Untargeted attacks

These attacks aim to exploit potential vulnerabilities in multiple companies or ships. They are not specific to any particular target and are typically carried out in a broader scope.

Untargeted attacks typically involve various methods aimed at compromising a ship's systems and data.

These can include social engineering tactics, phishing attempts, scanning for vulnerabilities, and deploying ransomware to disrupt operations and demand payment.

Targeted attacks

In contrast, targeted attacks are specifically directed at a particular company or ship. They are often more challenging to prevent or deter as they involve a focused effort to breach the defenses of a specific target.

Examples of targeted attacks include:

• Spear phishing, which involves personalized and deceptive emails to trick individuals into revealing sensitive information
• Distributed denial of service (DDoS) attacks that overload a ship's systems to disrupt its services
• Subverting the supply chain to introduce malicious components
• Compromise the integrity of critical systems

The existing vulnerabilities in IT systems onboard ships can be exploited by malicious actors, creating potential cyber threats that include:

1. Generating counterfeit "man-in-the-water" signals

By instigating false "man-in-the-water" signals, malicious actors seek to divert attention and resources from actual emergencies.

Resulting in potentially leading to delayed response times and hindering rescue operations when genuine distress situations occur.

2. Disseminating fabricated weather reports

The transmission of counterfeit weather reports can misguide ships, compromising their route planning and increasing the risk of collisions, groundings, and overall maritime safety hazards.

3. Attack on GPS and navigational technology

Attackers have been able to reroute vessels undetected by spoofing GPS signals, bypassing system safeguards and alarms designed to prevent such unauthorized actions.

During a recent incident in South Korea, the deliberate jamming of GPS signals disrupted the reception of over 1000 aircraft and 700 ships for a period exceeding one week.

This interference caused significant disruptions to navigation systems, leading to operational challenges and potential safety risks for the affected aircraft and vessels.

4. ECDIS receiving inaccurate sensor data

Security vulnerabilities have been identified in ECDIS software, revealing potential risks that could be exploited by attackers.

These flaws could enable unauthorized individuals to delete or reinstall system files and even inject malicious content into the ECDIS.

Consequently, manipulated sensor data can be transmitted to the ECDIS, compromising navigation judgments and potentially leading to collisions.

5. Failure of global navigation satellite system (GNSS)

The failure of GNSS can have far-reaching consequences, extending beyond the disruption of navigation systems alone but other ship systems, such as the Automatic Identification System (AIS).

Cyberattacks can lead to complete control of critical operations, enabling a broader range of attacks and motivations for intruders.

6. System disruption on radar

During a cyberattack, radar systems can be manipulated to produce false echoes, providing inaccurate information about nearby objects. This can lead to ship collision accidents as operators rely on this data for navigation.

7. Hacking into video surveillance systems (VSSs)

Video Surveillance Systems (VSSs) play a crucial role in monitoring and safeguarding critical ship operations from potential threats like terrorists and pirates.

Unfortunately, these systems are susceptible to buffer overflow vulnerabilities. Exploiting such vulnerabilities allows intruders to track camera activities, overwrite passwords, and potentially crash the VSS system.

Moreover, this vulnerability can serve as an entry point for further cyberattacks, posing a significant risk to ship security.

8. Data breaches

Malicious actors may steal sensitive information such as crew details, cargo manifests, or operational plans, leading to privacy breaches and financial losses.

A notable cybersecurity incident occurred recently, involving the French shipping company CMA CGM. The company became the target of a ransomware cyberattack that had significant consequences.

During the breach, hackers gained unauthorized access to the company's IT systems, compromising sensitive data and disrupting operations.

The attack resulted in a significant data breach, potentially exposing customer information, operational details, and business-sensitive data.

Maersk’s NotPetya incident

Maersk, a prominent shipping company, encountered a severe disruption to its business operations when the NotPetya malware infiltrated its systems in 2017.

The malware spread through an infected Ukrainian tax-preparation software called MeDoc. Maersk had to invest over $300 million in restoring its operations, which took approximately ten days to complete.

This significant expenditure was necessary to address the damage caused by the cyberattack and implement necessary repairs and remediation measures.

COSCO incident

COSCO Shipping Lines experienced a cyber attack that disrupted its internet connection at its offices in America in 2018.

The incident resulted in the malfunctioning of local email and network telephone systems. As a precautionary measure, the company opted to suspend its connections with other regions to conduct a thorough investigation.

