Sunday, April 21, 2024

Was It Or Wasn’t It, The Bridge Collapse Raises Questions

Yesterday’s bridge collapse is devastating for many reasons. The innocent lives lost of a construction crew that happened to be in the wrong place at the wrong time. The damage to the infrastructure, trapping some ships in the harbor and preventing others from entering. The damage to the supply chain is obvious. Overall, Baltimore ranks as the ninth-largest U.S. port for international cargo. It handled a record 52.3 million tons, valued at $80.8 billion, in 2023. According to the Maryland state government, the port supports 15,330 direct jobs and 139,180 jobs in related services.

Anytime something like this happens, when a clear-cut conclusion isn’t obvious, rumors and conspiracy theories begin to swirl. Sometimes they’re not justified, but other times they are. The truth is that not one government today is lily-white, and they very rarely tell the truth about anything. Add in the sponsored terrorist groups as well as the rogue ones and the planet has become the wild, wild west both physically and in the cyber world. Many times, the crimes are unseen by the naked eye. Hidden behind a veil of secrecy in a world of deep corruption.

I am not saying that the bridge collapse was a cyber-attack. I am saying that there are possibilities of foul play and that those pathways need to be investigated. Not just for this incident, but for the possibility of future attacks. Our country has vulnerabilities, and they need to be corrected. Whether or not this was an attack or not, the back door is still open, and we have known about it.

As far back as 2014 the threat has been known concerning the IT systems on ships. In 2018, Pen Test Partners’ Ken Munro and his colleagues, some of whom are former ship crew members who really understand bridge and propulsion systems, have been probing the security of ships’ IT systems. Frankly, the results are more than depressing. Satcom terminals exposed on the Internet, admin interfaces accessible via insecure protocols, no firmware signing, easy-to-guess default credentials, and so on.

Partners’ Ken Munro says, that the advent of always-on satellite connections has exposed shipping to hacking attacks. “Ship security is in its infancy, most of these types of issues were fixed years ago in mainstream IT systems.” 

Potential attackers can take advantage of poor security hygiene on board and the poor security of protocols and systems provided by maritime product vendors.

For instance, the operational technology (OT) systems that are used to control the steering gear, engines, ballast pumps, and so on, communicate using NMEA 0183 messages. However, there is no message authentication, encryption, or validation of these messages, and they are in plain text.

Munro went on to explain:

 “All we need to do is man in the middle and modify the data. This isn’t GPS spoofing, which is well known and easy to detect, this is injecting small errors to force a ship slowly and insidiously off course.”

In this case, the ship was subtly off course well before it struck the bridge support. We know that it lost power at least twice as it was approaching the bridge, meaning that it would lose rudder control.

Also unrelated, there do appear to be flashes at certain locations on the bridge in places that would facilitate its collapse. Does any of this mean anything? All I know is that it does raise questions. If a ship can be subtly aligned off course to strike bridges and shut down shipping lanes, that is obviously a major problem.

Was this an attack? Draw your own conclusions. As time goes on and more information seeps out, we may eventually know one way or another. In any case, we do know that a cyber backdoor exists, and it needs to be slammed shut now.