Hack The Sea is a DEF CON village composed of professional and hobbyist hackers specializing in maritime operational technology.
The organization believes it’s critical to explore new ways to protect the vital technology that ensures maritime systems run safely.
I Am The Cavalry spoke with the Hack The Sea team about their work.
Q: Can you describe what Hack the Sea is, and how it works?
A: Hack The Sea is an event at DEF CON that includes speakers, a capture the flag tournament, contests, panels, and meetups for hackers interested in maritime operational technology (OT). Hack The Sea is expanding to a 501c3 educational and research organization in the near future, so it can continue hosting similar events to promote awareness year-round and sponsor original research in the domain.
Q: What are the current security threats to maritime vessels? Why should people care about them?
A: Some of the biggest threats to maritime vessels are against Positioning, Timing, and Navigation (PTN), and against the cargo management systems on which our ports and much of our global economy rely. The maritime sector accounts for or impacts 25% of the U.S. Gross Domestic Product (GDP) according to the National Maritime Cybersecurity Plan. That is roughly as important economically as our financial sector, yet only a fraction of the money spent on securing Wall Street is spent securing our ports or shipping vessels.
Q: How does connected technology make ships a target for malicious actors?
A: Large commercial vessels, off-shore oil platforms, and container vessels are already part of the Internet of Things (IoT). Cargo is tracked from port to port, wear on engine parts is monitored by sensors and reported in real-time for maintenance planning, and the crew performs personal and administrative duties like sending email via satellite links. These are all prime targets for malicious actors.
Q: Hoes the competitive aspect of your challenges bring out the cybersecurity community’s best?
A: Our capture the flag event (CTF) gives participants a challenge they just aren’t going to get doing typical CTFs, including working with protocols they have likely never seen before. Our hackathon challenge, which is focused on mesh networked sensors this year, is an opportunity for makers and hackers to design open-source technology that will be produced and deployed for environmental research by the Ocean Builder’s Blue Frontier tech incubator.
Q: How will the public benefit from the insights you get from these exercises?
A: Our hope is to inspire attendees who come from the traditional IT world to consider how their skills could be applied in tackling challenges in the maritime sector. It is truly a domain where computer security and safety of life intersect in exactly the sort of way I Am The Cavalry was founded to impact.