Shipping Cyber Incidents continued in 2019 and into 2020
Lars Jensen
Leading expert in the container shipping industry. Click "Follow Me" here on LinkedIn to stay updated
When I first got involved in maritime cyber security in 2014 with CyberKeel (now a part of Improsec) we approached a wide range of maritime companies to make them aware of the risk they were exposed to. The feedback was quite consistent. The shipping industry stakeholders mainly did not believe there was a threat. The risks we pointed out were seen as purely theoretical and dreamt up by consultants trying to create a market where there was no need for the product.
This led us to change the approach and focus on pointing out examples of incidents which had de facto taken place, rather than be theoretical about it. In our whitepaper from 2014 we provided an extensive listing of incidents which were indeed very real and had taken place in 2014 or earlier. These included a container line which lost all information and systems due to a cyber attack (yes, that did happen before. Maersk was not the first).
Now we are 6 years further down the line. In the meantime, we have had the emergence of the voluntary BIMCO cyber security guidelines which has now led to the IMO2021 rules where new maritime safety rules come into effect from January 2021. At that time, it becomes necessary to address cyber risks in the safety management systems on the vessels. This is incorporated into the ISM code and has to be addressed no later than the first annual verification of the company's Document of Compliance after 1 January 2021.
Some companies in the shipping industry have indeed increased their focus on maritime cyber security, whereas others as late as 2019 have stated at public conferences that they do not believe the cyber risk to be of material importance.
Hence there is a sense of deja vu. Are we really still at point where companies in the shipping industry do not believe the cyber threat is real?
From the perspective of Improsec we know the threat is real – we have been onboard vessels as well as inside the land-based systems. We have had to tell clients that what they thought was impossible was not only possible to do – it was even trivial to do. We have seen the aftermath of successful attacks.
Hence, in a repeat of what was done in 2014, what are some examples of what has happened in the past year?
Feb. 2019: successful malware attack on a vessel bound for the port of New York. The US Coast Guard described the campaign as “malicious software designed to disrupt shipboard computer systems “. They further stated that the response team sent to the vessel found the vessel to be operating without effective cybersecurity measures.
May and June 2019: Two cyber attacks on the Kuwait transportation and shipping industry. Attacker obtained backdoor access to the systems.
May 2019: Spoofing campaign targeting shipping companies purporting to originate from the port state control in the US
June and July 2019: Israeli ports of Ashdod and Haifa experienced problems in crane operations likely due to GPS tampering. A spokesperson from Haifa port attributed this to likely collateral damage from Russian activities not specifically directed at the port. Port attacks are clearly not unheard of as there were also successful attacks in the ports of Barcelona and San Diego in September 2018.
31 January 2020: A successful cyber-attack against Toll Logistics, a global top-50 shipping and logistics company, brought all operations to a standstill. The company needed to take 500 applications down which supported their operations across 25 countries.
The key conclusion is that the cyber risks in shipping are as real and present as ever. The risk of having your full operations brought to a standstill is genuine. The risk of having your ships rendered inoperative, or ineffective, is genuine.
Our experience from Improsec is that if you have never had your systems properly tested against a cyber-attack, you are unlikely to have good overview of your actual vulnerabilities. However, our experience is also that many of the vulnerabilities can alleviated if a proper plan is drawn up based on the actual vulnerabilities found, whereas a plan made only on the basis of assumptions is likely to miss the mark.
Alumno MBA en Vancouver Island University
4 年This is a real problem in the industry, i want to share with you a nice video about some other recent cases and the actual insurance gap on the matter... https://fullavantenews.com/video-cyber-attacks-in-the-maritime-industry/
(CITT)(CITLS) (M.Phil)) Commercial || Maritime & International Trade Expert || Master's Degree in Transport Planning & Mgt.|| Skilled in Supply Chain, Sales Leadership, Procurement & Business Analytics
4 年At least, now I can read something away from the COVID19--- am so glad. Thanks Lars for this insight on Cyber-security. My question is this: Do shipping lines now need to have cyber experts in-house to check for loopholes and secure their cyber space or are there vendors with expertise in shipping companies system. Also. In West Africa, we have seen increased cases of piracy due to increased port congestion, can Cyber security on-board aid in any way to proactive detect pirates whom hack into on-board intelligence for their operations?
Passionate Strategist | Leveraging Technology & Finance for Infrastructure, Maritime & Logistics | Driving Innovation in LatAm & Caribbean.
4 年And there are many more cases around the world!
Experienced Fast Track 100 Business Founder & Owner | Supply Chain Management | Board Advisor | Non executive Director | Investor
4 年Excellent article as always Lars. Let's not allow the CV virus to mask ongoing issues in the industry!