and submarines (where space is at a necessary premium), are two entirely different kettles of fish. And have you had to go down the length of three football fields (exact fraction depends on the variant) multiple times a day, usually up on a tossing, wind-swept deck or downbelow in cramped decks? As they say, necessity is the mother of invention, ease of use trumps security anyway, and a captain at sea isn't one without the consent of his/her crew.

      1. EarthDog

        Re: Bad design

        Going on decks in bad seas is more than inconvenient it is dangerous. Some one said corporate campuses are larger, but they are designed to be part of an internal secure environment. The same thinking must be applied to ships. With compartmentalized subnets.

      2. cybergibbons

        Re: Bad design

        Ships do need better design, from a human factors perspective. They ignore human costs, and push crews to their limits.

    3. Muscleguy

      Re: Bad design

      There’s a corner just opposite the local shops. There’s a paved path which cuts it leading from the island crossing. The council deciding to do the sensible thing. The local garden centre can be walked to but you don’t want to walk all the way down to the vehicle entrance. So you slither down the little bank. There’s a path there now. At the local Aldi carpark there are two slithers down to the pavement. The vehicle approach is not good for pedestrians. I expect them to be make official and paved very soon.

      Some paths are just egregious. At one angled T-junction I run through early on Sunday mornings sometimes there’s one of those fenced in controlled crossings where they make you trudge 20m up the road then has a 10m chicane to get to the other carriageway. I’m outside the fence on approach and I run across the grass strip below. Hardly any traffic and I have a full view of it. Later on the same run there’s a 5 roads city roundabout with pedestrians corralled by fences. Again I’m outside the fences on approach and I run round it on the outside facing any traffic. Never had a problem. Wouldn’t do it midweek.

  9. Starace
    Devil

    And yet...

    Despite all these horrible security flaws no particular sign of anyone taking advantage?

    It's been nearly 40 years since Superman 3 yet no one seems to have done the 'hack ships to do stuff' thing in anger.

    1. Anonymous Coward
      Anonymous Coward

      Re: And yet...

      Meanwhile, in NK and Iran, somebody's new project is getting massive funding. Why build warships when you can just borrow them? Why build expensive bombs when tankers are free? Look up 'blockship' for simplicity. With enough tin cans, is Tianjin within WiFi range of Pyongyang? Or a "fishing boat" in Bohai? What's that phrase? "Cheap as ships" ?

      1. Drew Scriver

        Re: And yet...

        Why the focus on WiFi? The ships generally have satellite access. Once global LEO satellite internet access I imagine virtually all ships will utilize that. 24x7 global access to non-secured systems on board - what could possibly go wrong?

        1. Charles 9

          Re: And yet...

          One, that satellite access is generally slow and metered. Two, the WiFi is likely for local access (inTRAship communications).

          1. cybergibbons

            Re: And yet...

            It's normally 10MB/s and above, and always on.

      2. EarthDog

        Re: And yet...

        why do that when you can brick every super tanker on the planet? The goal economy would collapse.

        1. Rich 11

          Re: And yet...

          Start stocking up on dog food and old leathers -- it's Mad Max time!

          1. jake Silver badge

            Re: And yet...

            We have that covered here at Chez jake ... but being intelligent, we also have a largish stash of people food. Not for the doom-sayers apocalyps, mind ... rather because we live a couple hundred yards from the Roger's Creek Fault. When, not if.

            1. Rich 11

              Re: And yet...

              Eep. Is that the one where 30 miles of California coastline could slide into the ocean, leaving you with a beachfront property overnight?

              1. Criggie

                Re: And yet...

                yep - its really high risk property speculation. But "beachfront" is always desirable so worth taking the risk.

              2. jake Silver badge

                Re: And yet...

                No. It's a transform fault. One side is moving North, the other is moving South. There is no vertical movement to speak of.

                Roger's Creek hasn't moved in a century, or thereabouts. When it finally shifts, it might take the Healdsburg fault (the Northern extension of the combined fault zone) and the Hayward Fault with it (Rogers and Hayward are joined under San Pablo Bay) ... a total distance of about 120 miles could rupture, probably producing a Mag 7.5ish quake, which will pretty much cock up the entire San Francisco Bay Area.

                I'm hoping for smaller pressure-relief type quakes, but I'm prepared for the worst. Not paranoid, pragmatic.

