Hacker attack on Gnv ship, second sailor detained in Italy. The expert: 'Be prepared for any scenario'

Agents from the DGSI - the French internal security agency - boarded the ship and found an electronic device (perhaps a USB key, perhaps a hard disk) which, according to the charges formalised on Monday 15 December by the Paris Public Prosecutor's Office, contained RAT (Remote Access Trojan) malware, theoretically capable of taking control of the ship and remotely piloting it. After the initial investigations, the investigators released the Bulgarian citizen and formalised the charges against the Latvian: 'conspiracy to pursue the interests of a foreign power', 'attempted intrusion into computer systems' and 'unprovoked possession of devices designed to interfere with automatic navigation systems', as stated in the documents.

'Taking remote control of a ship is one of the scenarios most feared by maritime operators,' Christian Cévaër, director of France Cyber Maritime, an association specialising in countering cyber threats to shipping, told AFP, 'because it can lead to potentially very serious physical consequences, such as driving the ship against a target. There may also be behind it the will to create destabilisation at a political level and strong economic impacts'.

While the investigations continue in France, Italy and Latvia - with the support of Eurojust - the defence of the detained 20-year-old Latvian is trying to tone it down: 'The thesis of Russian interference seems exaggerated to me,' said lawyer Thibault Bailly, 'and the investigation will show that this affair is not as disturbing as it seems at the moment.

But the theoretical hypothesis of a quantum leap in hybrid threats, with the possibility of remotely controlling civilian and military vessels and launching them against sensitive targets or taking them hostage, has been on the European defence dossier for some time now, and the Fantastic affair can serve to take stock of the situation.

"In an exercise some time ago, we took control of a frigate of the Italian Navy: we locked the rudders, took control of the engines, made all the telephones ring, flooded the decks, and took control of the combat system": to tell Sole 24Ore this is not - fortunately - a hacker in the pay of a foreign power or the exponent of a terrorist group, but Carlo Festucci, president of DEAS Cyber+, an Italian company with founded in 2018 by entrepreneur Stefania Ranzato, which today has 150 employees, over 25 million in turnover and collaborates with the Ministry of Defence to secure the army's systems. Festucci recounts Chironex, an exercise that recently took place off the coast of Sardinia, in which DEAS Cyber+ played the role of the hostile entity to test the Navy's reaction capabilities on a ship equipped with one of the most high-tech control ports available at the time.

Last week, in another exercise, the company's professionals had attacked and taken over the control tower systems of a military airport in Lazio.

'Since we are in a position to take possession and deploy these systems, we are also in a position to defend them. And that is what we work with Defence on,' explains Festucci, who evokes even more layered and complex scenarios. 'Imagine having to deal with simultaneous attacks on transportation, the health system, the energy infrastructure and highways. It is not that difficult: an actor with malicious intent can succeed, if he has sufficiently good hackers at his disposal, and with a not so high investment of money he can cause enormous damage'.

According to Festucci, Italy is rich in cyber defence expertise, but awareness of the threats and the investments needed to foil them is not so widespread. "Let's imagine a scenario of drone attacks against a ship,' he says, 'in this case, equipping the ship with missiles has a significant cost. Equipping a basic level cyber system, on the other hand, costs a few million'.

These are scenarios that - with the intensification of hybrid threats - politics is making a priority: the 'non-paper' on hybrid warfare presented last month by Defence Minister Guido Crosetto goes in this direction, recognising cyber space as a national defence space and proposing the establishment of a 'cyber weapon' with an initial capacity of 1200-1500 operational units.

However, as we reported in our recent specials, hybrid warfare is by definition non-linear, it runs simultaneously on several planes, and the cyber environment is only one of them: from explosive attacks on railway lines in Poland to balloons capable of paralysing air traffic in Lithuania, from the cutting of submarine cables in the Baltic Sea to electromagnetic interference in GPS systems on the eastern flank of the European Union and societal destabilisation operations in France, hybrid warfare presents itself above all as a continuous arsenal of any aspect of everyday life in open societies.

'Unfortunately, the only limit is the imagination, and one has to be prepared to imagine any kind of attack and defence,' Carlo Festucci concludes.