Additionally, the cyber attack had an impact on COSCO's terminal operations at the Port of Long Beach.

MSC malware attack

Mediterranean Shipping Company (MSC) has experienced a malware attack, resulting in the disruption of its digital tools and website.

The incident specifically affected the company's data centers in Geneva, leading to a network outage. As a consequence, MSC's digital booking tool, myMSC, was temporarily unavailable.

However, the company's agents worldwide swiftly adapted to alternative methods to ensure a seamless cargo flow during the disruption, maintaining uninterrupted operations.

HMM Cyber Attacks

HMM, the national flagship carrier of South Korea, has recently experienced a cyber attack targeting its email server. This incident has significantly affected the company's email communication system.

HMM became the fifth container shipping company to face information security threats following a series of cyber attacks on other major shipping companies including CMA CGM, MSC, COSCO Shipping, and Maersk.

Safeguarding email systems and implementing comprehensive cybersecurity protocols are crucial for protecting sensitive information and ensuring the smooth functioning of operations in the maritime industry.

However, despite these concerning trends, the industry and its regulatory bodies have been relatively slow in adopting substantial and comprehensive measures for addressing these cybersecurity challenges.

This gradual response underscores the need for more proactive and systemic changes to safeguard the maritime industry against cyber threats.

1. Lack of encryption

The maritime industry relies on various networks to transmit data collected and processed by interconnected information systems. Networks like SHIPNET and SAFENET are commonly used.

These technologies are susceptible to security vulnerabilities due to inadequate attention given to authentication and encryption methods in the design and configuration of communication links.

Modern vessels incorporate computer systems with specialized hardware and software solutions to automate various functions such as navigation, propulsion, and fuel supply.

These systems offer real-time and dependable information to the crew, enhancing response times and reducing personnel expenses.

By providing a comprehensive view of the vessel's status, these computer systems optimize operations and contribute to improved efficiency and cost-effectiveness.

Outdated and potentially vulnerable systems are accessible on the internet. Additionally, the integration of shipboard IT systems with onshore facilities amplifies the risk of continuous and systematic threats.

The modern shipping industry's financial, legal, and remote monitoring requirements drive the need for IT systems and network connectivity.

However, these systems expand the attack surface for security teams to defend and create additional entry points that hackers could exploit.

2. Growing reliance on computer services

According to Marsh & McLennan Companies, the maritime sector is increasingly dependent on computerized systems that are ill-prepared to address the evolving threats of the 21st century.

According to Israeli cybersecurity consultancy Naval Dome, there was a significant surge in attempted hacks during the period between February and June 2020.

They reported a staggering 400% increase in these cyber attack attempts, which coincided with the maritime industry's increased reliance on technology and remote work practices due to the COVID-19 pandemic.

With the growing connectivity of ships and offshore units, as well as the utilization of numerous internet-connected computer programs, the vulnerability of these systems is expanding.

This heightened reliance on technology creates an open door for potential hackers, leaving the maritime industry susceptible to cyberattacks.

3. Crews lack of awareness and training in cyber security

A survey conducted by NSSLGlobal involving 571 crew members highlighted that 64% of them acknowledged their responsibility for the security of on-board IT systems.

However, the majority of maritime employers do not provide adequate support to help crew members understand the risks they face and how to effectively mitigate them.

Moreover, issues can arise with onboard equipment and hardware, particularly when not all crew members possess comprehensive knowledge of their operation during disruptions or emergencies.

This lack of familiarity and knowledge towards their operation can result in more severe consequences and hinder effective vessel operations.

The 'human factor' is widely recognized as the primary risk in cybersecurity at sea, with the majority of attacks targeting people rather than IT infrastructure.

According to research conducted by IBM, human error is identified as the root cause in 95% of cybersecurity breaches.

This means that if human error could be completely eliminated, it is estimated that 19 out of 20 cyber breaches could have been prevented.

4. Marine industry may exhibit complacency

The maritime industry can sometimes exhibit complacency when it comes to cybersecurity.

This complacency arises due to various factors such as lack of awareness, limited resources, and underestimation of the potential risks.

Peter Hinchliffe, Secretary General at the International Chamber of Shipping, acknowledges that the maritime industry is gradually realizing the importance of cybersecurity.

With the rapid advancement of technology in ships, there is a growing need for comprehensive guidelines and contingency plans to address the evolving cyber threats.

