The majority of the modern economy's logistics is implemented via shipping vessels controlled through systems that embody a combination of the worst parts of a corporate network, ICS, and embedded systems. These systems were largely designed decades ago and are rarely, if ever, updated - yet are exposed to a large number of attack surfaces on the internet and via radio-frequency attacks.
This talk will cover the protocols used by the commonly implemented systems found in both commercial and private maritime vessels - including large capacity tankers and container ships - and the shoreside infrastructure used to communicate with, and issue commands to, the shipboard systems. We will see how this infrastructure can be attacked, and how it in turn can be used to carry out significant attacks that could cause major disruption to the world's economy.