As Cyberattacks on Ships Surge, Israeli Threat Experts and Ex-Navy Officers Team Up to Make Seas Safer
Of all the cyberthreats facing the Jewish state, those targeting Israel’s waterways can be especially devastating. Some 95% of the country’s imports like energy, food, and industrial and defense goods arrive via maritime freight, with virtually none coming across the land borders with its Middle East neighbors.
Meanwhile, as the global shipping industry has increasingly sought to computerize its operations to be more competitive, the risks from cyberattacks have magnified. More dependence on computerized remote management systems has also opened a Pandora’s box of vectors — which hackers can exploit to afflict ships, ports and maritime infrastructure.
In July, a group of former Israeli navy officers at Israel Shipyards Ltd. and cybersecurity experts at Israel Aerospace Industries (IAI) started a cooperation to develop solutions tailored to vessels, with the vision to make the seas a safer place.
“For Israel, the protection by sea in terms of the trade coming via the oceans and the seas are crucial resources, so we believe that this is strategic for the state of Israel,” Oded Breier, Israel Shipyards’ VP of marketing and sales, told The Algemeiner.
“We also understood that we need to find a way to be more competitive, and therefore, we understood that this is a field that everybody is talking about, but they are not so familiar with.”
According to Israeli cybersecurity consultancy Naval Dome, there was a 400% spike in attempted hacks between February and June last year, mainly due to the need to switch to remote management on ships during the COVID-19 crisis, as a result of restrictions of movement and border closures. More systems needed to be serviced through the internet, leaving them more vulnerable to attacks, involving malware, ransomware, and phishing emails.
Established 62 years ago as a government-owned company and privatized in 1995, Israel Shipyards went public last year and is engaged in the design and construction of naval ships. The company has supplied vessels to security organizations, navies, and other coastal authorities in Africa, Latin America, Asia Pacific, and Europe. It also operates its own fleet of 13 merchant vessels, which are used for missions including transporting cement for the building industry in Israel.
“The fact that most of us are ex-naval officers helped us to decide what is the right critical system that we want to protect,” said Roei Shaham, a former naval academy officer and the company’s product manager of maritime cybersecurity.
“This helped us to take this decision and it’s very relevant to know what you want to do, and not just how to do it. And I think it will really help us to be unique in this market, and to make the right decision,” he said.
Israel Shipyards chose to work with IAI as it has its own cyber unit, named ELTA, which develops solutions for mission-critical systems: aviation cyber security, cyber intelligence, cellular search and rescue system, and critical cyber protection for land and air applications.
“IAI has its own know-how about cyber security in different fields, not in the maritime arena. We are coming from the maritime arena, which is our side of the expertise. So the idea was to put that together, take the benefit of both sides and offer them to the market,” Breier said.
According to Breier, ships are complex entities with myriad ways to be damaged by hackers, including by attacking its GPS navigation systems, propulsion, and communication.
“We don’t think a state or superpower will do that. We do believe that some hackers are set by someone or decided by themselves, to come for the money and to cause damage,” Breier added. “What we are trying to do together with IAI is to define a tailor-made solution that will cover all potential areas of risk and will be developed along the years, because whatever is good for today will not be the same; two years from now, you will need something new.”
For a conventional container ship hit by a cyberattack that affected its navigation or propulsion systems, the cost could be between $30,000 to $40,000 or more a day, while the damage for the customer that bought the goods may be even bigger.
Another risk is the targeting of a valve opening — which nowadays is automated — to spill oil into the sea, disastrous for both the ship owner and the environment, Breier said.
Breier argued that most of the existing cyberthreat solutions on the market, many of which are developed by Israeli companies, focus on specific angles of protection, mainly navigation, rather than holistic solutions.
“Navigation is not the only thing, because any electronic systems on board and it doesn’t matter if it’s a new ship or an old ship, any one of them could be attacked by a hacker who shuts down the engine or changes something by the maneuvering and it costs money,” said Shaham, who also served as the head of cyber in the navigation department in the Israeli navy. “Our mission is to protect the ship.”
“Our focus is to give cyberthreat solution for all kinds of vessels, containers and tankers, and this is just the beginning,” he added.