            2. The Nazz
              Happy

              Re: And yet...

              re jake

              Curious, and mischievious, minds wish to know, which side of that fault line are you on?

              1. jake Silver badge
                Pint

                Re: And yet...

                As a society, we always seem to spend entirely too much time finding fault, and not enough time acknowledging mistakes, fixing them, and moving on with a lesson learned. As a direct result, I refuse to pick sides.

                Relax, have a homebrew :-)

            3. The Oncoming Scorn Silver badge
              Coat

              Re: And yet...

              People Food?

              Solyent Green!

      3. jake Silver badge

        Re: And yet...

        Why hasn't this happened? Because it's not productive to attempt it.

        You can only borrow a large ship as long as the Officer of the Deck (military) or Officer of the Watch (Merchant) doesn't notice the heading has changed. That'll take all of, oh, I don't know, maybe a minute or so max when you're out of sight of land and it's cloudy so you can't see the stars. Far less if you're close to shore and have landmarks to eyeball. Regaining physical control of a ship's steering from teh evul h4><xors wouldn't take another minute or thereabouts. There are always manual over-rides that can't be circumvented.

        Changing a ship's speed would be noticed immediately by everybody on board. The vibrations seep into your psyche, and any unannounced change, even a small one, will jolt even the soundest sleeper wide awake. The necessary crew would be moving to take care of the problem before the OotD/OotW could issue the order.

        Remember, kiddies, this is real life, not the movies.

        1. cybergibbons

          Re: And yet...

          You've got a totally broken threat model.

          The article describes and oil rig using dynamic positioning. The generators are running pretty much all the time, as the thrusters are continuously working to keep the rig on station.

          If there is significant mechanical failure, and the position cannot be held, then a big red button is pressed. This triggers the BOP, cutting the drill chain at the seabed, and drop the drillchain from the top.

          The operator of the rig performed a risk analysis and found that even under normal mechanical failure, manual control was simply not quick enough to stop this happening. The generators, if you cannot control them from the bridge, are around 3-4 minutes away from the bridge. The thruster controls are in the legs, two of which are 1-2 minutes away, the other 3-4 minutes away, then a slow lift ride (unless the weather is rough - then it's a ladder climb). You now have 6+ people (1 for the four legs, 1 for the two generators needed) communicating via phone with the bridge to keep things working. They cannot fully practice this with every crew, as unlike on a ship, as it would cause too much risk. When it has been practiced, the control required to use 4 separate thrusters to keep it on station is incredibly hard without the control systems in place.

          Now, an attacker comes along. We found you could disable the phone system, causing them to fall back to radios - which even with leaky feeders, were found to be unreliable in the legs. You now don't have comms. We found that it was possible to wipe the configuration of the breakers in the main switchboard, preventing automatic synchronisation. This highlighted the problem that although the generators had synchroscopes, the bus ties did not. This made operation much more awkward. At the same time, totally control over the drilling control network had been obtained. We could brick every switch and PLC, stopping that working entirely. That's just the start of systems we took control of.

          So now you've got the potential for drive-off incident, which costs millions of dollars. Even if you don't, you have the potential to cost the company huge sums whilst they restore the config of over 400 PLCs, many of which don't have up-to-date backups.

          And no, you won't wake up with the sound small changes on a rig, unless you never sleep.

          So remember kiddo, if you paint the only risk as the most severe one and in limited situations, yes, you can ignore it.

          1. jake Silver badge

            Re: And yet...

            That's all very nice and all, but in this particular thread we were discussing ships, not drill rigs.

            1. cybergibbons

              Re: And yet...

              That's nice and all, but the article is about an oil rig.

              You know that many of the new common-rail engines simply don't have manual controls? How would you handle those if every PLC had been disabled?

              1. jake Silver badge

                Re: And yet...

                Apparently you have never hear the term "topic drift". It's part and parcel of online forums, and I would wager a guess that it's the reason most commentards use this forum.

                I'm on record as saying that I've been telling manglement that PLCs (and other bits of industrial SCADA haberdashery) should never be reachable from outside the local network. Here's a link to one ElReg post of mine on the subject from way back in 2011 ...

                Yes, I know how common rail engines work. They should not be accessible outside the LAN if they are being used in critical systems. Making them accessible to all and sundry is effectively slapping a large KICK ME note on your own back. Sounds like I agree with you, no?