5. Costly to protect against cyberattacks

Many companies in the maritime industry perceive cybersecurity preventive measures as costly and unnecessary.

They often underestimate the likelihood of a cyber attack and, as a result, question the value of investing in safeguards.

HOWEVER…

The reality is that the financial consequences of a cyber attack can far outweigh the initial investment in cybersecurity. The potential damage to operations, reputation, and the potential for legal liabilities can be significant.

It is crucial for companies to understand that cybersecurity is not just an expense, but a strategic investment to protect their assets, maintain business continuity, and safeguard their reputation in the long run.

BUT wait…

What if there’s a better and cheaper solution for this issue?

Athena Dynamics Academy, launched by the reputable cyber security advisory company Athena Dynamics, is now offering an accessible online course that delves into various aspects of cybersecurity.

This course provides the opportunity to acquire valuable cybersecurity knowledge at your convenience, with the flexibility to learn anytime and anywhere.

Upon successful completion of the course, participants will receive a certificate of completion, showcasing their commitment to enhancing their cybersecurity skills.

Don't miss this chance to expand your cybersecurity expertise with Athena Dynamics' accessible and comprehensive online course!

Identify potential threats

Cyber risk in the maritime industry varies based on the company, ship, operation, and trade. Organizations should consider specific aspects of their operations that may increase vulnerability to cyber incidents.

Motives for exploiting vulnerabilities range from unintentional human error to deliberate malicious actions by disgruntled employees.

Understanding these risks and motivations is vital for implementing effective cybersecurity measures.

Identify vulnerabilities

To ensure cybersecurity in the shipping industry, it is advised for companies to conduct a thorough assessment of potential threats and evaluate the resilience of their systems and onboard procedures.

This assessment will help identify key risks and develop a strategy to mitigate them.

Standalone systems are generally less susceptible to external cyberattacks than those connected to uncontrolled networks or the Internet.

It is important to carefully consider the connections between critical onboard systems and uncontrolled networks to minimize vulnerabilities.

Evaluating the level of risk exposure

Senior management within a company should take the lead in conducting cyber risk assessments, rather than immediately delegating the task to specific individuals or departments.

Heightening cybersecurity and safety measures may impact standard business procedures and operations, requiring senior management to evaluate and make decisions regarding risk mitigation.

It is important to recognize that initiatives related to cyber risk management may extend beyond IT systems and involve business processes, training, vessel safety, and the overall organizational structure.

Additionally, efforts to enhance cyber awareness may necessitate changes in how the company interacts with customers, suppliers, and authorities, requiring senior management to determine the approach and drive these relationship changes.

Creating measures for protection and detection

The primary objective of a company's risk assessment and cybersecurity strategy is to minimize risk to a reasonable level.

This entails implementing necessary measures at a technical level to establish and uphold a predetermined level of cybersecurity.

Furthermore, it is essential to determine how cybersecurity will be managed onboard and to assign responsibilities to the master, responsible officers, and, when relevant, the company security officer.

By clearly defining these roles and responsibilities, the company can ensure effective cybersecurity management throughout its operations.

Formulating contingency and incident response (IR) plans

It is crucial to recognize that cyber incidents may persist if not properly addressed.

For instance, if malware infects the emergency chart display and information system (ECDIS), activating the backup ECDIS could lead to another cyber incident.

Therefore, it is recommended to have a well-defined plan for cleaning and restoring infected systems.

Disaster recovery (DR) plans should be an integral part of a comprehensive maritime security plan.

These plans encompass preserving cyber data for forensic purposes, as well as restoring and safeguarding operational technology (OT) processes and ship controls.

Regular exercises and updates of these plans, both at sea and on shore, are essential. It is important to involve any third-party system providers in the planning and execution of these exercises.

Any insights gained from past cyber incidents should be used to enhance response plans for all ships in the company's fleet, and consideration should be given to developing an information strategy for such incidents.

Improve employees' their understanding on cybersecurity

Indeed, there is a significant lack of awareness among workers regarding the importance of learning cybersecurity.

This lack of awareness contributes to the overall vulnerability of organizations and their systems to cyber threats. It is crucial to address this issue and emphasize the significance of cybersecurity education and training.

Organizations should take proactive measures to educate their employees about cybersecurity risks, best practices, and the potential impact of cyberattacks.

Training programs can help employees understand their role in maintaining a secure work environment, recognizing and reporting potential threats, and following cybersecurity protocols.