How to tackle cybersecurity in maritime technology

How to tackle cybersecurity in maritime technology
How to tackle cybersecurity in maritime technology

How to tackle cybersecurity in maritime technology

Apr 14, 2022

The great advantages that come with digitalization for the maritime industry also come with the risk of vulnerabilities. More connectivity between systems means more linked devices that are open to hackers if they are not routinely secured, and safeguards reinforced. With increased automation – from digital ship compasses to the automatic identification system (AIS) which shares vectors with vessel traffic services (VTS) – cyberattacks on critical infrastructure are on the rise. Whether in the form of phishing, malware, or more serious infringements, the threat to shipping companies and the maritime sector as a whole cannot be ignored.

Most of the world’s trade goods travel by sea, meaning ports and ships are potential targets to disrupt the supply chain and the economy. At a time in global politics when weaknesses in international relations are being exposed and the possibility of conflict has increased, cyber risk management and maritime security are at the top of the agenda for many countries.

The international response to maritime cyberattacks

At the recent Hack the Port event in America, Cybersecurity and Infrastructure Security Agency Director, Jen Easterly, flagged the increased possibility of disruption in the U.S. maritime transportation sector via cyberattack. 

“Given the vital role of the industry, the importance of securing systems and functions that make up the maritime transportation sector cannot be overstated. That said, protecting the industry from cyber threats is really becoming increasingly complex, as connected and often unsecure control systems make maritime organizations a prime target for malicious actors. We expect these types of threat tactics to actually become increasingly prevalent over the next few years.” 

In 2017, malware which became known as Not Petya was identified as emanating from the Russian military. It was originally used in a cyberattack on Ukraine but found its way into the systems of American companies including global shipping giant, Maersk. This led to approximately $300 million in financial losses to the company and congestion in ports around the world.

In Europe there is a concerted effort to strengthen the EU’s role as a maritime security actor as part of the Strategic Compass project. The European Union Agency for Cybersecurity (ENISA) has been operational since 2004. Recently, the Agency’s new premises were opened in Athens by Greek Minister of Digital Governance, Kyriakos Pierrakakis, and European Commission Vice-President, Margaritis Schinas.

What guidance is available on cyber risk management?

The International Maritime Organization (IMO) offers useful information in its Guidelines on Maritime Cyber Risk Management. Other guides and standards that the IMO recommends include:

  • The Guidelines on Cyber Security Onboard Ships produced and supported by BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI.
  • ISO/IEC 27001 standard on information technology – Security techniques – Information security management systems – Requirements. Published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
  • United States National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework).

What are the systems at risk from cyberattack?

Attacks targeting maritime information systems are on the rise. In the first few months of the pandemic, attempted cyber-attacks increased by 400%. In the maritime sector, there are two major areas of technology susceptible to breaches of security. Cyber systems for ships and mobile units are classified as either information technology (standard information systems) or operational technology (operation and control systems).

Information technology (IT) deals with the processing of data and its systems are typically more established when it comes to implementing cyber security. Procedures, technology, and training can be applied using an information security management system (ISMS) onshore. If there’s a breach of IT systems, it can have a significant reputational and financial impact, because it will likely include the loss of confidential data. However, it doesn’t tend to impact the safe operation of ships and units.

Operational technology (OT), on the other hand, is newer, and cyber security options are still being developed. An attack on onboard OT systems is more critical and can jeopardize the safety of the vessel and the crew. In a worst-case scenario, hackers can override the controls and drive a ship off-course, stealing cargo, hijacking crew, or causing a crash.

The pressure on the maritime industry is high to build and operate cyber-secure ships and offshore units that protect these two areas which are crucial to functioning safely.

Recent cyberattacks are galvanizing the industry to respond

In August 2021, the Port of Houston defended against an attempted cyberattack. This attack prompted a Cybersecurity Advisory issued by the Federal Bureau of Investigation (FBI), United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA). 

The Advisory alerted organizations to bad actors who were attempting to exploit a newly discovered vulnerability in ManageEngine ADSelfService Plus, a password management service. This could allow attackers to access log-in credentials needed to seize the control network and override permissions. Luckily, no operational data or systems were impacted.

European oil port terminals were hit by what seemed like a coordinated attack in March 2022. The Amsterdam-Rotterdam-Antwerp oil trading hub was targeted and company IT systems were affected, meaning that the terminals couldn’t process barges. In Germany, both Oiltanking Deutschland GmbH and Mabanaft declared force majeure, the emergency legal clause used when a company can’t fulfill its supply contracts due to an unforeseeable event. An initial report from German security services identified that BlackCat ransomware was used in the cyberattack. BlackCat only emerged in November 2021 as a sophisticated software tool that allows hackers to seize control of target systems.

How can crews protect themselves from cybersecurity risks?

Regular audits and risk assessments should be carried out, as cybercriminals move fast in programming new malware and ransomware that vessels’ and ports’ software won’t be protected against unless it’s updated. 

Stakeholders should be routinely kept up-to-date of new risks and receive cybersecurity training using the industry’s latest protocols. 

Being mindful and vigilant of what information crew share about their work on sites like LinkedIn may seem over-cautious. However, as an example, social media sites such as Facebook have been used as an intelligence source by criminals in the Gulf of Aden according to CyberKeel. 

Vessels can implement a shipboard cybersecurity plan and brief all employees on the steps to be taken if a phishing or ransomware attack is detected. Familiarizing staff with social engineering and psychological manipulation is also key to the security of communication systems.

Knowledge is power with an MBA with Shipping Management

The cyber landscape of the maritime industry is becoming ever more complex. The digital transformation that we’re observing can revolutionize the sector, but understanding cyber risks is part of the due diligence required of digitization.

Find out how network segmentation can be a highly effective security technique or how ethical hackers can become allies and providers of the kind of IT support the maritime industry needs. Discover what else you could learn today with a 100% online MBA with Shipping Management from the Alba Graduate Business School, The American College Greece, and secure your career by reaching the next level of professionalism.

X