HackDig : Dig high-quality web security articles for hacker

Batten down the hatches: Cyber threats facing maritime DP operations

2014-08-10 13:59

Batten down the hatches: Cyber threats facing maritime DP operations

Dynamic positioning (DP) is described[1] as a computer-controlled system to automatically maintain a vessel's position and heading by using its own propellers and thrusters. Position reference sensors, combined with wind sensors, motion sensors and gyro compasses, provide information to the computer pertaining to the vessel's position and the magnitude and direction of environmental forces affecting its position. Examples of vessel types that employ DP include, but are not limited to, ships and semi-submersible Mobile Offshore Drilling Units (MODU), oceanographic research vessels and cruise ships.

In January 2013 the following International Marine Contractors Association (IMCA) “Safety Flash” was published on their website[2].

“A member has reported an incident during diving operations when the Dive Support Vessel (DSV) suffered a DP Control System failure and consequent uncontrolled vessel movement. Diver 1 and Diver 2 were located within a subsea drilling template, in 90m water depth, carrying out valve operations for barrier testing when a number of DP alarms sounded related to K-Pos RBUS communication (Redundant Communication BUS). The amber alarm was activated by the DPO (this was upgraded to red shortly afterwards) and the instruction was immediately given by the Dive Supervisor for the divers to make their way back to the dive bell staging.

The initial DP alarms were followed by the loss of all analogue and digital RBUS Input / Output (I/O) signals (positioning references and environmental signals) with a subsequent loss of DP control, resulting in a vessel position drift-off. While the divers were attempting to relocate back to the bell staging Diver 2’s umbilical snagged on a transponder bucket located on the west face of the drilling template. The vessel continued to drift in an easterly direction and Diver 2’s umbilical severed resulting in the diver losing surface supplied gas, hot water and communications. Diver 2 immediately went onto bail out and made his way back onto the template structure roof. Diver 1 successfully located back to the bell staging.

The Chief Engineer, 1st and 2nd Engineers and ETO verified the status of DP controls and thrusters in the instrument room and main propulsion, confirming that the problem was contained in the DP control system rather than the thrusters. The Master and Chief Officer gained control of the vessel in manual control mode of the thrusters and headed the vessel back towards the drill template. The power to DP was recycled and the vessel was able to return to full DP auto mode. The vessel had drifted off a distance of 240m from the original position at the drilling template.

The vessel located back at the drilling template where upon Diver 2, now unconscious, was recovered by Diver 1. He recovered consciousness shortly after his recovery back to the bell, the bell was locked on and he was able to transfer to the saturation system with assistance from the dive team. The condition of Diver 2 was constantly monitored by the medical team during decompression where his condition was determined as satisfactory. Further examination of Diver 2 was carried out by the medical team following the completion of decompression and bend watch and again his condition was determined as satisfactory.

The incident has been described by all involved as changing our concept of ‘worst case scenario’ with regard to DP Control System failure.”

There is no suggestion that this control system failure resulted from a cyber attack, however control systems such as this, which are often involved in performing safety-critical functions, are potentially just as susceptible to cyber attack as any other computerised system. Historically control systems of all kinds have been afforded a degree of protection against cyber attack due to their physical segregation from other IT systems and networks. Another historical “protection mechanism” has been the concept of “security through obscurity” – the outdated approach of using proprietary protocols and techniques to try and hide system implementation details from potential attackers. In recent years there have been some fundamental changes which dramatically change the exposed attack surface of control systems, firstly the increased demand for connectivity between systems and remote access via the Internet and secondly the level of sophistication of the potential attackers, especially in terms of reverse engineering and an appetite to attack non-conventional computer systems which are now more available to them.

Andy Davis, Research Director will be presenting on Cyber threats facing DP operations at the 6th Annual European Dynamic Positioning Conference in June:

http://www.rivieramm.com/events/european-dynamic-positioning-conference-19/event-home-192

The talk will discuss the various threats that systems involved in DP operations face and the real world implications of attacks against them. It will analyse various case studies and will explain how control system failures could result from cyber attacks. Recommendations of potential mitigation strategies will then be proposed to reduce the risks associated with both active attacks and unforeseen system failures. Finally the importance of raising security awareness will be emphasised.

 




Source: po-pd-emitiram-gnicaf-staerht-rebyc-sehctah-eht-nwod-nettab/50/4102/golb/ne/moc.puorgccn.www

Read:2542 | Comments:0 | Tags:No Tag

“Batten down the hatches: Cyber threats facing maritime DP operations”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud