2025-09-05 –, Track 1
We reveal how to secure OT/IT aboard ships, the challenges involved and the lessons this holds for securing these systems in other environs.
Cruise ships are possibly the most complex collection of systems that you'll find in one physical, moving location. Propulsion, navigation, power generation and more, combined with a hotel, restaurant, casino, theatre etc, with safety and fire control systems to boot. That complexity creates huge challenges with keeping OT and IT systems apart. Ships engines are often remotely managed, network segregation is often defeated through troubleshooting when at sea.
We'll recount multiple entertaining and informative tales of taking control of ships, including accessing a ships Azipods via a game simulator for passengers. "Fortunately, genuine attacks against vessels are very rare, but the effects and impacts to world trade are becoming increasingly obvious"
Ken Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He regularly blogs on everything from ICS issues in maritime security to hacking cars and the Internet of Things. This has led to regular appearances on TV and BBC News online as well as the broadsheet press.
Ken has become a voice for reform and legislative change, briefing UK and US government departments as well as being involved with various EU consumer councils. He has also spoken about ICS and IIoT security issues at various events including the Maritime Cyber Security Summit, and CMA Shipping.
He’s also not averse to getting deeply techie, regularly participating in hacking challenges and demos at RSA, Black Hat, 44CON, DEF CON and BSides amongst others. Ken is also a member of the CVE Board.