Blog

One of the key components of global trade is also one of the most vulnerable to cyber security threats, which is why cyber security awareness is so important.

Global supply chains rely on the smooth running of shipping and ports, but maritime cybersecurity is too often a low priority.

Since the whole industry is reliant on a series of complex, ‘just in time’ supply chains, if an attack was successful,just one element is disrupted, it can have massive repercussions, with ripple effects for people around the world.

According to the United Nations Conference on Trade and Development (UNCTAD), over 80% of the volume of international trade in goods is carried by sea and that percentage is even higher for developing countries.   

Ports and shipping are becoming increasingly connected to the internet and that’s making them a tempting target for hackers, especially when much of the sector is simultaneously reliant on legacy technology that can be decades old. 

These disruptive cyberattacks against shipping and ports isn’t just theoretical, they’re already happening.

In 2017, shipping giant Maersk had to deal with a backlog at ports when it was hit as part of the global NotPetya cyberattack. The company had to reinstall thousands of servers and tens of thousands of PCs to get back up and running again. 

In 2021, a major cyberattack disrupted container operations at the South African port of Cape Town, restricting the movement of cargo until systems were restored.

Another example in 2021 that disrupted supply chains around the globe was when Ever Given, one of the largest container ships in existence, was grounded in the Suez Canal, blocking one of the world’s busiest shipping channels.

This forced many other ships to take much longer journeys around the Cape of Good Hope, severely delaying shipments of electronics, machinery, furniture, household goods, and more.

Both incidents, alongside the grounding of the Ever Given, demonstrate how disruption to shipping can have big consequences for the global supply chain, businesses and individuals. 

Despite this, the maritime industry remains underprepared for cyberattacks.

Kevin Jones, professor of computer science at the University of Plymouth and lead on the institution’s Maritime Cyber Threats Research Group says,”It’s a really big area measured in the trillions of dollars, but it’s also a bit sort of old guard in the sense of nothing happens, nothing changes very quickly.”

That sort of approach means that the industry has struggled to keep pace with cybersecurity threats, with legacy IT systems and a lack of visibility into networks making it a prime target for hackers, and that could have far-reaching consequences.

In a project alongside the Bank of England designed to test how insurance companies would react to such an incident.

Plymouth’s Maritime Cyber Threats Research Group developed a scenario where attackers secretly gain control of ship controls and use this to crash them into ports and cranes, damaging ships and infrastructure, and losing cargo.

In this fictional scenario, the attackers also threaten to cause further accidents, unless the five biggest shipping companies pay a ransom of $50 million each. In order to prevent further attacks, much of the world’s shipping stops for days, crippling the global supply chain.

It’s an imagined event, but one based on worst-case scenarios of what attackers could achieve by targeting an industry that is struggling to keep up with cybersecurity. The US Coast Guard Cyber Command has warned of a 68% rise of reported cyber incidents against the sector during the last year alone.

Part of the problem is the unusual nature of the operating environment: managing the technology on a vast container ship is a very different situation to sorting out the PCs in an office.

When a vessel can be on the oceans for weeks or months at a time, it’s not as if a full IT refresh can be made at short notice, and a lack of connectivity can make it difficult to download security patches and software updates, even critical ones.  

“The current state of the maritime industry from a cybersecurity point of view is pretty poor and that’s not solely down to owners and operators in the industry, it’s because of the complexity,” says Tom Scriven, principal consultant at cybersecurity company Mandiant, who previously spent eight years in the navy. 

There are the issues of legacy systems, but also of new ships coming online that have increased connectivity that brings new problems, such as a lack of segmentation across internal networks, an increased threat surface from third parties and suppliers, and customers connecting in and out.

All of these factors help to make maritime a prime target for hackers, with many different motives ranging from cyber espionage to general profiteering from cyber crime.  

Cyber criminals who are out for financial gain want to make as much money as they can, with as little effort as possible.

Targeting the maritime industry could provide them with a big payday due to the combination of old, insecure networks and the fact that port infrastructure is vital to so many industries.

However, it’s not just ports that could be disrupted by cyberattacks against the maritime industry. There’s also the possibility that by targeting the right systems, cyber criminals could provide ships out in the open seas with bad information, tamper with their GPS tracking or provide false warnings that could move ships off course.

An attack like this could either cause disruption, or direct them towards trouble, or even pirates who want to divert targets away from shipping lanes into less well-protected areas. This sort of disruption represents a very real threat, particularly in times of conflict.

We’ve already seen that GPS spoofing has been done, it’s happening and we just hope there isn’t collateral damage in a conflict between countries. The industry overall needs to realise we need to learn from this.

There are initiatives underway to help to improve cybersecurity across the sailing and shipping sectors, such as the International Maritime Organization’s maritime cyber-risk security program.

It aims to provide guidelines that allow ship manufacturers, shipping companies and ports to identify, analyse and assess cyber risks and mitigate them to an acceptable level to support safe and secure shipping. 

For the most part, these are guidelines, and with ships, the systems that power them and even Internet of Things-connected devices inside modern vessels all being produced in different countries with differing levels of regulation, it isn’t anywhere near being joined up.

That situation needs to change before things can improve. 

The industry overall needs to realize we must learn from this and it’s only a matter of time before somebody does come under attack, so what needs to be done is ensure the regulation requirements are implemented, especially in the critical parts of the industry that can have a lot more impact. 

No matter the industry, cybersecurity basics can go a long way to helping improve overall security.

Sophos Cyber Security Awareness Tips:

1. Multi-Factor Authentication (MFA): https://www.bvainc.com/2022/10/12/sophos-cyber-security-awareness-tip-1-multi-factor-mfa/
2.  Using Strong Passwords & Password Managers: https://www.bvainc.com/2022/10/17/sophos-cyber-security-awareness-tip-2-strong-passwords/
3. Updating Software: https://www.bvainc.com/2022/10/27/sophos-cyber-security-awareness-tip-3-updating-software/
4. Recognizing and Reporting Phishing: https://www.bvainc.com/2022/10/28/sophos-cyber-security-awareness-tip-4-phishing-awareness/

The nature of shipping means it’s more challenging to find the time to provide this support around information security when rushing cargo around the globe, but taking care of security is more beneficial in the long run than leaving it aside.  

It’s this sort of thing which the University of Plymouth’s Maritime Cyber Threats Research Group is discussing with vessel manufacturers as well as captains of ships.

Ultimately, they’re the people responsible for the security of the infrastructure once they’re out on the high seas. 

Basic cyber awareness done in a context-specific way makes a huge difference, along with establishing proper protocols.

Some of it is knowing when to do things like patching and when to replace a lot of it is knowing what your risk exposure is.

Hopefully, the attempts to direct attention to cybersecurity issues in the maritime sector encourage action, improving the resilience of an industry that’s of great importance, particularly for global supply chains.

Ultimately, if we don’t get this right, we all suffer, and it’s better for everyone if attacks can be prevented before they happen rather than needing to be dealt with after they’ve occurred.