Malware – A Persistent Threat to the Maritime Industry

During the last several years, many industries have fallen victim to cyber-attacks, and the maritime industry is not immune.  Consider the following recent news reports:  In 2017, the largest container shipping company in the world, A.P. MØller-Maersk, fell victim to NotPetya, a type of destructive malware, that required the installation of 4,000 new servers, 45,000 new PCs and 2,500 applications, costing the organization between $250 million and $300 million.  In the summer of 2018, the shipping giant COSCO announced it was hit with a ransomware attack affecting its U.S. shoreside operations. In the fall of 2018, Austal, the Australian ferry and defense shipbuilder, fell victim to a cyberattack and extortion attempt.  In March of this year, one of the world’s largest aluminum producers, Norsk Hydro ASA, fell victim to the LockerGoga ransomware, causing the company to switch to increased manual operations for a time.    

The maritime industry is vulnerable

Malware is a type of malicious software that is designed to disrupt, damage, or gain unauthorized access to a computer system.  Types of malware include viruses, worms, trojans, spyware, and ransomware. Whether launched by cyber criminals, cyber terrorists, insiders, or foreign states, the maritime industry is vulnerable to attack.  As the move towards automation, interconnectivity, and reliance on cyber systems increases, so do the vulnerabilities of the industry. 

Malware attacks can impact not only individual shipping companies, as described above, but ports as well, such as the ransomware attack that occurred last year on the Port of San Diego.  These attacks can be delivered as a result of social engineering through phishing emails that are designed to get the email recipient to click on a link, or through network security vulnerabilities, as alleged in the case of the ransomware attack on the Port of San Diego.

Individual ships can also be vulnerable to malware attack.  With the expansion of operational technology (OT), integrated with information technology (IT), and linked to the internet, ship systems present increasing vulnerabilities. Whether through vulnerable outdated and unpatched software systems or the widespread use of unsecure flash drives and other personal devices connected to ship computers, malware can be introduced into a ship’s systems, and from there, quickly carried to shore-based networks where it can do further damage.

Take protective measures

Publications such as The International Maritime Organization’s (IMO) “Guidelines on Maritime Cyber Risk Management” (MSC-FAL.1/Circ.3 (2017)), the United States National Institute of Standards and Technology’s (NIST) “Framework for Improving Critical Infrastructure Cybersecurity” and the recent “Guidelines on Cyber Security Onboard Ships” published in 2018 by industry associations, provide overall guidance on addressing a host of cyber security issues.  The following are some specific measures maritime businesses can take to reduce their risk of becoming infected by malware:

• Keep all software and systems up to date with the latest versions to ensure all known vulnerabilities are patched.
• Install and update reliable anti-malware software on systems
• Prepare and implement a comprehensive information security program consistent with a recognized standard, such as the NIST standards.
• Prepare and practice a robust and effective disaster recovery and business continuity plan, in the event the organization falls victim to malware.
• Backup all data regularly.
• Limit access to network systems based on user roles.
• Secure all networks and firewalls, including closing unused ports and securing routers, to prevent unauthorized access.
• Monitor and limit the use of external media, such as USB drives and other devices consistent with a comprehensive information security policy that includes a “bring your own device” (BYOD) policy. Ideally, removable media should only be utilized if it has been properly scanned for malware.
• Train employees on threat awareness such as learning how to recognize phishing attacks and social engineering techniques as well as internet safety to reduce the likelihood of phishing attacks or accessing compromised websites. There are numerous training software packages available to test effectiveness of these training efforts.
• Establish and enforce a remote access policy addressing use of both organizational and personal devices.
• Validate all software prior to installation.
• Consider purchasing appropriate cyber liability insurance to mitigate any damages.

While no counter-measures can completely eliminate the risk of being infected by malware, implementing these best-practices can help reduce an organization’s overall risk of a significant threat to the maritime industry.

*This article was featured on Virginia Business Magazine on the April/May 2019 issue.