Polytechnique Montréal's cybersecurity team is joining forces with two companies in the maritime sector to establish a maritime cybersecurity research and development center. Their goal? To secure the computer and electronic systems responsible for ship movement and port activity management.
With a few exceptions, the era when pirates attacked merchant ships brandishing swords is long behind us. However, as with other economic sectors, the shipping industry is under attack from modern-day marauders – also known as remote hackers, who use computer systems to wreak havoc. At least 80 such incidents have occurred in the maritime sector over the past 20 years, according to maritime cybersecurity blog (in French only)
In addition to ransomware attacks, a plethora of vulnerabilities make the shipping industry a prime target for malicious endeavours. Some such efforts could include hacking communications systems, computer virus attacks, and remotely accessing navigation systems with the goal of taking over or forcibly changing a vessel’s geolocation, and potentially causing shipwreck.
To help batten down the hatches against cyber threats, Davie Canada and Neptune Cyber are teaming up with Polytechnique Montréal Professors Nora Boulahia Cuppens and José Fernandez (both from the Department of Computer Engineering and Software Engineering) to provide solutions to detect malicious activity and protect the maritime sector. In a press release issued by industrial partners Davie Canada and Neptune Cyber, it was noted that both professors are renowned for their work in the field of critical infrastructure cybersecurity, cyber-resilience and cyber defense, and are thus amply qualified for this Québec-first in maritime cybersecurity.
Over the next 5 years, these industrial and academic partners will carry out various research studies in order to better understand and anticipate the risks facing the industry. The group will also develop cybersecurity solutions adapted specifically to the marine industry’s needs.
“This collaboration is a golden opportunity for us,” notes Professor Cuppens, who until recently was conducting research while also being involved in two Research Chairs in Critical Cybersecurity Infrastructure, as well as in naval systems cyber defense in France. "We’ll be able to combine our expertise in cyber defense and cyber-resilience with that of Neptune’s in terms of maritime cybersecurity, and also access Davie's infrastructure and naval expertise to develop solutions that truly meet the unique needs of the maritime sector,” Cuppens adds.
Davie Canada and Neptune Cyber will provide a total contribution of $1,700,000, including approximately $500,000 in hard currency and the equivalent of $1,200,000 in support, expertise, and equipment, for the duration of the project. Most of the funding will be used to train a dozen master's and doctoral students who will become a new generation of experts in critical infrastructure cybersecurity.
The potential to emerge as international leaders
Many industries established in the 19th or early 20th centuries have been slow to adopt cybersecurity solutions despite the technological revolution; the maritime industry is no exception. However, now that ship and port infrastructure is based on high-tech integrated, connected systems, a series of existing IT-based breaches must be closed.
The International Maritime Organization (IMO) has now decided that the aforementioned reinforcement measures are a priority. As of January 1, 2021, the IMO will require that cyber risk management be integrated into security initiatives during the first annual verification of vessel compliance certificates.
According to Professor José Fernandez, the maritime sector is the perfect place to develop made-in-Canada maritime cybersecurity expertise that can become a global lodestar. "This is an exceptional opportunity for innovation likely to contribute to the country’s economic development," says the researcher, who also sees the possibility of developing international influence.
Professor Fernandez is also a specialist in the cybersecurity of critical infrastructure in several other areas, such as power grids, urban traffic control networks, and aviation. He notes that the maritime cybersecurity research center will very likely expand over the next few years. In addition to the incorporation of new industrial partners from the maritime and critical infrastructure sectors, it could also integrate the expertise of more university researchers, and also benefit from contributions from the Centres collégiaux de transfert technologique (CCTT) and maritime personnel training centers.