A Busy Few Months for Maritime Cybersecurity

(Left) The cover of Allianz’s 2023 Safety Shipping and Review document. Image: Allianz. (Middle) DNV’s Maritime Cyber Priority report. Image: DNV. (Right) The cover of the Coast Guard’s Cyber Trends and Insights in the Marine Environment report. Image: U.S. Coast Guard.

The late spring and early summer months have been busy for the maritime industry. Over the past few months there have been a series of reports issued by Allianz, DNV and the U.S. Coast Guard that examine trends and offer insights on maritime cyber and physical security that are likely of interest to Pacific Maritime readers.

Before we begin to detail these reports, let’s examine the ransomware attack at the Japanese Port of Nagoya on July 5.

Nagoya Port Ransomware Attack

On or about July 5, the Port of Nagoya was shut down by a ransomware incident infecting computers that manage and handle shipping containers. The type of ransomware infection, called LockBit, is attributed to Russian computer-hacking organizations. Wired Magazine reports that LockBit members all seem to be Russian-speaking and the supporting organization is allegedly based in Russia.

LockBit ransomware functions as a Ransomware-as-a-Service (RaaS) model. Here, affiliate hackers are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure.

The readers of this column may remember our earlier mention of a ransomware attack on the Port of Lisbon, Portugal in January. The same ransomware—possibly from the same Russian attackers—infected the port, with a ransom was demanded by the attackers.

The Port of Nagoya is one of the busiest seaports in the world and is a major export point for Toyota vehicles. The port handles about 10% of Japan’s international trade, roughly 178 million cargo tons and about two million containers each year, per 2021 data.

According to one report, the attackers accessed some port computers and deleted a substantial amount of data which impacted container loading/offloading activities for days.

Toyota said that it couldn’t load or unload auto parts due to the shutdown, adding that there was no disruption to its production. The logistics of shipping finished vehicles remained unaffected because those actions are managed using a different computer system.

According to CNN, this is the first reported ransomware attack on a Japanese seaport. 

For more guidance on ransomware and how best to protect your seaport, ships and company computer assets, visit https://www.cisa.gov/stopransomware where you can gather some actionable high-level advice on cyber defenses to enable. These include:

  • Backing up is the best bet: Maintain offline, encrypted backups of data and regularly test restoration of your backups.
  • Good cyber hygiene habits keep networks healthy: Conduct regular vulnerability scanning of your networks to identify and address vulnerabilities—especially those on internet-facing devices—to limit the attack surface.
  • Keep calm and patch on: Regularly patch and update software and operating systems.
  • When in doubt, report it out: Victims of ransomware should report to their respective federal law enforcement, and U.S. companies can request technical assistance by contacting the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
  • As has been discussed in previous issues of Pacific Maritime—and which will probably be discussed in future issues—ransomware is a big deal and can negatively impact business, shipboard and seaport operations. Be sure to train your teams and practice how to react during and following a ransomware attack at your facility.

And if you’re counting, some added cyber-attacks on seaports include the April distributed-denial-of-service attack on several ports in Canada, including Halifax, Montreal and Quebec.

Timely Report on Maritime Security

Three reports regarding maritime security issues in the past few months have come to my attention. They are:

These reports include some of the best and most succinct reviews of maritime cyber and physical security in the industry. They may be obtained for free and are worth your time to read and understand the threat environment faced by maritime organizations.

Allianz

The Allianz report is an “…annual review of trends and developments in shipping losses and safety.” Since Allianz is a property and casualty insurance provider, their focus is more on the physical losses incurred by the global maritime industry. However, this report does offer some perspectives relative to the cyber threat to shipping.

On page 8, in the section entitled “War and Crime,” the authors discuss the impacts of the Russian war in Ukraine on civilian shipping. Allianz observes that risks in the Black Sea can include harassment and diversion of shipping, electronic interference and cyber-attacks as well as the threat of floating mines.

The threat of Global Positioning System (GPS) jamming, Automatic Identification System (AIS) spoofing, communications jamming, electronic interference and cyber-attacks are considered high. Allianz notes, too, that “…shipping continues to fall victim to cyber-attacks with several ports, companies, and classification societies impacted by incidents in 2023.”

They highlight that most cyber-attacks have been shore-based—such as ransomware attacks against shipping companies’ database systems.

Allianz highlighted the fact that in a recent survey, about 43% of maritime professionals report their organization has been subject of a cyber-attack over a three-year period. Also, the survey showed that about 33% of organizations don’t conduct regular cybersecurity training and 38% don’t have a cyber-response plan.

The Allianz report is an excellent snapshot of current maritime security threats; however, there’s minimal guidance in the document for recommended actions to be taken by shipping and seaport executives.

U.S. Coast Guard

The U.S. Coast Guard (USCG) cyber trends report was officially issued in May and shares some of the specific trends and insights the Coast Guard Cyber Command has gathered through its partnerships with U.S. ports, facilities, vessel operators and all levels of government on some of the common vulnerabilities and potential threat vectors to the marine environment.

The report is a comprehensive review of the U.S. maritime cyber environment and shows trends and insights. It also offers some useful educational information in the appendices. For example, Appendix B offers a two-page review of the differences between Information Technology (IT), Operational Technology (OT) and Building Control Systems, how they work together and how they require strict network segmentation as part of good cyber hygiene.

The report highlights four key takeaways:

  • The number of cybersecurity deficiencies did not diminish between the 2021 trends report and the 2022 report.
  • Emerging technologies are introducing new attack vectors into the maritime environment. For instance, there’s a rapid increase in cloud-based environments and remote access solutions that can introduce new risks if not correctly implemented.
  • Opportunistic Cyber Criminals and Advanced Persistent Threats (APTs) continue to target the maritime environment. Cyber criminals are targeting maritime entities with phishing for information or by compromising systems with known, exploitable cyber vulnerabilities.
  • Timely information sharing is the most effective action to strengthen the U.S. maritime environment. The USCG did see an increase in voluntary reporting of cyber incidents in 2022; however, many organizations remain reluctant to report or share information with the USCG or other partners.

Finally, an especially useful and implementable section of the report is in Appendix H: Common Mitigations. Here, the report identifies eight common mitigations that should be part of any shipboard, seaport and maritime enterprise cyber security program. They include:

  • Password policies
  • Multi-factor authentication
  • Filtering network traffic
  • Privileged account management
  • Updating software
  • User training
  • User account management
  • Account-use policies (e.g., login attempt lockouts, specific login times, etc.)

Overall, this is a particularly useful primer for those trying to better understand the current maritime cyber threat and vulnerability environment and how they should react.

DNV

In June, DNV, one of the world’s leading classification societies, released its report, which draws on a survey of 801 maritime professionals, along with several in-depth interviews performed between March and April. The report was developed by DNV in conjunction with Financial Times company FT Longitude.

Even though the DNV report has the fewest pages of the three reports we cite, it has the highest density of actionable information for the maritime enterprise and executive leadership. This report should be given to each member of the corporate board of directors and leadership (along with the other reports) for study and discussion in order to better prepare for the cyber threat environment.

Conclusion

There continue to be cyber-attacks on seaports and maritime assets. That threat won’t go away and will probably become more challenging as the maritime systems are moved from analog to digital with increased interconnectivity.

Also, the challenge is exacerbated as maritime entities move to autonomous shipping operations which are a digital platform both on the ship and at the shore-based control center. It behooves maritime management, seaport executives and seafarers to become more adept at cybersecurity and fluent in ways to ensure it is effective.

Should you have any questions or comments on this article or have suggestions for future cyber/physical security topics for this column, please contact Ernie Hayden at ernie@erniehayden.com.