Pen Test Partners: Hacking HSMS Can Sink a Bulk Carrier

Hackers could sink a bulk carrier by interrupting or manipulating the loading data of its hull stress monitoring systems (HSMS) to cause an imbalance of cargo onboard, UK-based Pen Test Partners said.

In order to sink such a ship, hackers would only need to manipulate the loading data, having previously compromised the network either via the satcom unit or a phish, and the manipulated data would show that everything is within tolerances.

“The loading continues, without any stress alerts being sounded. The crew are oblivious of this, as they rely on the automated stress monitoring systems. This is what is actually happening, everyone is oblivious until the boat snaps in two,” Pen Test Partners explained.

The hull stress monitoring systems were introduced in order to address mounting bulk carrier losses by ensuring stresses did not exceed design specification. Loading would traditionally be supervised by the Chief Officer, with little more than calculators and tables to estimate bending forces on the hull.

Nowadays it is done by using electronic strain gauges and accelerometers feeding data to onboard monitoring systems, which can be accessed remotely, via the internet, and through the satcom system.

“HSMS vendors, indeed all ship control and reporting system manufacturers need to take security very seriously indeed, otherwise their own system can be turned against the ship,” Pen Test Partners said.

“The ship’s master puts his faith in the stress monitoring system to alert to excess stresses; the last thing they expect is for it to mis-report and threaten the fabric of their ship.”