MASS warfare: is the weaponisation of commercial vessels a growing threat?

Cyberwarfare is developing at an alarming pace. In fact, it is probably now possible to compromise the integrity of Maritime Autonomous Surface Ships (MASS) to weaponise commercial vessels without ever going near a ship.  To address this growing threat, MASS expert Peter McArthur calls for investment, training, and technological development to ensure systems are secure.

How likely is it that commercial ships could be weaponised remotely? I’m here to argue that it is not as far-fetched as it seems, and that the sector needs to act now to protect itself.  In fact, the relative ease with which commercial autonomous systems can probably be hacked, should be of significant concern, and is one of the questions that the IMarEST MASS Special Interest Group (MASS SIG) is actively addressing.

During the ongoing war in Ukraine, we’ve seen the weaponisation of aerial drones. Ukrainian electronics warfare specialists can now hack incoming Russian drones to bring them down or, more usefully, direct them back towards the attacker.

If antagonists succeed in gaining navigational control of a MASS system, this same technique could be used to repurpose a commercial ship, transforming it into a remotely operated weapon.

Consider this hypothetical scenario; a terrorist takes control of a large crude tanker, loaded with cargo, and steers it toward a coastal nation. They could threaten, “If you don’t pay millions — or more likely, an untraceable cryptocurrency — into this account, we’ll run the ship aground, destroying your coastline, tourist industry, coastal infrastructure, fish farms, and marine biosphere.”

It’s a terrifying thought, but it's just the beginning. This is why understanding the MASS control systems we are already using, and their security, is crucial.

This is likely to become a major challenge for the commercial shipping industry due to the substantial imbalance in funding between the commercial and military sectors. Militaries and, likely terrorists and criminals, are benefiting from massive investment into research, development, and production capability, that has, and always will, elude the commercial sector. Cyber-hacking and drone intervention technology is now streets ahead of anything the commercial sector is working with, and it is evolving almost daily.

The MASS conundrum

It is an interesting observation that many commercial ship operators elect not to install MASS systems, despite the benefits argued by developers.  Why should that be?

The issue is that whilst crews are available at a low cost, the temptation to invest huge sums of money into developing MASS ships is negated, particularly when the commercial penalties arising from something going wrong are potentially astronomical.  Also, insurance providers always prefer experienced crew members onboard, to ensure the ship and cargo are managed throughout.

The key conversations

Given this stark reality, it's vital that we have long-overdue conversations about existing regulatory frameworks (including collision regulations), cargo management, training, and not least, how the commercial side of the industry can fund the innovation needed to combat a threat that is constantly changing and developing.  

Insurance is also an important issue. Will insurers cover lost cargo, potentially devastating damage to marine biospheres, or destruction of commercial interests? Whilst these questions have been asked, they are yet to be satisfactorily answered.

That said, the IMarEST MASS SIG has done an awful lot of work with the IMO, and in the industry, to try to progress the regulations and move concepts about MASS and cybersecurity risks forward. But, the risk from cybersecurity is fluid, and clearly much more needs to be done.

Finding solutions, together

If news from the battlefield is to be believed, barely a week passes where newly modified command-signal systems aren’t hacked and attack drones re-purposed to turn them on the attacker. Constant developments in military and criminal-terrorist capabilities leave commercial shipping cybersecurity ambitions so far in their wake, as to be virtually useless.   No one should be in any doubt, if an autonomous ship can receive a signal, it can be hacked and compromised. 

Given these recent developments, the concept of fully autonomous commercial systems is probably further away from being achievable, than it ever was.  The programme needs investment now. We need new regulation now. And we need better training now.

IMarEST’s MASS SIG is at the forefront of this exciting and dynamic global programme.  Do you have the vision and expertise to help in making change happen? If so, join us and be part of the conversation.