During the last several years, many industries have fallen victim to cyber-attacks, and the maritime industry is not immune. Consider the following recent news reports: In 2017, the largest container shipping company in the world, A.P. MØller-Maersk, fell victim to NotPetya, a type of destructive malware, that required the installation of 4,000 new servers, 45,000 new PCs and 2,500 applications, costing the organization between $250 million and $300 million. In the summer of 2018, the shipping giant COSCO announced it was hit with a ransomware attack affecting its U.S. shoreside operations. In the fall of 2018, Austal, the Australian ferry and defense shipbuilder, fell victim to a cyberattack and extortion attempt. In March of this year, one of the world’s largest aluminum producers, Norsk Hydro ASA, fell victim to the LockerGoga ransomware, causing the company to switch to increased manual operations for a time.
The maritime industry is vulnerable
Malware is a type of malicious software that is designed to disrupt, damage, or gain unauthorized access to a computer system. Types of malware include viruses, worms, trojans, spyware, and ransomware. Whether launched by cyber criminals, cyber terrorists, insiders, or foreign states, the maritime industry is vulnerable to attack. As the move towards automation, interconnectivity, and reliance on cyber systems increases, so do the vulnerabilities of the industry.
Malware attacks can impact not only individual shipping companies, as described above, but ports as well, such as the ransomware attack that occurred last year on the Port of San Diego. These attacks can be delivered as a result of social engineering through phishing emails that are designed to get the email recipient to click on a link, or through network security vulnerabilities, as alleged in the case of the ransomware attack on the Port of San Diego.
Individual ships can also be vulnerable to malware attack. With the expansion of operational technology (OT), integrated with information technology (IT), and linked to the internet, ship systems present increasing vulnerabilities. Whether through vulnerable outdated and unpatched software systems or the widespread use of unsecure flash drives and other personal devices connected to ship computers, malware can be introduced into a ship’s systems, and from there, quickly carried to shore-based networks where it can do further damage.
Take protective measures
Publications such as The International Maritime Organization’s (IMO) “Guidelines on Maritime Cyber Risk Management” (MSC-FAL.1/Circ.3 (2017)), the United States National Institute of Standards and Technology’s (NIST) “Framework for Improving Critical Infrastructure Cybersecurity” and the recent “Guidelines on Cyber Security Onboard Ships” published in 2018 by industry associations, provide overall guidance on addressing a host of cyber security issues. The following are some specific measures maritime businesses can take to reduce their risk of becoming infected by malware:
While no counter-measures can completely eliminate the risk of being infected by malware, implementing these best-practices can help reduce an organization’s overall risk of a significant threat to the maritime industry.
*This article was featured on Virginia Business Magazine on the April/May 2019 issue.