There’s a not a lot of researchers probing the security of computer systems underpinning the maritime industry.
The limitations that keep that number low are obvious: both the specialized knowledge and equipment is difficult to come by. And, as Ken Munro of UK-based Pen Test Partners told us a year ago, not many people move from shipping into pentesting (and into information security in general).
But things are looking up for those who are interested: at this year’s DEF CON conference in Las Vegas, a maritime hacking village dubbed Hack The Sea will welcome them and offer all kinds of help.
About the event
The three-day mini conference, whose goal is to bring together individuals and organizations from the hacking community and the maritime sector, is scheduled to start on August 8 at Bally’s Event Center in Las Vegas and will feature a number of activities:
- A capture the flag event will be held on a cyber range featuring real ship systems like satellite modems, radar, and programmable logic controllers
- A series of tutorials and mini-workshops will be taught to introduce members of the hacking community to common maritime systems and network protocols and attendees will then have access to loaned or donated equipment so they can try out their new skills
- There will be a forum for discussions on maritime public policy issues ranging from cyber security to sea-steading.
“Our hope is to foster an interest among maritime organizations and hackers in working together to help solve challenges in the maritime sector, especially where public safety concerns emerge as vessels traveling the world’s oceans become part of the ‘internet of things’,” Brian (aka R3doubt), one of the lead coordinators for the event, told Help Net Security.
Attendees will also be able to speak to representatives from I Am The Cavalry and MPS-ISAO, who play a role in providing a link from security researchers to companies in the maritime sector.
“Project Gunsway, which has been indispensible in our efforts to do ethical public disclosure of vulnerabilities, will also be represented,” he added.
The seed of Hack The Sea was planted on Slack chats between Brian, Beau Woods and other hacker-volunteers working with I Am The Cavalry, then was watered and grew during discussions over beers at ShmooCon 2019.
Brian and John Palmisano (the other lead coordinator) started out by asking people they knew for equipment and volunteers to help staff the event or teach workshops. They, in turn, reached out to their own networks and provided even more contacts in other organizations.
“A range of organizations and individuals from both the hacking and maritime communities have generously committed their time as volunteers and speakers, as well as equipment, funds and additional contactss to help making Hack The Sea at DEF CON 27 a reality,” Brian explained.
“The village is being sponsored by the American Bureau of Shipping, Fathom5 Security, Pen Test Partners, and AmCyber Security. In addition to I Am The Cavalry and Project Gunsway, we also have speakers, equipment, and other support being provided by Rosen Group Oil and Gas, the Seasteading Institute, and the Maritime and Port Security ISAO. Finally, the DEF CON 27 organizers and volunteers gave us the venue and opportunity.”
The response has been very positive, he noted, but handling the logistics is a challenge for a team of part-time volunteers spread out across Europe and the US. “Nevertheless, it has been very exciting seeing the event take shape, from a few ideas on a Slack channel to a three day event in Las Vegas, all in just a few short months,” he concluded.