PORT SECURITY CAPT David B. Moskoff, USMS Professor of Marine Transportation Master Mariner – U.S.C.G. Unlimited United States Merchant Marine Academy MARAD – U.S. Department of Transportation U.S. Maritime Administration–OAS Port Security DOT Complementary Positioning, Navigation, and Timing Tiger Team Member (CPNT 3 ) Academic Consultant – U.S. Coast Guard Cyber Command (USCGCC) Senior Advisor – DoD Purposeful Interference Response Team (PIRT) Senior Expert - NATO Transport Group Ocean Shipping (TG OS) https://gcaptain.com/youtuber-chases-ships-drone-footage-spectacular/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Gcaptain+%28gCaptain.com%29 The opinions expressed are his own and not necessarily those of any government entity. Perspectives for Cruise Ship and Container Issues Hosted by Inter-American Committee on Ports (CIP) Within OAS, Port of Miami, USCG and USCG Port Security Program Miami 25-28 April 2017
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
PORT SECURITY
CAPT David B. Moskoff, USMS
Professor of Marine Transportation
Master Mariner – U.S.C.G. Unlimited
United States Merchant Marine Academy
MARAD – U.S. Department of Transportation
U.S. Maritime Administration–OAS Port Security
DOT Complementary Positioning, Navigation, and Timing Tiger Team Member (CPNT3)
Academic Consultant – U.S. Coast Guard Cyber Command (USCGCC)
Senior Advisor – DoD Purposeful Interference Response Team (PIRT)
Senior Expert - NATO Transport Group Ocean Shipping (TG OS)
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Technology – The Double-Edged Sword
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Benefits Evolving
Awareness Assessment Action
Technology and Port Security
Knowledge
Training, Practice and Experience
Understanding and Awareness
Foreseeability – Ability to look ahead
Technological Questioning: What if…..?
Lose public electricity to terminal
Lose pier freeboard to flooding
Lose access to berth (ship sunk)
Lose access to deep channel
Lose access to computer network
Get hacked
But what if……Lose GPS/GNSS? Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Overview
(Remainder of Presentation)
Port Security and Technology
Cruise Ships and Containers – GPS Vulnerabilities
Terms : Wireless vs. Wired Transfer, Radio Frequency (RF), Maritime Domain – Military vs. Commercial, GNSS Signals, GNSS Jammers, eLORAN System: Co-complement to GPS PNT
Cyber Concerns for Ports and Port Facilities
GPS/GNSS Users in the Maritime Domain
GPS/GNSS Vulnerabilities and Options - eLORAN
Conclusion: Maritime RF Cyber Security Resilience
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
At a public meeting last month, US Coast Guard officials described how interference with GPS signals disrupted operations for seven hours at a major east coast port last year.
You can watch the entire meeting below, the port disruption discussion begins at 48.51.
During a January 15th meeting to discuss development of maritime cybersecurity standards, an official from the Coast Guard’s Cyber Command indicated that most ports rely on GPS for many functions, including moving containers.
The problem is that when the cranes don’t know where they are, they can’t find containers to pick up, and don’t know where to put the ones they have. Reverting from automated to manual operation is so time consuming that a port is effectively shut down.
GPS disruption is also a severe problem for ship navigation, port security, and “maritime domain awareness” that lets ships and officials ashore know the location of most vessels.
At a public meeting last month, US Coast Guard officials described how interference with GPS signals disrupted operations for seven hours at a major east coast port last year. You can watch the entire meeting below, the port disruption discussion begins at 48.51. During a January 15th meeting to discuss development of maritime cybersecurity standards, an official from the Coast Guard’s Cyber Command indicated that most ports rely on GPS for many functions, including moving containers. The problem is that when the cranes don’t know
where they are, they can’t find containers to pick up,
and don’t know where to put the ones they have.
Reverting from automated to manual operation is so
time consuming that a port is effectively shut down.
