Cybersecurity – Pacific Maritime Magazine

Ship-to-Shore Cranes: A Target for Foreign Adversaries

Setting the Stage The frenzied buzzing of the seaport manager’s cell phone interrupted his weekly staff meeting. There were urgent text messages and voice mails signaling that there was a major problem at Container Terminal 5. One text message said, “Crane 5A has stopped functioning! Crane 5C can’t be stopped! Help!” Apparently when one of the world’s largest container ships containing over 20,000 Twenty-Foot Equivalent Units (TEUs) docked at Terminal 5, all hell broke loose. But why? Even though this is a hypothetical story, the U.S. Government and FBI are worried that such a scenario could come true. On Feb.…

Maritime Security: 2023’s Attacks, Pitfalls and Impacts

The maritime industry continues to be a target for cyberattacks. In 2023, the industry witnessed increased cyberattacks, with ransomware and distributed denial of service (DDoS) attacks being the most predominant. We hope to raise awareness about these threats, focusing on the incidents that occurred in 2023, while providing some insights into effective defense strategies. Of note, a useful resource to view a record of global maritime cyberattacks is in the NHL Stenden, University of Applied Sciences Maritime Cyberattack Database at http://tinyurl.com/dejyercr. It’s a free resource that was referred to when preparing this article. Cyberattacks: Financial and Business Consequences An October…

Cyber Threats to the Maritime Sector

“Quishing” and a summary report. Cyber and physical security concerns are still actively in play in the maritime industry. Ships, seaports and supporting organizations are all exposed to cyber-attacks and threats to their physical security. In this column, we examine a new cyber phenomena, followed by a seminal report sponsored by market data firm Thetius, risk management company CyberOwl and international law firm HFW. Phishing and “Quishing” Due to its increasing digitization and connectivity, the maritime sector has become more vulnerable to cyber threats, including phishing and the newly emerging threat of “quishing.” Phishing is a common method used by…

Evolving Threats: Adapting to Trends in Maritime Cargo Theft

The maritime industry exists to move goods and people via the oceans, lakes and rivers. These goods range from breakbulk—such as wheat, coal, gravel—to thousands of containers moving high-value cargo. Unfortunately, cargo theft in the U.S. is a $15 to $35 billion enterprise that affects seaports, airports, trucking companies and shipping companies daily. The cargo thefts are not necessarily focused on high-value goods such as semi-conductors and precious metals, but also on food and beverages. For instance, in the Seattle area, one thief posed as a Safeway employee and attempted to steal more than $700,000 of king crab for resale.…

A Busy Few Months for Maritime Cybersecurity

The late spring and early summer months have been busy for the maritime industry. Over the past few months there have been a series of reports issued by Allianz, DNV and the U.S. Coast Guard that examine trends and offer insights on maritime cyber and physical security that are likely of interest to Pacific Maritime readers. Before we begin to detail these reports, let’s examine the ransomware attack at the Japanese Port of Nagoya on July 5. Nagoya Port Ransomware Attack On or about July 5, the Port of Nagoya was shut down by a ransomware incident infecting computers that…

10 Threats You Need to Know About in 2023

Recently on my YouTube channel, I posted a video about 10 cybersecurity threats today’s executive needs to keep in mind (https://bit.ly/3HQ4Z2e). As I thought about this list, I realized it also applies to those of you in the maritime community. So, here is a review of those threats for your awareness. The list of cybersecurity threats is broad; however, here are 10 select threats discussed in this article: Nation-state attacks Artificial intelligence attacks Zero-day exploits Supply-chain attacks Insider threats Social engineering attacks Cloud security threats Internet-of-things (IoT) attacks Ransomware attacks Phishing attacks In November 2022, the Secretary of the U.S.…

Autonomous Ships: Cyber Risks Dead Ahead

I just finished reading the book Intelligent Automation by Pascal Bornet. It’s a fascinating look at the future implementation of artificial intelligence in today’s and future businesses. Since my role is to assess and understand the cybersecurity threats on the maritime sector, Bornet’s book caused me to look for analysis and resources regarding autonomous ships and their implementation. I was surprised at how much has been written on this subject. As an experiment, I suggest you do a Google search on terms such as “autonomous ships,” “autonomous seaports,” etc. I think you’ll be surprised. What I’d like to provide in this…

Another Seaport Under Cyber Attack

The Port of Lisbon in Portugal is attacked by LockBit ransomware. Put yourself in this manager’s shoes: It’s Christmas Day. You’re in the middle of the extended family meal of roast turkey with all the fixings. Suddenly, you’re interrupted by an urgent call from your seaport duty officer. She informs you that the website is down, and all the computer screens are showing an alert from a ransomware attacker extorting your port. Operations seem to be okay, but the ransomware alert is threatening. This is essentially the scenario faced by the Port of Lisbon on Dec. 25 last year. The…

Cyberspace Impacts and Ships and Seaports—U.S. Coast Guard Response

Maritime cyber security risks are increasing for both ships and seaports. These risks and their consequences negatively impact national economies, shipping companies and seaports. There is increased attention on this by national governments, national coast guards and agencies abroad such as the International Maritime Organization (IMO). We also need a sense of how the U.S. Coast Guard is reacting to these threats. About a year ago, the Coast Guard published its Cyber Strategic Outlook to raise awareness and reemphasize the agency’s role in cyber security. Admiral Karl L. Schultz, Commandant of the U.S. Coast Guard, observed in his introduction to…

Shipboard Operational Technology: At Risk from Human Error and Cyber Attacks

As you stand on the bridge of a modern container ship, freighter, cruise ship, etc. what do you see? You see a variety of digital and analog systems including touchscreens, keyboards, mice/trackballs and even laptops. As a cybersecurity professional, I see a variety of opportunities for a cyber attacker to inject malware to take over systems or at least knock them out of service and imperil the vessel and cargo. Even an unprotected USB port on the bridge could actually be an opening for an attack. The new digitized bridges and engine rooms have revolutionized the operation of the ship;…