Categories: Consulting, Maritime

by peter


How Big a Problem is Maritime Cyber Security

Maritime cyber security is a problem that, despite getting increasing attention, is still a significant cause for concern. The size of the cyber security problem was recently highlighted, which accentuated the costs and potential impacts on reputation and ability to operate.

Allianz’s Risk Barometer

According to Allianz’s 2021 Risk Barometer report, companies face many problems. However, one that is perhaps even more troublesome than the others is that of cyber security, especially for the maritime sector.

There have been multiple stories in the media about the impact of cyber-attacks on shipping companies, ports and vessel owners and operators. The press has reported these attacks on many high-profile shipping companies and some of the world’s busiest ports. It is increasingly apparent that the maritime domain is not immune to attack.

In 2019 Allianz called cyber risk “a core concern for businesses in 2019 and beyond”, and they were not wrong. The issues for the maritime sector have increased by order of magnitude.

Indeed, this has been happening, and we are still seeing only the tip of this particular iceberg. We have recently observed the Chinese “ghost” fishing fleets, sometimes with over 100 vessels operating together, jam and fake AIS transmissions or turn them off altogether. We have also observed a remote attack over the internet where two container ships reported speed and course via AIS to be 199 knots and then performed doughnuts in the middle of the ocean.

Increasing Cyber Risks

Ransomware attacks or accidental IT outages often disrupt operations and services, costing hundreds of millions of dollars. 2018 was the watershed year of cyber activity, and now we are seeing a tipping point where ransomware attacks culminate after many months of work from dedicated and persistent attackers. Ransomware is now the most feared cyber threat, putting critical data and systems at risk. Costing some enterprises tens of millions of dollars in damage and ransoms paid.

Cybercrime now costs hundreds of billions of pounds a year, and the figure increases. Criminals are using increasingly innovative and inventive ways to steal data, commit fraud or extort money from companies and organisations. And there is a growing cyber threat targeting critical infrastructure providers. Stealing valuable data and trade secrets from companies or disabling their systems and holding them to ransom.

Cyber incidents are increasingly sparking litigation cases, including securities, supply chain, clients and consumer class actions. Data breaches or IT outages can generate significant third-party liabilities as affected customers or shareholders seek to recoup losses from companies.

Biggest Problems

It is a commonplace to describe cyber incidents and business interruptions in terms of attack size or largescale issues experienced. Yet it is the smaller-scale attacks that cause the most problems. These more minor attacks are more commonplace, laying the path for future, more in-depth attacks. That once often overlooked and ignored email phishing campaign dominates the global cybercrime arena. These attacks now provide for gaining that initial entry and vital first step and less to attempts to install the ransomware.

Issues such as ransomware and malicious cryptocurrency mining make the media headlines almost daily. However, the lower-level cyber-attacks are impacting the most, and the maritime sector is not immune.

A phishing campaign is where criminals attempt to trick victims via fake emails to have a user open an attachment and click a link. This action performed by the user is often the initial point of compromise, allowing the crims into the network. Once there, the criminals will bide their time, often for well over six months. They are using this time to escalate their privileges until they have the permissions equivalent to the administrator of the servers and network. Once there, the criminals will share sensitive or confidential information with external parties and probably encrypt the systems and hold the company to ransom. Businesses and organisations of all sizes continue to be targeted and successfully held to ransom via these phishing campaigns—many of these end up paying the ransom to recover their data. According to cyber security industry research by CyberEdge, only 19.4 per cent of businesses in 2018 paid the ransom, but this increased to 71.6 per cent last year, 2021. Despite the government’s and cybersecurity experts’ recommendations and pleas not to pay.

Integrated and Unprotected

Despite all of the work done by the cyber security industry, the modern, highly integrated shipboard systems remain poorly defended and pose substantial theoretical and real risks. More and more vessels rely on automation and remote monitoring of critical systems, including navigation equipment, that could be compromised if attacked or if a virus took hold. The majority of Operational Technology devices and systems deployed on vessels come from a Linux based operating system, and an attacker can exploit these devices reasonably easily once they access the OT network. During testing, we proved weaknesses in several Operational Technology devices onboard our test vessel, Linea. On more than one occasion, we could remotely interface with the propulsion management systems.

It is not all doom and gloom, however. Many steps have been taken within the maritime sector to address the issue. In 2021, the International Maritime Organization (IMO) issued guidelines on cyber security for vessels, which led to the start of audit and certification programs for cyber security onboard vessels. Organisations like BIMCO, the Cruise Line Industry Association (CLIA), International Chamber of Shipping (ICS), INTERCARGO, INTERTANKO, Oil Companies International Marine Forum (OCIMF) and the International Union of Marine Insurance (IUMI) have all helped to play a part in making the maritime sector more cyber resilient. More recently, we see IASME, in partnership with the UK’s National Cyber Security Centre, publish their “Maritime Cyber Baseline” program, which allows vessel owners to certify their vessels. It is through this scheme we audit and certify individual vessels for their Cyber Security.

Solving the Cyber Security Challenge

The most challenging aspect in dealing with maritime cyber issues is the marine regulations. Like pretty much all other laws, they struggle to stay abreast of the fast pace of cyber-crimes and threats. With the threat actors continually evolving, there needs to be a shift in mindset that must accompany regulations. Awareness of cyber threats is vital onboard ships and within shoreside facilities, but even more paramount is fixing identified issues.

Categories: Consulting, Maritime