                1. cybergibbons

                  Re: And yet...

                  Ah, the good old "topic drift" thing. I'm here too, and it drifted back to what the article is about.

                  We've had access to common-rail engine PLCs from the corporate network before. So, they can be attacked.

                  You've picked clear weather, with an alert crew, not taken into account human factors.

                  I will just leave this here.

                  https://features.propublica.org/navy-uss-mccain-crash/navy-installed-touch-screen-steering-ten-sailors-paid-with-their-lives/

                  1. jake Silver badge

                    Re: And yet...

                    Drifted back to what the article was about? I refer you to the first six words of the first paragraph of the article. To wit "Penetration testers looking at commercial shipping".

                    And I refer you to the comment in this thread that I was responding to: "It's been nearly 40 years since Superman 3 yet no one seems to have done the 'hack ships to do stuff' thing in anger.".

                    I know SCADA stuff is vulnerable. I've been bitching about it (on land, sea and air) for literally decades.

                    I did not pick clear weather. I even mentioned cloud cover, at night.

                    The McCain incident should never have happened. It's cause was, quite simply, high ranking muck-a-mucks putting entirely too much faith in unproven technology. Again, I'm pretty sure I'm agreeing with you on the underlying issue at hand ...

                    1. cybergibbons

                      Re: And yet...

                      I don't think we do though - you are under the notion that the crew are infallible. That they will notice, that it will be obvious.

                      https://www.gov.uk/maib-reports/collision-between-ro-ro-passenger-ferry-red-falcon-and-moored-yacht-greylag

                      "the master became fixated upon the information displayed on his electronic chart and operating engine controls, ignored information displayed on other electronic equipment, and became cognitively overloaded due to high stress"

                      It's a downplaying of the risks because you are not accounting for human factors.

                2. Anonymous Coward
                  Anonymous Coward

                  Re: And yet...

                  But here's the rub. How do you KEEP it separated, especially if determined individuals keep bunging things on and bridging networks because they have better things to do? Given the number of ways things can be bridged, I frankly don't see a way you can keep someone from bridging an isolated LAN somehow.

            2. hammarbtyp

              Re: And yet...

              That's all very nice and all, but in this particular thread we were discussing ships, not drill rigs.

              There are many drill rigs that are movable. Many large ships are basically large industrial plants with propellers, the same lessons apply

    2. Claptrap314 Silver badge

      Re: And yet...

      That we know of. Ever hear of a sleeper operation?

  10. sanmigueelbeer

    No one will take this seriously because no one has successfully tried sending a ship out of it's way.

    Every bu$ine$$ will always think of published vulnerabilities as a "boy who cried wolf".

    `tis all fun-and-games until someone pokes an eye

  11. Doctor Syntax Silver badge

    After reading their description I'm left with a vision of an oil rig slowly revolving to the tune of the Blue Danube, 2001-like.

  12. aregross

    "Nice oil rig you got 'ear colonel, be a shame if sump'in 'appened to it..."

  13. rcxb Silver badge

    Where's the Da Vinci virus when you need it?

    1. phuzz Silver badge
      Pirate

      Turns out the plot of Hackers was just twenty five years early.

      Hack The Planet!

  14. eldakka
    Coat

    Pen Test Partners (PTP), an infosec consulting outfit that specialises in doing what its name says
    Testing pens?

    1. jake Silver badge

      If you were involved in security, you'd know that that joke goes down about as well as yelling THEATRE! in a crowded firehouse.

      1. eldakka

        Well, since the security people have decided to use an abbreviation for penetration that is actually a noun (and can be used as a verb also around those pre-existing nouns), pen, that has been used since the 14th century to refer to a place for confining animals (an animal pen) and to writing implements (quills, pen points, fountain pens, ballpoint pens), perhaps they have no-one else but themselves to blame for creating such a play on words?

        Though I will also note that calling themselves penetration testers also leads to a whole new set of puns and implications.

        1. jake Silver badge

          ::sighs::

          Yes. We know. But old and tired puns. First heard when walking the pet dinosaur checking for vulnerabilities on an IBM 701 ...

  15. Paul Hovnanian Silver badge

    It will be fine

    So long as the front doesn't fall off.

    1. Serg

      Re: It will be fine

      Underrated comment. It's fine, they'll tow it outside the environment.

