February 1, 2021 · Analysis Port Security Cyber

Analysis: UMS and Port Cybersecurity



▶︎ Increasing automation of port security operations will enlarge port attack surfaces and provide malicious actors with an expanding range of exploitable attack vectors.

▶︎ Port unmanned maritime systems (UMS) will be vulnerable to cyberattacks both as targets and as operational attack vectors.

▶︎ Adversary-manufactured UMS used in friendly foreign ports for surveillance and security operations could be used as platforms for adversary intelligence gathering or cyberattacks.

▶︎ Malicious actors could employ consumer/hobbyist UMS to infiltrate ports and coastal installations for purposes of covert intelligence gathering and cyber operations.

▶︎ UMS and underwater sensor networks present a unique cybersecurity vulnerability given their remote control or autonomous operations, increasing reliance on algorithmic processing and artificial intelligence, and eventual use of acoustic communication

In the nearly two decades since 9/11, the phrase "port security" has generally referred to safeguarding physical port infrastructure against kinetic attacks. But in the wake of several high profile maritime cyber attacks, such as Shahid Rajaee, and NotPetya, as well as the ongoing trend toward greater integration of information technology (IT) and operational technology (OT), the maritime sector has been thrust to the forefront of the national and global cybersecurity dialog.

Much of the available research on port cybersecurity focuses on threats and vulnerabilities originating within, or posed by, commercial operations - i.e. the web of interconnected IT and OT involved in navigation, communications, and the intermodal movement of cargo. But ports are also increasingly automating their physical security operations, from closed-circuit surface surveillance, to underwater intrusion detection systems (IDS), to unmanned maritime systems (UMS), the compromise of which could provide an attacker with access to port commercial information technology (IT) and operational technology (OT), as well as enable kinetic attacks on port infrastructure resulting in significant economic disruption and geopolitical instability. It is therefore imperative to understand the integrated nature of port cybersecurity threats and vulnerabilities arising from both commercial operations and physical port security.

What follows is an overview of potential port cybersecurity threats and vulnerabilities posed by UMS - underwater sensor networks, COTS and consumer/hobbyist unmanned surface vehicles (USVs), and COTS and consumer/hobbyist unmanned underwater vehicles (UUVs) - as well as cyberattack methods and scenarios involving UMS as either the victim or operational vector.

Abbreviations and Definitions:

AI - Artificial Intelligence

C2 - Command & Control

ISR - Intelligence, Surveillance, and Reconnaissance

USV - Unmanned Surface Vehicle
A remotely piloted or autonomous surface vehicle.

UUV - Unmanned Underwater Vehicle
An umbrella term referring to AUVs and ROVs.

AUV - Autonomous Underwater Vehicle
An untethered UUV that is capable of carrying out missions with little or no human intervention.

ROV - Remotely Operated Vehicle
A UUV that utlizes an umbilical tether during operation.

UMS - Unmanned Maritime Systems
An umbrella term referring to USVs and UUVs.

UAS - Unmanned Aircraft System
An umbrella term referring to remotely piloted or autonomous air vehicles.

IT - Information Technology
Computers, hardware, and software used in the management and manipulation of digital data.

OT - Operational Technology
Hardware and software used to control devices and processes that interact with the physical world.

COTS - "Commercial Off the Shelf" refers to platforms and technologies that can be purchased directly from manufacturers, specialty vendors, or online retailers, and serve a range of potential users from professional (science, industry, defense) to recreational.

Consumer/Hobbyist - Refers to a subset of COTS platforms and technologies that are user-friendly, low-cost, and generally appeal to recreational users only.

Active Intrusion - A cyberattack that involves the injection of malicious software to disrupt, degrade, damage, or gain control the victim's IT or OT.

Passive Intrusion - A cyberattack that involves intercepting or eavesdropping on victim communications or data transmissions.


Advancements in acoustic and signal processing technologies have enabled the development of sophisticated underwater sensor networks to safeguard ports, coastal facilities, and offshore infrastructure against unauthorized underwater access.




