This blog was written by an independent guest blogger.
If you were asked to list out the top problems society has been facing in 2020, cyberattacks on the maritime industry might not be an obvious issue that would come to mind.
But the industry has seen a worrying trend in recent months, as a spike in cyberattacks that has left some of the biggest companies in the industry exposed. Specifically, both the fourth largest global shopping company and the International Maritime Organization (IMO) have been targeted in these attacks.
And while shipping companies might seem like an obscure target for hackers, in reality these attacks can tell us a lot about emerging trends in cybersecurity in general. In this article, we’ll take a deeper look at these recent attacks, and what they can tell us about new threats we are likely to face in the years to come.
A new type of cyberattack
At first glance, the fact that maritime cyber attacks have increased by 900% in three years might seem strange. Shipping companies have, after all, been around for centuries. Why the sudden spike? There are a number of factors at play – some technical, and some political.
First, the political. Back in May, with the pandemic raging and the first lockdown orders being put in place, you may have missed a very important piece of news. That month, Israel and Iran traded cyberattacks in a way that caught the attention of many analysts. This was because these attacks were unusually open, and seemed to indicate an increased willingness for states to attack not just their opponents’ military systems, but in an attempt to cause economic disruption as well.
Specifically, on May 9th of this year hackers went after the Shahid Rajaee Port’s computer systems near the Strait of Hormuz, which is the busiest harbor in Iran for maritime trade.
In this new world, it seems that ports, ships, and shipping companies have become a favorite target of cybercriminals. Some of these criminals are state-sponsored, with a corresponding level of technical support and resources.
Looked at another way, the increase in attacks against maritime companies can be seen as hackers merely having found a new, extremely vulnerable target. Hackers have been reticent to attack these companies because a successful attack risks far more than just the release of credit card information; attacks against ports and ships have the potential to be fatal. Up until now, this has meant that shipping companies have been relatively sheltered from cyberattacks.
This has led to the sector falling into a false sense of security, in which it has not prepared itself for the reality of cybersecurity in 2020. Few companies employ dedicated cyber security specialists, and even when they want to, the massive skills gap that exists means they are hard to find. For instance, recent research indicates that fully 79% of data analysts did not begin their career in data.
Companies in the sector are also not well primed to implement a rigorous organizational response to ransomware attacks, and have often not fully thought through their endpoint detection and response systems. Add to this situation the increased risks of disinformation, as well as an increased appetite for economically disruptive cyberattacks, and we have a recipe for disaster.
We must also give credit where it is due, though. The maritime sector, often characterized as a deeply conservative industry that is correspondingly slow to change, has begun a re-assessment of how it protects itself against hackers. The Atlantic Council, for instance, recently published an article in which cybersecurity experts shared their opinions on how the sector could be made more secure, and which stressed the importance of taking a holistic approach. Every part of the supply chain, from the servers used in port authorities to the IoT devices installed on ships, needs to be protected.
In order to do so, a range of devices and software solutions will need to be deployed. Some of these will be similar to those deployed in almost any large company today – hardened backup systems and managerial tools that measure a company’s exposure to risk, and the number of cyberattacks it defeats.
Protecting the maritime industry from cyberattacks may also require some more exotic solutions, though. In recent years, the sector has developed rapidly, deploying advanced IoT networks that monitor the movements of goods through supply chains, and make this data available to suppliers and buyers.
These technological advances have driven huge efficiency improvements in the industry, but they have also come with risks. Specifically, in many cases IoT and RFID devices now deployed to manage supply chains do not even possess the computational resources necessary to encrypt company data. This is one of the top security vulnerabilities that can exist in open-source based IoT networks in particular for criminals to exploit, in addition to having an insecure ecosystem interface and insecure network services.
For hackers, this kind of a situation is a dream come true. As shipping companies attempt to improve efficiency via deploying IoT devices, and improve data transparency by making these sensors available to their business partners, they are in fact multiplying the number of unsecured endpoints available as attack vectors.
For many CEOs in the maritime industry, the recent attacks will come as an abrupt wake up call. The days when the industry was relatively sheltered from cyberattacks have passed, and now it will need to learn the lessons that are already embedded in many other industries.
First and foremost, this re-alignment will involve managers and CEOs in the industry recognizing the value of the information they hold, and adopting a security-first attitude to sharing data throughout their supply networks. There will then need to be a concerted effort to improve mobile device security throughout the supply chains that the industry relies on.
These will be large, potentially expensive projects. But the cost of not undertaking them will be much higher.