  16. Anonymous Coward
    Anonymous Coward

    El Reg commentards meet up cruise 2021

    Free wifi for you, and you, and you.

    Free drinks package for you, and you......

  17. hammarbtyp

    A few points

    A few points here.

    1. Working on ships can be really boring. Its not like its a 9-5 job, you are there for 24 hours for extended weeks. This means the temptations to hack the systems to make access easy is far greater. I remember being on a Royal Fleet Auxillary vessel in the 90's and I was amazed by the amount of pirated games that were onboard, because basically there is so little to do on your off-time. If ship owners wish to reduce the temptation to hack, they should provide the facilities to the crew for R&R in a separate secure system. But most won't because it increases cost.

    2. Most ship systems are based on COTS systems. This means there is a great temptation for crew to "re-use" bits of kit. Its very hard to lock down say a PC running windows 7 to a determined user with a lot of time on there hands. The biggest threat however is things like USB sticks. They get plugged in so that someone can run their porno picked up on-shore which runs a virus. Virus checkers are very hard to run on such systems because a) without internet access they cannot be easily update b) interfere with the functionality. Fortunately most viruses are designed not to attack control systems but to get bank details etc, although the ransomware ones are a pain

    3. Its all very well saying that passwords should be secret, changed etc, but IT policy often does not work well in a Operational technology environment(OT). Imagine a systems where you want to move a ship from a hazard, and your password has expired or you forgot your password and the system locks you out. In fact security standards emphasise that safety trumps security when there is a conflict.

    4. Marine systems are very conservative, meaning they are very slow to react. The industry is moving forward, but with systems out there which are 25 years or older, it will take a long time before systems are bought into the 21st century cybersecurity wise

    1. cybergibbons

      Re: A few points

      I'd love to come up for a solution for 3.

      There are certain systems - like the ECDIS - where it's just not possible to set passwords that are long, complex, per-user, and confidential.

      But it is possible to set the password on your switches and PLCs to not be the same across all 150 rigs with the same drilling package.

      Same with HMI consoles - it may need a basic level of access with simple creds, but the Windows box doesn't need to have local admin password of 00000000.

      1. hammarbtyp

        Re: A few points

        @cybergibbons

        Making sure that default passwords are not reused or forced to be changed is important, however it raises another issue.

        The common test against any security change is the "Major shitstorm at 1 O'clock in the morning a long way away..."

        Basically if a safety critical system goes titsup in an inaccessible location at a time when 1st line support is unavailable, what do you do?

        If a system was installed 20 years ago (not uncommon), where do you find your passwords. Are the stored on-site, if not does the company who installed your kit still exist, can they be contacted, have they maintained there records, do they know where they are?

        Its scenarios like these that worry people and has to be measured against the unknown risk of a system being remotely hacked.

    2. Anonymous Coward
      Anonymous Coward

      Re: A few points

      I worked on this for an oil company. When we started, you could get hold of an offshore rig from your desk.

      A few things to add:

      - the conservatism also bites in different ways: adding anti-virus, for instance, eats resources that were originally not planned for. As you are indeed dealing with old systems, often the only way to shore these things up was only adding a security gateway where all I/O is scanned for viruses. A certain AV vendor did very well off the back of that because the project needed *lots* of them.

      - ESD (Emergency Shutdown Devices) were at the time still fully isolated. I hope it stays that way.

      - the industrial world hasn't exactly covered itself with glory here either, we can across PLCs that could be frozen in an indeterminate state with a SINGLE malformed packet, and in that case it's not a matter of switching it off and on to recover it, it needs to be reflashed and reprogrammed. Ouch.

      - the principal risk to such isolated platforms is indeed the engineer who wanders in with an unchecked laptop and so acts as the virus carrier.

      1. cybergibbons

        Re: A few points

        Yep - the most probable and highest impact risk we could see was unconstrained spread of malware across the network. If vitually every PC stopped working on a rig, it would be virtually impossible to work.

      2. Anonymous Coward
        Anonymous Coward

        Re: A few points

        "ESD (Emergency Shutdown Devices) were at the time still fully isolated. I hope it stays that way."

        One thing not mentioned is that there has been a push for greater analytics from customers. This mean that things that used to be isolated have been connected. The drive to sell services has often come at the cost of greater risk.

