Recently on my YouTube channel, I posted a video about 10 cybersecurity threats today’s executive needs to keep in mind (https://bit.ly/3HQ4Z2e). As I thought about this list, I realized it also applies to those of you in the maritime community. So, here is a review of those threats for your awareness.
The list of cybersecurity threats is broad; however, here are 10 select threats discussed in this article:
- Nation-state attacks
- Artificial intelligence attacks
- Zero-day exploits
- Supply-chain attacks
- Insider threats
- Social engineering attacks
- Cloud security threats
- Internet-of-things (IoT) attacks
- Ransomware attacks
- Phishing attacks
In November 2022, the Secretary of the U.S. Department of Homeland Security, Alejandro Mayorkas, said the most significant threat to U.S. ports is cyberattacks.
“One of the concerns that we have is the cybersecurity threat to ports,” he observed. “We are increasing the level of technology by which our ports operate and that is why not only Customs and Border Protection have a focus on cybersecurity, but so does the United States Coast Guard” (https://bit.ly/44EbnDc).
1. Nation-State Attacks
China, Russia, Iran, North Korea and other countries unfriendly with the U.S. are using cyberattacks as a means of espionage, sabotage, warfare and outright theft. These attacks pose significant threats to organizations and governments alike.
A major example is the 2017 NotPetya attack, which affected the operations of several shipping companies, including Maersk, and ports around the world. The attack, attributed to Russian state-sponsored hackers, caused significant disruption and financial losses to affected companies. Maersk reported losses of up to $300 million.
Another example is detailed in U.S. Coast Guard Cyber Command Maritime Cyber Alert 03-22. The alert reports that the Russian-based cyber-criminal and hacktivist group known as “KILLNET” is targeting public-facing websites, logistics and operations support systems and internet-of-things (IoT) devices.
2. Artificial Intelligence Attacks
Attackers—including nation-states and common criminals—are using AI to automate their attacks and evade detection. This makes it difficult for traditional security measures to detect and respond to these attacks.
AI attacks on maritime are a relatively new and emerging threat. The use of artificial intelligence in the maritime industry has increased in recent years, from autonomous ships to predictive maintenance systems. However, this increased reliance on AI has also created new vulnerabilities that can be exploited by attackers.
One potential threat is the use of AI to disrupt or manipulate shipping operations. For example, an attacker could use AI to hijack a ship’s autonomous navigation system, causing it to steer off course or collide with other vessels. Similarly, an attacker could use AI to manipulate the data used by a ship’s predictive maintenance system, leading to equipment failures caused by inadequate maintenance or other safety issues.
3. Zero-Day Exploits
Zero-day exploits are vulnerabilities in software or hardware that are not yet known to the vendor or the public. They are almost the “perfect” attack vector on any organization or government. Thus, it is almost impossible to detect and protect against these attacks.
The cybersecurity firm Mandiant analyzed 95 vulnerabilities that were exploited between the first quarter of 2020 and the first quarter of 2021 and found that a majority (61%) of analyzed exploited vulnerabilities were exploited as zero-days. More zero-days were exploited in the first quarter of 2021 than each of the past four years (https://bit.ly/3M6MRn1).
4. Supply-Chain Attacks
Attackers are targeting the supply chain—including key shipping and trans-shipment entities—to gain access to the organization’s systems and data. It is often the case that the supply chain has weaker security measures when compared to other targeted organizations.
Around 90-95% of all shipped goods at some stage travel by sea. This makes the global maritime industry the world’s single largest and most important supply chain. Successful cyberattacks against the maritime supply chain would have the potential to damage individual companies, national finances, and even the global economy (https://bit.ly/3nI2uIi).
5. Insider Threats
Insider threats can be either intentional or unintentional. However, they pose a significant risk to organizations because insiders have access to sensitive and confidential information, data and systems.
In a recent Europol report entitled Criminal Networks in EU Ports: Risks and Challenges for Law Enforcement (https://bit.ly/41hei1X), the investigators acknowledged that access to seaport data and internal knowledge is essential, and that corruption is the main enabler to infiltrate ports and logistics chains – i.e., having an “insider” is best for criminal effectiveness.
Criminal networks can and do infiltrate ports by corrupting employees/vendors/contractors with access to sensitive port information. For instance, criminals want to directly access those who are active in the port such as port workers, terminal operators, security, customs and police. They also want to access those employed in logistics companies, port authorities and semi-public and public authorities with access to port data systems. Also, criminals want to obtain information from third-party companies with privileged access to the port, such as truck drivers and maintenance personnel.
