Cybersecurity in the maritime sector and shipping industry are becoming an increasing issue. In this article, we will describe the threat landscape and the cybersecurity challenges in the maritime sector, we will describe the type of cyber attacks and we will provide suggestions for companies to reduce their risk. Stay tuned!
The Maritime Sector in the Internet Era
Today, in the era of digitalization, the maritime industry also realized the added value of employing Information Technology (and Operational Technology – OT also) during operations. Moving at a fast pace, many companies related to maritime are struggling to catch the fast-moving train. But with these trends, there are some drawbacks also. Many of the services, systems, and equipment were designed years ago with the mindset of not being connected to insecure networks. Also and more important, the personnel behind these services is not always well trained concerning the dangers behind these new technologies. The result is that during the ten last years some very important cybersecurity-related incidents happened, like the infamous 2017 Maersk ransomware attack resulting in at least 200 million dollars cost to recover their systems. These incidents had a severe impact on the companies that fell victims and have alerted maritime companies concerning the need to develop a security-oriented mindset and adopt the appropriate crisis management tools.
The importance of a coordinated set of actions to mitigate these issues was also realized by the International Maritime Organization (IMO), who advised shipowners and operators to incorporate cyber risk into ships’ safety management systems by January of 2021!
Cyber Risks and Side Effects
The cyber and information security risks related to the maritime sector are numerous, but the most important is the lack of timely response to technical vulnerabilities because a technology gap is identified between the IT on ships and land-based systems. Land-based systems are usually better updated than the equivalent ship-based systems, which are more susceptible to cyberattacks. Also, usually there is no process in place for upgrades because there is a risk if the upgrading process of OT equipment does not match the standards associated with IT technologies. Finally, the potential consequences of a targeted attack on databases and registers based on older technology are lack of data integrity, loss of reputation, and potential financial loss.
This problematic situation leads to a number of side effects for the company or even a country that is responsible for the operation of a port, such as:
- inadvertently or unintentionally exposing sensitive systems, applications, or data to unauthorized users
- emergency failures resulting in the failure of critical systems or procedures
- ecological disaster
- National Security issues
- economic implications
Assets and Threats
But when we are referring to assets in the maritime sector, what actually do we mean? The answer may be easier in IT, but when we have also OT systems, the term assets is becoming very broad.
In the maritime sector, the organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunication systems, and the transmitted, processed, and/or stored data and information in the cyber environment.
On a ship, computer-based systems include computing devices such as PCs and laptops, tablets, servers, and networking components such as routers and switches, and business technology devices ( control systems, sensors, actuators, radar, etc.).
The loss or compromise of one or more of these assets has the potential to affect:
- the health and safety of staff and other persons affected by the activities undertaken and to whom the duty of care is due
- the ship’s ability to operate safely and not endanger other ships, naval structures, or the environment
- the speed and efficiency with which the ship can operate.
The effects in the cyber domain when a component is under attack can be divided into six categories :
Degrade – e.g. impact on the ship’s speed or flexibility, the ability to accurately navigate or accurately monitor the local environment until the ship’s ability to operate is significantly reduced.
Deny – e.g. inability to access ship systems or information/data for reasons such as extortion for financial gain or physical assault on the ship for reasons of abduction and ransom.
Delay – e.g. delay in the timely operation of the ship or ship subsystems, so that the defective operation affects operational operations or incurs fines.
Deter – e.g. the impact of the activity on certain companies from the world’s oceans, which are active or have access to specific markets from a commercial point of view.
Detect – e.g. tracking people, cargo, or ship positions and tracking them so that cargo theft can be planned.
Distract – e.g. the ability to change the state of a sensor so that it does not provide correct data when transferring information/data.
In general, there are two categories of cyberattacks, which can affect states, companies, or ships:
- non-targeted attacks, where systems and data of a company or a ship are part of generalized attacks
- targeted attacks, where systems or data of the company or ship are the intended targets.
Non-targeted attacks use tools and techniques available on the Internet, which are used to identify, detect and exploit known vulnerabilities that may also exist on the company and onboard. Examples of tools and techniques are:
- Malware – Malicious software designed to access or damage a computer without the knowledge of the owner. There are various types of malware such as trojans, ransomware, spyware, viruses, and worms. Ransomware encrypts system data until a ransom is found
- Phishing – Sending emails to a large number of potential targets requesting sensitive or confidential information
- Waterholing – Creating a fake website or infringing on a real one to exploit visitors
- Scanning – Scanning multiple services to detect vulnerabilities
Targeted attacks are more specialized and special tools and techniques are used to target a company or a ship. Examples of tools and techniques include:
- Social engineering – A non-technical method used by potential cyber attackers to manipulate individuals to circumvent security procedures
- Brute force – An attack that tries many passwords in the hope of finally guessing correctly
- Denial of Service – Prevents legitimate and authorized users from accessing information
- Spear-phishing – Like phishing, but individuals are specifically targeted with personal emails or SMS that have been created exclusively for them with even higher success rates. A common goal is the senior executives of a company
- Supply chain attacks – Attack on a company or ship with breach of equipment, software, or support services delivered to the company or ship
Mitigating cyber risk in the maritime sector is not easy or straightforward. First of all, everyone involved must understand the risks and dangers of interconnected systems and the fact that everyone can become a victim of cyberattacks. From policies to organizational practices and eventually, to technical measures, everyone has to change their mentality and become aware that the new era not only brings added functionality. Until then, cyber-related incidents will rise and many companies will try to hide them in order not to harm their reputation…
According to recent estimations, cyber-attacks have been increased by 900% in the maritime sector during a period of three years. In Logstail we are offering the full range of services required to effectively mitigate cyber-attacks in the maritime sector. Incident response and consulting, penetration testing, and red team operations, are altogether aiming to help our customers mitigate their cyber incidents.
And on top of these, we offer to our customers our brand new platform! Our cloud-hosted solution with advanced features brings the functionality of centralized monitoring to your hands. Convert your data into actionable insights and maximize the performance of your infrastructure or be notified of potential problems and take the appropriate actions. Sign-up for a free demo in order to realize the power of Logstail!