IDS are hard-wired, semi-"closed" systems providing a buffer against passive cyber intrusion. However:

Port underwater security operations may also involve close-in inspection of vessels and port infrastructure (pilings, underwater cables, pipelines) utilizing a remotely operated vehicle (ROV), an unmanned underwater vehicle that is tethered to a C2 unit operating from a pier or manned inspection vessel.


As underwater communication technologies continue to mature, and as AUVs are integrated into port security operations, IDS may come to rely on acoustic communication for underwater C2.




USVs are currently undergoing testing and are on track to be widely deployed for port infrastructure inspection and security operations.

USVs will integrate with port IT systems and can be controlled and/or accessed via wireless (WiFi, LTE) connectivity. They can therefore be both victims of cyberattacks or exploited as attack vectors.

Analysts have speculated that adversary-manufactured consumer/hobbyist UAS (quadcopter drones) could be used in carrying out state-sponsored ISR, or augmented with additional technologies to engage in cyberattacks. This has implications both for adversary-manufactured USVs used in friendly port security operations, as well as general COTS or consumer/hobbyist UMS which could be equipped with specialized intelligence and/or cyber payloads.

           Source: RAND, How to Analyze the Cyber Threat From Drones

While there is no direct evidence of DJI drones being used in state sponsored espionage, if drone-based intelligence operations are in fact a valid security concern, it should also apply to Chinese USVs which will soon be used for a variety of missions, including port security.



           The OceanAlpha ME40 (Hydrographic Survey)

           The OceanAlpha M75 (Surveillance & Security)


▶︎ Unmanned Surface Vehicles (USVs)

If consumer/hobbyist UAS are capable of posing a cyber threat to WiFi networks, so too can WiFi-enabled consumer/hobbyist UMS. And given that consumer/hobbyist UMS are not subject to GPS restrictions (geofencing), they could provide malicious actors with a low-visibility insertion platform to circumvent UAS geofencing and carry out covert cyber or ISR operations within a port's security perimeter.

            Screen-Shot-2021-01-11-at-9.12.14-AM  Screen-Shot-2021-01-11-at-9.15.18-AM-1
           Source: DJI GEO Zone Map

            Screen-Shot-2021-01-11-at-9.04.07-AM-1   Screen-Shot-2021-01-11-at-9.06.23-AM           Source: DJI GEO Zone Map

           Source: DJI GEO Zone Map

           Screen-Shot-2021-01-08-at-12.05.43-PM     Screen-Shot-2021-01-11-at-8.55.30-AM
           Source: DJI GEO Zone Map

           Source: DJI GEO Zone Map

           Screen-Shot-2021-01-12-at-12.41.57-PM    Screen-Shot-2021-01-12-at-12.49.23-PM
           Source: DJI GEO Zone Map

The availability, affordability, and simplicity of consumer/hobbyist UAS makes them an attractive platform for malicious actors compared to USVs.

However: The ubiquity of the quadcopter makes it easily recognizable, and its domain of operation makes it vulnerable to radar and even visual or auditory detection. Thus, the proliferation of quadcopters, coupled with the use of geofencing in port security, could lead malicious actors to seek out an alternate unmanned platform when carrying out cyber or intelligence operations against sensitive coastal locations.

While many consumer/hobbyist USVs tend to be in the form of remotely controlled toys, many have gained traction as highly capable tools for fishing and marine observation. (NOTE: UMS products cited and pictured below are provided for illustrative purposes only.)

           The Flytec V500

           The Waverunner Mk4



▶︎ Unmanned Underwater Vehicles (UUVs)

UUVs fall into two broad categories: Autonomous Underwater Vehicles (AUVs), which operate untethered and are capable of carrying out preprogrammed missions with little or no intervention, and Remotely Operated Vehicles (ROVs), which are tethered via communications cable to a pier or vessel-based C2 unit and operated by a human pilot.