6. Social Engineering Attacks
Social engineering is an ancient means of fraud and theft – long before computers and digital systems were invented. Now, social engineering is used in emails and web pages in a more sophisticated manner. Hence, attackers are using social engineering techniques such as “pre-texting,” “baiting,” and quid pro quo to trick users into revealing sensitive or confidential information.
This is certainly a timely issue. In the May 7, 2023 issue of the Maritime Executive, an article entitled “Hackers Could Use ChatGPT to Infiltrate Vessels” (https://bit.ly/44HPyCI ) shows how the chatbot could be used to write a “…convincing and emotionally manipulative phishing email.” Clicking on such malicious emails and their links is dangerous. Hence, training your staff/vendors/contractors is an operational imperative to raise awareness of the threats posed by social engineering attacks and phishing emails.
7. Cloud Security Threats
As more organizations move their data and applications to the cloud, attackers are targeting cloud services and storage to gain unauthorized access to sensitive data.
In the Allianz Cyber Risk Trends 2022 report (https://bit.ly/3pldr2Y), the insurer highlights the emerging threats posed by the growing reliance on cloud services. Allianz continues to say that “such potential vulnerabilities mean that today a company’s cyber-security resilience is scrutinized by more parties than ever before, including global investors, meaning many firms now rank it as their major environmental, social and governance (ESG) risk concern.” Therefore, it is important that all maritime enterprises understand their risk profile in the cloud context and verify the integrity and security of their cloud providers. Be sure the data is safe, maintained in a confidential manner and its integrity is assured.
8. Internet-of-Things (IoT) Attacks
With the rise of IoT devices onboard ships and within the seaport infrastructure, attackers are targeting vulnerabilities in the devices which often have weaker security measures compared to traditional computing devices.
IoT devices are particularly vulnerable to network attacks such as data theft, phishing attacks, spoofing and denial of service (DDoS) attacks. As discussed above under nation-state attacks, Russian KILLNET tactics are being used against IoT devices and systems.
9. Ransomware Attacks
Ransomware is a type of malware that encrypts your data and hard drives. The attacker then demands payment in exchange for the decryption key. This type of attack has been used on the Port of Lisbon in 2022 and on multiple shipping lines in the past few years.
In November 2022, AP Møller-Maersk’s terminal in Guatemala was hit with ransomware. Fortunately, it was contained to the port and did not contaminate other APM assets.
10. Phishing Attacks
Phishing attacks have been around for a while. They are a form of social engineering. Unfortunately, they are still a major threat and often a precursor to a ransomware attack. Attackers use phishing attacks to trick users into providing sensitive information or clicking malicious links.
The New Jersey Cybersecurity & Communications Integration Cell has noted that phishing emails containing suspicious links to obtain unauthorized access are one of the most common attacks. After accessing an information system, the hacker can install keyloggers to capture logins and passwords and determine the identity of the individual workers, thus building a precise mapping of the status of the seaport or maritime enterprise.
Conclusion
Responding to cyber threats in the maritime sector requires a multi-layered approach that combines technical solutions with organizational and operational measures. Here are some best practices that can be implemented to improve cybersecurity in the maritime industry:
- Conduct risk assessments—identify and prioritize the assets and systems that are critical to the operation of the vessel or port and assess the likelihood and impact of potential cyber threats.
- Implement security measures—deploy security solutions such as firewalls, intrusion detection systems and antivirus software to detect and prevent cyberattacks.
- Train employees—educate crew members and shore-based staff on cybersecurity best practices, such as using strong passwords, avoiding phishing emails and reporting suspicious activity.
- Implement access controls—limit access to critical systems and data to authorized personnel only and enforce strong authentication mechanisms such as two-factor authentication.
- Develop incident response plans—establish procedures for detecting, containing and mitigating cyber-attacks. Conduct regular drills and exercises to ensure that the response plans are effective.
- Collaborate with industry partners—share information and best practices with other companies in the maritime industry and participate in cybersecurity working groups and initiatives.
- Stay informed—monitor cybersecurity threats and vulnerabilities and stay up to date on new-and-emerging technologies that can help to improve cybersecurity in the maritime sector.
By following these best practices, organizations in the maritime industry can reduce the risk of cyberattacks and better respond to any incidents that do occur.
Ernie Hayden, MIPM CISSP GICSP (Gold) PSP, is an industrial control systems cyber and physical security subject matter expert. He has extensive experience in industrial controls security, the power utility industry, critical infrastructure protection/information security, cybercrime and cyberwarfare. His email is ernie@erniehayden.com.