‘Resilient Seas’ - Cyber Security threats to the maritime industry
20 January 2020
It’s 2020, and the technological advancements that defined the last decade are showing no signs of slowing down. Within the seemingly immutable world of maritime, an influx of tech start-ups and ventures are capitalising on these trends, driving change in everything from port logistics to navigation on the high seas. Along with other essential technologies, such as robotics and data analytics, the ability to connect systems and devices to the internet is driving innovation. However, with all progress comes new challenges and at the forefront of these challenges today is how to secure this new digital landscape.
Cyber security threats to the maritime industry
With the course set for a brave new world of maritime tech, traditional threats are changing in response. Piracy and smuggling of goods, people and weapons have long been challenges within the maritime industry and an increased reliance on port and ship technology provides new opportunities for malicious actors to exploit vulnerabilities, causing organised criminals to turn to the digital world. Cyberspace also provides a battlefield for nation states who may wish to target private companies or ports for geopolitical reasons. State sponsored cyber attacks are on the rise as they offer a covert method of attack, allowing nation states to blame public citizens for any impact on private companies.
To date, the majority of attacks recorded have been non-targeted malware and as a result most boards within the industry do not consider cyber security to be a top risk. Despite this, there are many potential attack vectors within the maritime industry which could be used to get a foothold in a network. Examples include targeting propulsion systems on board ships in order to disable a vessels’ ability to control its speed. GPS and AIS spoofing threaten the safety of both personnel and cargo if the crew cannot reliably determine their exact location. Additionally, due to multiple interconnected networks and systems at ports, there are avenues for threat actors to compromise or disrupt operational technology using indiscriminate attacks such as WannaCry, Petya and NotPetya which have previously affected the maritime industry.
Examples of how the maritime industry is being targeted
There are a number of real world examples of how these systems can be exploited for criminal gain within the industry. For example modern day pirates no longer need to roam the seas to find high value targets. Instead they employ ‘hackers for hire’ to specifically target shipping company’s networks and locate shipping routes and on-board cargo manifests. Once the CMS (Content Management System) is compromised, the exact container location of valuable cargo can be obtained. Armed with this intelligence, pirates can choose the point when the ship is closest to shore to attempt boarding and go directly to the containers location. This reduces the time spent on-board and greatly increases the profitability of such attacks.
Controlling the movement and location of shipping containers once at port is a key element for organised crime gangs. The port of Antwerp was targeted in 2011 again by ‘hackers for hire’. The gang maintained access to the system managing containers location whilst on shore for approximately two years. This allowed for the concealment of banned substances amongst legitimate cargo and prevented customs officials from searching for specific containers.
As the industry becomes increasingly interconnected, stakeholders need a plan for responding to cyber incidents in a proportionate and appropriate way. Additionally, from design to operation and their use of third parties, security due diligence should be at the forefront of board’s agendas when acquiring new businesses, systems or software in order to minimise the impact of allowing threat actors to compromise or disrupt their critical services. It might not yet be time to batten down the hatches, but organisations within the maritime industry should act sooner rather than later if they are to avoid a potentially devastating incident. Get in touch to understand how similar organisations are planning and taking action to embed security and resilience into their operations and how we may be able to support you in your ‘resilient journey’.