While state actors or well-equipped/funded nonstate proxies could use sophisticated COTS or indigenously developed AUVs to infiltrate ports, coastal infrastructure, and inland waterways, actors seeking to exploit COTS or consumer/hobbyist underwater vehicles for ISR or cyber operations would be limited by these vehicles' inherent performance limitations and cost.

           The Beobachtung Amethyst AUV

While technological and financial barriers will likely constrain malicious RC/autonomous unmanned underwater operations for the foreseeable future, tethered operations using consumer/hobbyist or COTS Remotely Operated Vehicles (ROVs) are possible.


Below are several possible cyberattack methods and scenarios involving UMS as either the victim of the attack, or as the operational attack vector.

▶︎ Zero Day Exploit:

A zero day exploit is a cyberattack that takes advantage of a previously unknown software flaw that enables unauthorized access to a system or larger network. (The flaw has been known for "zero days" when discovered.)

▶︎ Man in the Middle Attack

During a man-in-the-middle attack, an attacker impersonates a victim network node in order to intercept transmissions, disrupt network traffic, or inject false data into the stream.

▶︎ Position, Navigation, and Timing (PNT) Attack:

A PNT attack involves jamming, disrupting, disabling, or "spoofing" a vehicle's satellite navigation (GPS, GNSS, BeiDou, GLONASS) by either preventing onboard PNT technology from receiving satellite signals (jamming), directly attacking the PNT technology onboard the vehicle, or by manipulating the signals that the vehicle's PNT receivers rely upon (spoofing). PNT attacks are a serious concern for the maritime sector, particularly in certain regions of the world such as the Black Sea and eastern Mediterranean where Russia is believed to engage in GPS jamming and spoofing.

▶︎ False Data Injection Attack (FDIA):

An FDIA occurs when a malicious actor alters the data and/or sensor inputs that inform critical decision-making by IT, OT, or human operators.

▶︎ AI Intrusion/Manipulation:

Autonomous and artificially intelligent systems require access to large, unstructured datasets for use in algorithmic decision-making or, in the case AI, deep learning. An AI manipulation attack would involve altering or contaminating a dataset, or even replacing an entire AI model, in order to disrupt or degrade a system's decision-making capability or to force outcomes that are favorable to the attacker. Such an attack would be extremely hard to detect, and might even be undetectable. Once discovered, the data would have to be sanitized, and any AI models retrained, while trust would be severely, if not irrevocably, damaged.

▶︎ Acoustic Intelligence:

Port acoustic intelligence would be useful in planning underwater infiltration operations or acoustic cyberattacks. Small hydrophones could be used to gather intelligence on the port's underwater environment, including communications, IDS operations, ambient noise, or the acoustic signatures of vessels, all of which could be used in preparation of the battlespace.

           The Aquarian H2A-XLR Hydrophone

           Autonomous Underwater Recorder

           The Teledyne Benthos Compact Modem

▶︎ Underwater Imagery Reconnaissance:

Underwater imagery would also be important in planning infiltration operations for purposes of ISR, cyberattacks, or kinetic strikes on vessels or port infrastructure.


Maritime cyberattacks are on the rise, and while port cybersecurity research rightfully emphasizes the vulnerabilities originating within port commercial operations, it should also extend to vulnerabilities originating within, and related to, port physical security operations. Increased automation of port security and the coming integration of UMS and underwater sensor and communication networks will enlarge port attack surfaces and provide malicious actors with an expanding range of exploitable attack vectors. Port UMS will be vulnerable both as targets and as operational attack vectors, and could be used by adversaries operating friendly foreign ports for intelligence gathering or cyber operations. And much as consumer/hobbyist UAS are potential platforms for drone-based ISR and cyberattacks, COTS consumer/hobbyist UMS could be used to infiltrate ports and coastal installations for similar missions. Identifying potential attack vectors and imagining attack scenarios such as those outlined here will help to mitigate the effects of port cyberattacks, and avoid a destabilizing and potentially devastating blow to the global economy.


  • LinkedIn
  • Tumblr
  • Reddit
  • Google+
  • Pinterest
  • Pocket