What is Cyber Security?
Cyber security means the body of technologies, processes and practices designed to protect networks, devices, programs and data from attack damage or unauthorised access. Cyber security may also be referred to as Information Technology security.
What type of cyber attacks could happen in the maritime industry :-
– Diverting funds to fraudulent accounts using e-mail spoofing.
– Changing a vessel’s direction by interfering with its GPS signal.
– Causing a floating oil platform to tilt to one side, thus forcing it to temporarily shut down.
– Infiltrating cyber systems in a port to locate specific containers loaded with illegal drugs to remove them from the port undetected.
– Infiltrating a shipping company’s computer systems to identify vessels with valuable cargoes and minimal onboard security, which led to the hijacking of at least one vessel.
Why shipping industry is Vulnerable to cyber attack :-
Cyber attack in maritime is rising due to increasing use of digital platforms. There is still second thoughts in the industry to take preventative measures, leaving shipowners and operators even more vulnerable to these attacks.
There are four factors plays in maritime industry, The first is automation, as machinery on vessels are increasing and they are controlled by software. The second is integration, on any given vessel there may be multiple systems connected together. The third factor is monitoring. The fourth factor is that all these systems are connected through the internet.
There are some reasons why the maritime industry is more suspectable to cyber attack than it might realise.
1. Increased use of computer service :
There are some companies also reports that the maritime sector is relying more heavily on computerised systems that aren’t equipped to fulfill the requirements of 21st Century threats. Ships and offshore units are getting more and more connected and are using more and more computer programs that connect with the internet and therefore increase their vulnerability. The systems like an open door looking ahead to hackers to walk through.
2. Crew are not trained in cyber security :
There is an increasing range of politically driven cyber attacks and espionage that crew members aren’t usually aware of or understanding of the full damage potential. Some of crew members feel confident in using new technology and some of them need more training on that, there’s a distinctive gap in seafarers’ understanding of cyber resilience and cyber security management. Majority of seafarers said that they are unaware of their employers’ cyber policies, and some thought the responsibility lies with the Master of the ship.
3. Lack of encryption :
In the shipping industry some of the companies, believes that the lack of any inbuilt encryption or authentication code in navigation systems is a problem. It implies that shipping industry may be seen as a soft target and this perception alone may be enough to provoke an attack.
Cyber hackers will benefit of this open system by making a non-existent vessel and assigning it static data cherish name, identifiers, flag, ship type, even speed and direction. This ‘ship spoofing’ means that it appears like a vessel is in a specific place, causing problems for automated systems that identify information and make inferences based on information collected from AIS.
4. It is expensive to safeguard against attacks :
Companies believe that cyber security preventative measures are expensive and do not really believe it’s always necessary. However, getting stricken by a cyber attack is way dearer. there’s the perception that obtaining hit by an attack is very unlikely and thus spending the money to get safe guard oneself is not always worth it.
Consequences of a Maritime Cyber Attack :-
There are some consequences of Maritime cyber attack, they are as follow :
– Business interruption.
– Ransom payments.
– Wire transfer fraud.
– Loss of reputation and bad publicity.
– Third party claims.
– Fines for breach of data protection and privacy laws.
Maritime Cyber Security Awareness :-
1. Your Satcom system should not be on the public internet :-
Most of the satellite providers offer a private IP address space, so hackers can’t reach to your satcom system as easily over the internet. It’s very easy to find out if your vessel terminals are public or not put the IP address in a browser and see if you can route to the terminal web interface from the public internet.
2. Change the manufacturers default password on your satcom system :-
This is most common problem, once the satellite terminal is installed, the installer does not change the default administrator passwords, leaving that to the operator. Default passwords are sometimes obvious and very easy to crack. The solution here is two-fold: create new password, and only share them with people that need to know.
3. Always update the software on your satcom system :-
Software updation is very important for cyber security. Cyber attack on Maersk Lines in 2017, the company lost an estimated US$300M because it had failed to update and patch its cyber security software. Part of onboard procedure should be to ensure software is updated every time the manufacturer publishes an update.
4. Separate your onboard bridge, engineroom, crew, wifi and business networks :-
If a device on your vessel is compromised by a virus or hackers, segregated network can help to ensure critical systems are kept safe. One key vulnerability comes from crew members personal computing devices. Unless the systems are segregated, personal devices can offer a route into a vessel navigation system. It would be wise to double-check to make absolutely certain that your onboard systems are segregated.
5. Secure USB ports on all the ships :-
Another threats introduce to your critical ship system is a USB stick or flash drive. As they migrate between computers, it is very easy for USB drives to pick up malware and cell phones too can carry malware. With cases of ECDIS and other systems being compromised by hackers and ransomware, USB ports on your critical systems consoles should be secured.
To prevent accidental introduction to malware to vessel systems, look down USB access. If critical systems can only be updated by USB, keep dedicated USB keys in a secure location that are used for nothing other this purpose. While this practice is not ideal,it is better than open USB access.
