Cyber attacks are one of the few certainties for the future of the maritime sector. But does the industry realise that, even today, the risk of suffering a costly and damaging cyber attack should be considered a when question, not an if? Should this realisation be more widespread? And how would attitudes to cyber security change as a result? This week, Thetius Technology Analyst Lauren Brunton takes a look at cyber security in shipping and asks, how can transparency level the odds for shipping companies and their trade partners against would-be attackers?
In a world where digital communication for many is the only means of contacting a loved one, 4th October 2021 highlighted the level of reliance we, perhaps unknowingly, place on technology. On this day, Facebook, as well as other Facebook-owned apps including Instagram and Whatsapp, seemingly vanished from the internet. In an outage that lasted over five hours, many of the 3.5 billion users around the world experienced losing their means to not only communicate with one another, but for many; a means of working and earning a living. Though (officially) not directly caused or linked to any form of cyber security breach, this instance is a stark example of the way we have integrated technology to such an extent that it’s an almost ubiquitous feature in our daily lives.
Digital communication is not only a feature in our personal lives but also a primary feature of many industries. The maritime industry is one that can attest to this, whilst also being able to highlight the direct link between cyber security risks that seem to come hand in hand with digital communications. Over recent years, attention has been placed on many instances in which technology has been exploited by nefarious agents and fringe interest groups to cause harm both operationally and financially to maritime businesses.
In 2017, ‘Not Petya’ , a sophisticated cyber attack, crippled Maersk’s IT network in just seven minutes. Observers at the time labelled it a ‘wakeup call’ for the world’s largest shipping company. The type of malicious software, or ‘malware’, used to bring down Maersk’s IT infrastructure is known as ‘ransomware’. This is a type of virus that locks access to data and demands a payment to unlock it – often an empty promise made by the hacker. This ransomware, which was hidden in a document used in the tax return filing system in Ukraine, brought down the company’s IT system including booking applications. The impact from this attack was immediate, with 49,000 laptops destroyed, 1,200 applications inaccessible, all fixed lines inoperable, and severe damage caused to the active directory. This attack caused serious negative implications for the company with losses of up to $300 million reported as a result.
‘Ransomware’ , though to a lesser extent than in the attack on Maersk, was responsible for the attack on COSCO (China Ocean Shipping) China’s largest carrier of containerised goods, in 2018. Initially affecting their North America business unit, the company experienced disruption to its local email and phone systems, starting with their Pier J terminal in Long Beach
This smaller scale hack disrupted services but COSCO responded quickly, isolating networks and forcing shutdowns of inter-business connections. However, after the event, it was revealed that the malicious code had spread to some of its systems in South America.
Later the same year, a cyber-based extortion attempt targeted Austal, an Australian Department of Defence shipbuilding company. The attack penetrated Austal’s data management system; raising fears of compromised national security. An unknown offender, after purchasing login details from the dark web, accessed and stole personal information as well as reportedly stealing copies of ships drawings and designs. Austal has insisted this content was not commercially sensitive and no security was compromised as a result of this attack. However, the severity of this attack and its potential wider implications only highlight further the increased nature of risk associated with cyber security breaches.
Following a calculated, three-month-long attack in 2019 on Norsk Hydro (a Norwegian aluminium and renewable energy company). ‘LockerGoga’ a form of ransomware saw hackers invade and breach an entire system affecting 35,000 employees across 40 countries by locking thousands of servers and PC’s. This unsuccessful extortion attempt, in which Norsk Hydro paid no ransom, was set in motion when an employee, whilst unaware of the future implications, opened an infected email from a trusted customer. Despite the immense loss in productivity and revenue (an estimated figure in the region of $71 million), Norsk Hydro set a new industry standard for the way in which they were transparent throughout. With the company focusing on transparency regarding the hack, they believe it could potentially expose and raise awareness of cyber security risks to help in curbing future threats for others.
In an interesting attack that, by coincidence happened just two days after a massive cyber security breach on CMA CGM’s database in September 2020, which saw their online customer systems unavailable for nearly two weeks. The International Maritime Organization (IMO) , a specialised agency of the United Nations, experienced service disruption. An attack in which a hacker overcame robust security measures that were already in place, resulting in the IMO website being unavailable for days.
This hacking incident, though not too severe operationally for the regulatory body, was considered to have been more harmful reputationally. Cyber security was a key focus for the IMO in 2020 with them preparing to issue new cybersecurity guidelines (Resolution MSC.428(98)), to encourage and promote shipping to step up their digital security measures.
The introduction of cyber risk management regulations within the industry couldn’t have been implemented at a more suitable time. With the occurrence of cyber attacks growing exponentially; According to Israeli cybersecurity firm Naval Dome, commented that there has been a massive 400% increase in attempted hacks since February 2020. Unsurprisingly, this is believed to be due to the industry having a greater reliance on technology as well as the rapid increase in remote working following the COVID-19 outbreak.
Changes in the way we now work due to COVID-19 has introduced a new area of vulnerability and poses a potential opportunity for further cyber security attack attempts. PC security software provider McAfee reported that external attacks on cloud accounts had recently increased 630%, with transport being one of the most targeted verticals.
Due to the increasing number of cyber attacks on prominent companies, the maritime industry’s awareness of cyber risks has understandably increased. However, the reporting of incidents is still quite uncommon, possibly due to fears of reputational damage. An increase in reporting of these events would be a step in the right direction towards mitigating and helping protect companies against further cyber attacks. The fear of reputational damage and delays to operations should not outweigh the transparency of beneficial data sharing within the industry.
The volume and nature of attacks being reported will assist in raising awareness, which in turn will hopefully increase levels of preparedness for any subsequent attempts. An area in which a UK-based, maritime-focused membership organisation the ‘CSO Alliance’ is promoting. In collaboration with Airbus, CSO Alliance is working on the creation of an anonymous reporting system for cyber incidents, in which anonymity will be maintained whilst encouraging organisations to feel more willing to disclose information. Due to be launched in October this year, this reporting system has the potential to make the sharing of information regarding these events more open, the industry as a whole will benefit, something we should all strive to see.
1. Navaldome.com. 2020. Naval Dome | News. [online] Available at: <https://www.navaldome.com/news.html> [Accessed 12 October 2021].
2.McAfee, 2020. Cloud Adoption and Risk Report- Work from home edition. [online] Santa Clara: McAfee. Available at: <https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cloud-adoption-and-risk-report-work-from-home-edition.pdf> [Accessed 11 October 2021].