GPS disruption is also a severe problem for ship navigation, port security, and “maritime domain awareness” that lets ships and officials ashore know the location of most vessels.
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Drones
Drones:
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Drones Have Already Become Invaluable
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Transportation System Vehicles
Simple Definition of vehicle: a machine that is used to carry people or goods from one place to another
Ships or Vessels
Planes or Aircraft
Trains or Rail Cars
Trucks and Busses
Cars or Automobiles
What do all these machines have in common? They are all mobile….they go from one place to another!
Mobility requires them to be wireless.
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
What do we mean when we say
they are wireless?
Positioning (except visual)
Communication to and from
Sensors and recognition tools
A Critical Difference: Wireless vs. Wired
Wireless systems are inherently more vulnerable to problems which occur due to radio frequency (RF) issues including unintentional and intentional radio frequency (RF) interference (jamming) and spoofing.
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Terms: Cyber Risk
The risk R is the product of the likelihood L of a cyber security incident occurring times the impact I that will be incurred to the organization due to the incident, that is:
R = L × I
Risk = Likelihood x Impact
Risk = Threats x Vulnerabilities x Impact
(Likelihood = Threats x Vulnerabilities)
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Terms: Cyber Threat, Cyber Attack
Cyber Threat:
Foreseeable and unforeseeable cyber event which may cause unwanted outcomes, with resulting harmful effects. Threats typically originate from individuals or organizations, externally or internally, deliberately or accidentally. However extreme earth and space weather may also pose unique threats to the maritime community due to RF interference.
Cyber Attack: Known or unknown effort directed toward “manipulation of, access to, or impairment to the integrity, confidentiality, security, or availability of data, an application, or a organization’s system, without lawful authority”. Also illegal, unlawful, prohibited act.
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Terms: RF Cyber Threat
What Poses an RF Cyber Threat?
Natural
Unintentional
Intentional
RF Threat Impact Areas?
Targeted
Nontargeted
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Presentation Focus: RF Cyber Threat
1. RF Cyber Threat Within Maritime Domain
2. RF Cyber Threat: Global Navigation Satellite System (GNSS) Signal Interference including jamming (particularly commercial systems where previously sole-source PNT, now integrated)
3. Resilience Offered by Co-complementary PNT
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Maritime Industry and Cyber World:
Emerging Threats and Vulnerabilities
Examples:
• Viruses, Malware, Rootkits, Worms – i.e. Shamoon
• Zero-Day-Exploits, Logic Bombs, Spyware
• Ransomware, Advanced Persistent Threats
• Phishing Schemes, Social Engineering
• Network Attack/Interference – DoS/DDoS
• Hackers/Hacktivists – White, Grey, Black Hat
PNT*/Connectivity/Network Issues
• Wireless Signal Interference/Interruption
• RF Signal Interference (Jamming/Spoofing)
*PNT (Position/Navigation and Timing)
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Maritime Industry and Cyber World:
Recent GNSS*, Jamming and Spoofing Events
*GNSS – Global Navigation and Satellite System
• Examples:
• North Korea – Jamming out to 200 miles - ongoing • China – South China Sea GPS jamming drones, etc. • Russia – Spoofing GPS at Kremlin, Cell towers jam • Iran – Two U.S. Navy patrol boats taken – PNT??? • U.S. – Drone on Whitehouse Lawn/facilities ??? • Japan – Drone w/ radioactive material on roof • UK GPS Jamming Tests – Sentinel System • University of Houston Spoofing Tests • U.S. Navy 2016 CA Jamming Event Cancelled • GPS Error – January 2016 impact 12 hours • Glonass Error – April 2014 impact 12 hours
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Breaking News - 27 September 2016
U.S. House of Representatives Unanimously Passed Bill for GPS Backup: eLORAN System
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Sources of Intentional Cyber Threats (partial list in alphabetical order)
Botnetwork operators Business competitors Criminal groups Enemy Units [Military] Foreign nation states Hackers Hacktivists Insiders [disgruntled insider] International corporate Phishers Spammers Spyware/malware authors Terrorists /asymmetric warfare
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Types of Traditional Cyber Attacks
Collateral damage Cross-site scripting Denial of service attack Unauthorized access
Most definitions of “cyber attack” include the purposeful attack against the telecommunications network. The network is usually defined as the communication links for data and information flow between computers. In the marine environment, information and data are usually transferred via radio frequency (RF). One of the easiest ways to conduct an attack against the maritime sector is through RF interference against the information transfer.
A cyber attack against the RF network supplying GPS/GNSS information to the ships’ integrated computer systems controlling navigation, collision avoidance, steering, communications, etc. essentially accomplishing a Denial of Service (DOS) attack. This RF attack may be viewed as similar to a wireless sensor network (WSN) or Wi-Fi attack constituting a DOS-type attack.
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
International Maritime Community
• Ports – Rivers, Channels, Anchorages, Locks, Lift Bridges, Basins, Aids (AToNs), etc.
• Port Facilities – Piers, Terminals, Shipyards, etc. • Offshore Facilities – Rig Fields, Lightering, Wind • Inland Vessels • Coastal Vessels • Ocean-Going Vessels • Maritime Business Organizations • Maritime Law Enforcement Organizations • Maritime Govt. Administrative Organizations • Maritime Military Units - Navies and Coast Guards
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
RF Applications - Ports and Port Facilities
• RFID (Radio Frequency Identification) • SCADA Systems and ICS (Suprvsry Contrl & Data Acq)
Why Conduct Intentional Activities? A. PNT Signal is Critical to Infrastructure
• Criminals – PNT regulates Banking and Finance
• Hackers – Government, IT, Defense, Commercial
• Terrorists - Defense, Government, Energy, IT, Communications, Nuclear Industry, Banking, Transportation (Waterborne, Air and Rail), Water, Chemical, Agriculture and Food, Emergency Services, Finance, more
• Extremists - ??????????????????????????
• Military – Electronic Warfare (EW) & Cyber
• Pirates – Hijack Ship, Ground Ship, Steal Cargo Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Radio Frequency Spectrum
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Easy to Purchase GPS Jamming Devices (from U.S. DOT’s RITA Group – Position, Navigation and Timing (PNT)
Growing market for low-cost GPS jammers - Sold as “privacy protectors” Many devices are battery-operated or can be plugged into a cigarette lighter
Examples: gpsjammers.net, jammer-store.com, chinavision.com, others Manufactured in China, Europe
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
High power GPS\GSM jammer (2011) This device will jam all GPS and GSM signals up to a distance of 50 metres. When activated, it immediately blocks all types of tracking and navigational devices. This model comes complete with built in Ni MH battery and charger and can also be powered by mains voltage or cigarette lighter adaptor.
Specifications:
Effective range: Up to 50 meters
radius Input power: 12.0v internal
rechargeable battery
Output signal strength: 1 watt
System: All systems worldwide
Signal source: synthesized
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Ultra High Power GPS Jammer (2012) Product Description: This
is the most powerful GPS
Jammer, anti tracking, high
power up to a distance
of 300 metres. It simply
plugs into an ordinary car
cigarette lighter socket
and is active immediately
blocking all types of
tracking and navigational
devices. Effective range: Up to 300 meters
Input power: 110-240V
Output signal strength: 25W
System: All systems worldwide Specifications:
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
High Power Mobile Phone & GPS(L1)/WiFi/Bluetooth Signal Jammer
Output power is 320 watts.
The shielding radius is from 300-500 meters... Model Number: KTC-VU Jammer 2.0 Pelican Min. Order: 5 Pieces Port: Shenzhen Supply Ability: 50 Piece/Pieces per Day
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
This device will jam all GPS and GSM signals up to a distance of 50 metres. When activated, it immediately blocks all types of tracking and navigational devices. This model comes complete with built in Ni MH battery and charger and can also be powered by mains voltage or cigarette lighter adaptor.
S
p
e
c
i
f
i
c
a
t
i
o
n
s
:
E
f
f
e
c
t
i
v
e
r
a
n
g
e
:
U
p
t
o
5
0
m
e
t
e
r
s
r
a
d
i
u
s
I
n
p
u
t
p
o
w
e
r
:
1
2
.
0
v
i
n
t
e
r
n
a
l
r
e
c
h
a
r
g
e
a
b
l
e
b
a
t
t
e
r
y
O
u
t
p
u
t
s
i
g
n
a
l
s
t
r
e
n
g
t
h
:
1
w
a
t
t
S
y
s
t
e
m
:
A
l
l
s
y
s
t
e
m
s
w
o
r
l
d
w
i
d
e
S
i
g
n
a
l
s
o
u
r
c
e
:
s
y
n
t
h
e
s
i
z
e
d
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
GNSS and Broadband Jammers (2014)
Specifications: ”The frequency band could be added as
customer's requirements”
Jamming Frequency: 20 MHz-6000 MHz
Total output power: Up to 1000 watt
Jamming range: up to 200-600m, (Signal strength <= -75dbm)
Power supply: AC110-240V
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
30 Frequency Bands can be Individually Turned On/Off
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
VME
Terminator
Ultimate Vehicle Jammers September 2016
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Ultimate Jammers 2017
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
The terminals will also implement Kalmar SmartPath tracking system on the new terminal tractors after delivery. Kalmar SmartPath improves efficiency by using location-based job assignments. Equipment is automatically assigned to the closest job, which reduces driving distances and fuel consumption, and speeds up the operations.
SPRC Container Terminal Cartagena Columbia
For Example:
CARNIVAL MAGIC
130,000 GT 1004 Feet (306 Meters) 3690 Guests
1367 Crew
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
QUANTUM OF THE SEAS
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
26.5 knots
Gross Tonnage 168,666
Length 1,141 ft
Max Beam 136 ft
Draft 28 ft
Passengers Crew
4,905 1,500
Ship’s E-Nav Bridge Equipment Technology Recently Much More Sophisticated
• ECDIS (Electronic Chart Display and Information System)
• Audit and test ships/ports for jamming and other vulnerabilities. For ships, test in open water areas under controlled conditions when traffic not a factor. Consider purchase of handheld detector (especially PV).
• Conduct ship/port drills (like fire drills) on regular basis: MSCP, consider GNSS failure, GNSS/Broadband jamming, GNSS spoofing, equipment failures, EMP attack, etc.
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Multiple Mode PNT is Cyber Resilience
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
United States Merchant
Marine Academy
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
Questions? Comments? Discussion?
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
References* “ ANALYSIS OF CYBER SECURITY ASPECTS IN THE MARITIME SECTOR” November 2011 ENISA http://www.enisa.europa.eu/act/res/other-areas/cyber-security-aspects-in-the-maritime-sector/cyber-security-aspects-in-the-maritime-sector-1/at_download/fullReport Bland, Eric. "GPS 'spoofing' could threaten national security." 02 Oct. 2008.MSNBC.28 Nov. 2008 <gps 'spoofing' could threaten national security>. Brain, Marshall, and Tom Harris. "How GPS Receivers Work." 25 September 2006. HowStuffWorks.com. <http://electronics.howstuffworks.com/gadgets/travel/gps.htm> 18 April 2010. Cornell Chronicle Online - http://www.news.cornell.edu/stories/Sept08/GPSSpoofing.aj.html Cyber Resilience in the Maritime & Energy Sectors by Shauna Mullin 1 May 2014 http://www.templarexecs.com/category/cyber-security/ Ehrenfeld, Rachel Dr. “The Impact of Purposeful Interference on U.S. Cyber Interests” 19 February 2014 http://acdemocracy.org/purposeful-interference/ “How GPS Works” By Wooten Gough, Graham Billings, and Jason McMahon April 2010 http://www.unc.edu/~jdmc79/HowGPSWorks.html Humphreys, T.E., B.M. Ledvina, M.L. Psiaki, and P.M. Kitner, Jr. "Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer." Sept. 2008. Institution of Navigation. 28 Nov. 2008 Ju, Anne. "Spoofing GPS Receivers." Cornell Chronicle. 19 Sept. 2008.Cornell University.28 Nov. 2008 <http://www.news.cornell.edu/stories/sept08/gpsspoofing.aj.html>.
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
References* (continued) GNSS Vulnerability — Jamming, Interference, Spoofing 31 December 2010C:\Users\moskoffd\Documents\A -NATO\GNSS Vulnerability — Jamming, Interference, Spoofing Inside GNSS.mht Goward, Dana “Finding Your Way – the Future of Federal Aids to Navigation” February 4h, 2104 http://transportation.house.gov/uploadedfiles/2014-02-04-goward.pdf GPS Jamming and its impact on maritime safety Dr. Alan Grant, Dr. Paul Williams & Dr. Sally Basker – Port Technology International January 2010 GPS Jamming and Interference Sparks UK Concerns, Technical Solutions Prof. David Last at DSKTN symposium March 2, 2010 Inside GNSS, March/April 2010 March/April 2010 issue Itlaw.wikia.com http://itlaw.wikia.com/wiki/Cyber_threat May 2014 Kramek, CDR Joseph “ The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities” July 2013 http://www.brookings.edu/~/media/research/files/papers/2013/07/02%20cyber%20port%20security%20kramek/03%20cyber%20port%20security%20kramek.pdf Locata Warns: Lessons to Be Learned from GLONASS Spasm by GPS World Staff 15 April 2014 http://gpsworld.com/locata-warns-lessons-to-be-learned-from-glonass-spasm/ Moskoff, David CAPT “ GPS jammers a top concern in maritime cyber readiness” May 2014 Professional Mariner Magazine http://www.professionalmariner.com/ “Protect Critical Infrastructure - A Resilient Navigation & Timing P3 RNT Foundation November 2013 http://rntfnd.org/wp-content/uploads/NTP3WhitePaper_Nov13.pdf
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami
References* (continued) Roundtable : 2014 Maritime Cyber Security “Exploring Cyber Vulnerabilities within the Global Supply Chain” 25 April 2014 Hosted by Combined Joint Operations from the Sea (CJOS) Center of Excellence Sentinel Project Report on GNSS Vulnerabilities by Chronos Technology 7 February 2014 http://www.chronos.co.uk/files/pdfs/gps/SENTINEL_Project_Report.pdf Sherri. "GPS Spoofing." Philosecurity. 7 Sept. 2008. 28 Nov. 2008 <http://philosecurity.org/2008/09/07/gps-spoofing>. The Aerospace Corporation (FFRDC): “How GPS Works” website May 2012 http://www.aero.org/education/primers/gps/howgpsworks.html "Trilateration Method." Circuits Today. Web. 18 Apr 2010. <http://www.circuitstoday.com/wp-content/uploads/2009/12/Trilateration-GPS.jpg>. Wagstaff, Jeremy. “All at sea: global shipping fleet exposed to hacking threat” 23 April 2014 http://www.reuters.com/article/2014/04/23/tech-cybersecurity-shipping-idUSL3N0N402020140423 Warner, Jon S., Ph.D. and Johnston, Roger G., Ph.D., CPP, GPS Spoofing Countermeasures: 2003 http://www.homelandsecurity.org/bulletin/Dual%20Benefit/warner_gps_spoofing.html Will GPS Jamming Cause Future Shipping Accidents? POSTED BY: Robert Charette / BLOGS // The Risk Factor Wed, February 22, 2012 * Please see numerous reference attributions noted directly on PPT slides for documents and photographs.
Perspectives for Cruise Ship and Container Issues CAPT D. Moskoff 27 April 2017 Miami at Port of Miami