6. Check all onboard Wifi network and passwords :
Strong encryption, strong wifi passwords and strong wifi router admin passwords are must. Crew wifi must not connect to anything other than the internet for personal use. Any ship systems that use wifi MUST have raised security levels, including strong authentication measures.
7. Do not depend entirely on technology for safe navigation :
Officers of the watch must check navigational data coming from onboard technology against real world conditions. GPS can be spoofed, ECDIS positions can be manipulated and even synthetic radar can create false reports when hacked.
Whether it’s navigation, collision avoidance or loading, the human eye must be employed to ensure the situation outside the bridge reflects what the technology reports.
8. Teach your crew about cyber security :
Resources such as Be Cyber Aware At Sea – developed by a consortium of shipowners and maritime organisations – are great for raising awareness and helping your crew avoid inadvertently opening the vessel to cyber vulnerabilities. Regularly training crew in best practices is key to keeping a vessel from being compromised.
9. Ask for proof from your technology suppliers that they are cyber secure :
Ask your onboard technology suppliers for evidence of security accreditation’s such as ISO27001 or compliance with the NIST cyber security frameworks. A third-party audit of your supplier is another step you can take to check they are in compliance. Technology and services suppliers are more likely to take security measures if the market demands it.
10. Get a vessel security audit :
Some of the worst vessel vulnerabilities are the easiest to find and fix. Bear in mind that maritime security issues are often systemic: they don’t affect just one ship in your fleet, the same issue can affect them all.
Developing a security policy, following imo, ISO and/or nist frameworks is very important however it will take a long time for companies to implement, significantly where process and mindset changes are required.
Case Study :
In June 2017, A.P. Moller – Maersk fell victim to a major cyber-attack caused by the NotPetya malware, which also affected many organisations globally. As a result, Maersk’s operations in transport and logistics businesses were disrupted, leading to unwarranted impact.
The attack was reportedly created huge problems to the world’s biggest carrier of seaborne freight which transports about 15 per cent of global trade by containers. In particular, Maersk’s container ships stood still at sea and its 76 port terminals around the world ground to a halt. The recovery was fast, but within a brief period the organisation suffered financial losses up to USD300m covering, among other things, loss of revenue, IT restoration costs and extraordinary costs related to operations.
All began when an employee in Ukraine responded to an email which featuring the NotPetya Malware. The system affected and therefore operations practically had to be on hold until system’s restoration.
Although the incident was serious, the organization responded rapidly, under the supervision of CEO and top management team. A team of IT experts (including internal and external partners) mobilized to track, identify and remove malware from affected systems in order to put operations back in line, while at the same time, media handling was excellent with instant feedback to Maerks’s stakeholders about the situation.
In particular, the following actions were taken :
– Internal and external communications established: Maersk sent out daily updates detailing which ports were open and closed, which booking systems were running and more.
– A customer focused response established. Company’s front line personnel instructed to do all actions required for customers’ satisfaction, no matter the cost.
Eight days following the attack, Maersk managed to resume taking online bookings, although some terminals (eg. India) had to be handled manually.
In the aftermath of the cyber attack, Maersk seems to have adopted a new approach to cyber security. To further enhance cyber resilience, many immediate and long-term initiatives have been implemented and planned to secure the digital business, strengthen the IT infrastructure platform, enhance IT service continuity and recovery as well as reinforce business continuity plans. Also, cyber insurance has been purchased to mitigate some of the potentially negative financial impact of repeated successful cyber-attacks in the future. While in its Annual Report before the attack, the word ‘Cyber’ was recorded times, in its Annual Report in the end of 2017, ‘cyber’ can been found 39 times in the document! In addition, cyber risk has been included in the relevant matrix as a significant factor to be assessed.
What Lessons can you learn from Mearsk Cyber Attack?
1. Shut down your entire IT system :
As soon as the attack hit, Maersk reportedly shut down their entire IT system. We know that it is tempting to simply turn off just the infected terminal and continue operating on the remaining network.
2. Be protective in your communication :
How you deal with your external communications during a cyber-attack is critical. The worst thing you can do is shut your customers out whilst you try to figure out what is happening. Keep your initial communication vague. The situation will change rapidly over the first 24 hours, so it’s good to let things play out before you declare anything with certainty. Once you have a plan in place, issue updates on a regular basis. This will ensure customers know the problem is being dealt with.
3. Remain Calm :
Internally it may feel as though the end is nigh, but in your external communications, you must remain composed and measured. This will put your customers at ease and make sure they know you’re on top of the situation.
4. Address Internal Competencies :
After a cyber attack, there are always lessons to be learnt. Ultimately your customers will want to know what you’re going to do to prevent this happening again. Passing it off as ‘one of those things’ won’t cut it. Assess how the attack happened, what weaknesses you have in your network and what you’re going to change going forward.
5. Have a strong disaster recovery strategy in place :
Maersk refused to pay the ransom. Fortunately, they had a reliable disaster recovery strategy in place which allowed them to recover their data and bring the systems back online. Without a disaster recovery strategy, they would have had to play into the hands of the criminals and hope they were good to their word in returning their files.