Phish & Ships and Other Delicacies from the Cuisine of Maritime Cyber Attacks

Attacks on our critical infrastructures in the areas of water and energy supply, information and communication technology, but also transportation are increasing worldwide and the incidents have long since moved beyond their physical origins into cyberspace. Recent geopolitical changes have further raised awareness of the vulnerability of our fragile infrastructures and highlighted the urgent need to protect them from cyber threats. This also applies to the maritime transportation system, with its ships as elementary assets. Hence, the advancing digitization and interconnectivity on board maritime vessels require security measures to counteract this increasing risk of cyber attacks. These measures include the conception and development of effective prevention mechanisms, but also techniques for attack detection, in-depth testing of existing bridge components, as well as specialized training for the ship’s personnel. Especially for the latter, an environment is required that reflects real-world conditions and allows to perform cyber attacks, e.g., phishing campaigns, in a user-friendly way. Despite the need for such an environment, there are few training grounds that meet these requirements in practice. In this paper, we therefore present a laboratory that combines real bridge hardware equipment with digital cyber security tools in order to develop test and training scenarios with respect to maritime cyber security.