        1. Anonymous Coward
          Anonymous Coward

          Re: A few points

          The drive to sell services has often come at the cost of greater risk.

          IMHO that is also what drove the COTS approach, switching to using Windows instead of Unix. That said, that was also a side effect of the then frankly shocking costs of proprietary Unix variants.

          I'd love to see someone cook up decent Linux or BSD based process control frameworks, but there is apparently no market for them and to do it right costs money. People have to eat.

    3. The Oncoming Scorn Silver badge

      Re: A few points

      Having been stuck on a survey ship, anchored 40 miles off the coast of Montrose for nearly 3 weeks, the entertainment consisted of:

      5 quid for a 24 bottles of Grolsch.

      A video tape or two of episodes of The Prisoner

      A video tape of Benny Hill & a few other movies.

      More video tapes (3rd generation rips) of (very bad) porn that when the "movies" finished broke into a chronicle & picking up the story of another passenger ship featuring Kunte Kinte in the middle of the Atlantic cruise to the US that was by that point over 12 years old.

      I chose the night shift to be on watch as part of my job roll because of the Grolsch I could drink, choose what I wanted to watch from the "choice" available once everyone had gone to bed or were working, didn't have to take calls from client\employer, bacon butties every 90 mins & sleep through the long day of nothing.

      My one regret was apparently missing the whales swimming alongside & under the anchor chains at 4am on one occasion.

  18. RegGuy1 Silver badge
    Joke

    An oil drilling rig (file photo)

    Thanks for adding the caption, I was wondering what it was.

    Before I read that I thought it was a 737-Max, so you've cleared that up for me. I was getting confused -- as they both have similar aerodynamic properties.

    1. Fred Flintstone Gold badge

      Re: An oil drilling rig (file photo)

      both have similar aerodynamic properties.

      ... aand I have found my Comment of the Week. Thanks :)

  19. mr_souter_Working

    been there - done that

    worked for a company that runs oil tankers - and yes, onboard security is awful.

  20. Unicornpiss
    Meh

    A few comments

    If you want to implement security in situations like these, you have to make it easy, reliable, and seamless. Any crew, whether it's on an oil rig or a production line in a factory, simply isn't going to stand for anything that makes their dreary, complex, demanding, sometimes dangerous jobs more difficult. Many will actively rebel against what they view as 'outsiders' telling them what to do. And the mentality of "Well, if he doesn't comply, he's fired!" is only going to lose you skilled workers and make everyone unhappy in the long run. Maybe if your workers are completely beaten down, this would fly, but when you treat people like this, then you end up with theft, sabotage, shoddy work, and a general "I don't give a fuck" attitude.

    Possibly these are the scenarios that Smart cards are best for--all the worker needs is to remember their card and possibly a short PIN for added security. While not as easy as a blank password, certainly it's easier than typing "Password1234" 20x a day. Or, if you find someone just leaving their card by the workstation, possibly a fingerprint reader would be good---most people won't leave a finger by their console.

    The moral of the story is if you complicate anyone's day and don't give them something positive in return, they will always find a way to work around your best intentions. We human apes are pretty clever, especially when it comes to working hard to find new ways to be lazy.

    1. cybergibbons

      Re: A few comments

      Totally agree.

      A big challenge with implementing a system with cards or similar is that there are so many different systems on board, and they aren't all controlled by the same people. Really hard to implement a common authentication token.

  21. wjake
    Coat

    Hackers?!

    So someone could threaten to overturn oil tankers if they aren't paid a hefty ransom? Page Angelina Jolie, the white hats must stop them!

    1. Anonymous Coward
      Anonymous Coward

      Re: Hackers?!

      Wait, you need an excuse to page Angela Jolie?

      :)

  22. MachDiamond Silver badge

    The bridges come tumbling down

    The bridging of networks that are supposed to be air-gapped is a big problem. If some crew member opens something loaded with Ransomware and the network is bridged into the engineering network, they could wind up dead in the water until they send a certain purse of bitcoin to a numbered account. The ransom could be cheap when compared with the loss of a day under power if the attack wasn't targeted at the ship, but that loss of a day could be millions of anybody's money.

    A bridge into cargo manifests could be a load of fun. I can't even guess what a 40' container of iThingys might be worth if somebody could pull up enough information to forge some shipping documents.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon