Fathom5’s Maritime-Industrial CTF event allows competitors to gain hands-on experience hacking real maritime hardware in a controlled environment using Fathom5’s Grace maritime cybersecurity testbed. Grace is an accessible, realistic configuration of maritime systems where competitors complete challenges in a simulated afloat environment, with real ICS components and fieldbus protocols. The Grace testbed replicates a series of different maritime-industrial environments, including navigation, fire main, and hydraulic steering systems. The testbed makes both physical and simulated components available to competitors in order to replicate performance of maritime systems at lifelike scale. The CTF challenges scale from novice to expert-level on both IT and OT fronts such that competitors can gain experience on either side of the system. This CTF event has been deployed at DEF CON 27 (Aug 2019) as part of the Hack the Sea Village v1.0, at HACKtheMACHINE-NYC (Sept 2019), at Gray Hat 2020 (find date), and most recently at HACKtheMACHINE- Virtual in March 2021. This CTF can support approximately 20 teams of 3-5 individuals concurrently and typically takes 14 hours for skilled teams to navigate the challenges. The number of teams, size of teams, and depth of challenges can be adjusted to fit within host event timelines.

Fathom5 seeks to build a community of practice around understanding and securing Industrial Control Systems (ICS), specifically in environments such as Seaports and bluewater Vessels that heretofore were considered secure by virtue of their physical components “disconnected” nature. Industry-wide trends toward digitization have resulted in these operational technology (OT) systems no longer being disconnected. Cyberattacks in the maritime sector have already been shown to have devastating consequences, with the 2017 Maersk outbreak being just the most widely known example. The most recent event with the ‘Ever Given’ in the Suez shows how fragile the global maritime transportation sector can be to disruptions. Unfortunately, the skillset required to understand and mitigate cyber risk in multi-layered systems-of-systems architectures that span OT & IT systems is incredibly rare, both in the maritime industry and in the cybersecurity community writ large. Fathom5 is on the forefront of steering critical industries towards secure digitization and has developed representative Seaport and bluewater Vessel systems specifically to spotlight the cybersecurity risks the maritime industry faces. We are bringing more and more advanced systems to DEF CON each year so as to challenge the hacker community to turn their time and interest towards securing our cyberphysical reality. This CTF is done as part of the Hack the Sea Village.