The challenge of securing ships and ports is not new. The Jack Sparrows of the world long have been trying to hijack ships, steal their cargo and misdirect the vessels onto the rocks, so pirates can harvest the booty that floats onto the beach.
However, with better technology on ships and in ports, and new vectors available for the attacks, the necessary actions to predict and prevent physical and cyber assaults to shipping companies and seaports are increasing.
There is more work to do to keep the buccaneers at bay, and there are new threats to consider in the maritime sector. Financial services company Allianz reports that security agencies are warning of heightened cyber risk with vessels in the Black Sea due to the war in Ukraine.
Shipping companies are facing the threats of GPS jamming, Automatic Identification System (AIS) spoofing, communications jamming and electronic interference. This is electronic warfare. Seaport and shipboard technologies are also increasing the opportunities for the bad guys to successfully break into electronic control systems.
For instance, the bridge systems on newer ships are at risk because of their increased needs for software updates and patches. As observed by Allianz, ports are increasingly reliant on technology that with an outage or cyberattack could effectively close a port.
One new attack vector to be aware of is “digital boarding” by pirates —especially in West Africa.
The more attentive the ship owner, crew and port operator are to the potential cyber threats, and to the vulnerabilities they need to mitigate, the better off all parties are.
I recently came across an interesting survey on the state of security in the maritime sector – “The Great Disconnect,” produced by Thetius, CyberOWL, HFW and HFW Consulting (https://bit.ly/3Qpl15t), and published in February 2022.
Here are some of the findings identified in the report:
- About 32% of organizations do not conduct regular cybersecurity training.
- Around 38% do not have a cyber-response plan.
- More than 25% of seafarers do not know what actions are required of them during a cyber incident.
- Less than half of maritime professionals (44%) reported that their organization has been the subject of a cyberattack in the last three years. Of these, 3% agreed to pay a ransom which averaged around $3.1M. On average, cyberattacks cost ship operators $182,000
- Two-thirds of industry professionals do not know whether their insurance covers cyberattacks.
- Only 55% of industry suppliers are asked by shipping companies to prove they have cyber risk management procedures in place.
- Within organizations, the more senior someone’s role, the less likely they are to be aware of a cyberattack.
- Around 54% of shipping companies spend less than $100,000 annually on cyber security management.
Seaport Cyber Securty Concerns
While the “Great Disconnect” report tends to emphasize cyber-security issues for ships, the Allianz Safety and Shipping 2022 report (https://bit.ly/3Qo8xLD) also discusses concerns about port cyber security. One quote of interest is from Allianz global Head of Marine Claims Régis Broudin, where he observes:
“Cyber risk is a major concern and we do see more and more incidents involving non-marine operations, such as (sea)ports. As the industry becomes more reliant on technology and automation, the potential for disruption from a cyber-attack or technical failure increases. And with the increased connectivity of ships, it is only a matter of time before it will also affect vessels.”
Transnational criminal organizations are also taking advantage of the soft cyber underbelly of seaports. “The Great Disconnect” highlighted a story from 2011, where hackers gained access to the Port of Antwerp’s terminal operating system and compromised a database containing precise locational information for each container within the port.
The criminals took advantage of this knowledge and smuggled narcotics in and out of Antwerp for at least two years by packing cocaine and heroin into legitimate containers of timber and bananas. The criminals were finally detected when they began to remove entire containers from the facility rather than just their hidden contraband.
In the October 2021 issue of Pacific Maritime, I wrote about ransomware and how it could ruin your whole day. Well seaports are no exception to this concern, and it is getting worse. The Allianz survey reported that companies such as Maersk, Mediterranean Shipping Co., COSCO and CMA CGM have all been targeted with ransomware.
In 2021 Swire Pacific Offshore, which operates a fleet of 50 vessels, became another victim of ransomware.
The ships were not affected, but there was a significant loss to the company and its workforce due to theft of employee passports, emails, payroll data, and banking information. (Thetius, et al, and Maritime Executive)
“The Great Disconnect” noted that “Ransomware exploits are comparatively simple to execute and can be either a bespoke design for a unique target or a software package bought on the dark web in the form of ransomware-as-a-service.
Ransomware is designed to encrypt computer systems and databases; when the ransom is paid, the affected systems are decrypted and released for use. Another more dangerous malware package is the “wiper.”
Wiper malware is designed to erase and destroy hard drives and files. This attack is indiscriminate and essentially forever. Russians have been using “wiper” malware extensively in Ukraine.
The message to the ship owner and operator as well as the seaport administrator is to recognize ransomware and “wiper” malware as substantial threats to their operations. You need to remain vigilant of cyber as well as physical threats.
Cyber security is not an area supported by common knowledge —especially among the maritime executives, managers and mariners. So, they are not expected to understand – or even recognize a cyber threat. Hence, here are some suggested actions for shipping companies and seaports to implement to protect their assets and long-term operations.
- Establish a dedicated cyber-security director/manager who covers both information technology and operational technology.
- Protect and monitor both IT and OT systems on ships, landside and seaport systems.
- Ensure shipboard management teams are informed of possible cyber threats even when they are underway.
- Have dedicated personnel to provide captains and managers with effective guidance (and procedures if necessary) to respond to cyber threats and attacks.
- Ship owners need to assert their responsibility for securing their onboard equipment and systems – supported by the IMO2021 Guidelines on Maritime Cyber Risk Management.
- Implement a cyber-incident response capability to include an incident response team, response training and periodic drills.
- Consider this your “fire department” to respond to cyber security events and incidents.
- Senior leaders should understand the decisions they will need to make during a cyberattack, including the limitations.
- Run your exercises and include every employee, from executive management all the way to deckhands.
- Complete a cyber-security audit – inventory IT and OT systems, assets, databases that if affected could risk the vessel/shipping company/seaport operations.
- Consider hiring a maritime cyber-security expert(s) to perform this audit. A company like Applied Risk (https://applied-risk.com/) or DNV (https://www.dnv.com/) may be able to perform the audit/assessment due to their experience in the maritime industry.
- Understand the dependencies between OT and IT systems used for navigation, engineering or cargo operations.
- When the audit is complete, understand how you will protect, detect, respond and recover in the event of a cyberattack.
- Establish a program to ensure all software is up to date – including shipboard, seaport and enterprise IT and OT systems.
- This should be overseen by your newly established cyber-security directorate.
- Develop and Implement minimum-seecurity standards for your suppliers and partners.
- Require your suppliers and partners to demonstrate they have cyber-risk management procedures in place including incident response, software patching, etc.
- Establish a protocol for your suppliers and partners to support your company in the event of a cyber incident involving their equipment and systems.
- Work with your risk director and conduct a review of insurance policies and their cyber-risk coverage.
- Identify specific guidance on ransomware payments and consider preparing a corporate policy on when/if ransoms are paid.
- Check if you have adequate cyber insurance. Work with your insurance provider to identify gaps and excessive coverage.
- Train your employees. Ensure that employees, vendors and contractors are cyber-aware and trained to be wary of phishing emails, dangerous/questionable links, etc.
- Anyone touching your shipboard/enterprise computers is your first line of defense. The more they are aware of the attack vectors, the more protected you and your ship and seaport are.
- There is a lot to do in the world of cyber security. Your best option is to get smart in this area and hire outside experts to help you not only now, but during any cyber events you encounter.