Cyber security threats have grown in reach and complexity. … With multifaceted vulnerabilities and cyber-attack scenarios (intended or unintended), the answer to cyber security lies in a multifaceted approach to manage risks.The National Security Agency (NSA) has brought to light several revelations in the recent years that have hinted at various international malware attacks. Despite this, ship owners and managers belonging to the maritime industry are still not treating as a top priority. While it is true that they are far from the biggest targets of cyber attacks, any attack has the potential to cause serious harm and should be protected against. Below, we present two examples of past cyber attacks on the maritime industry and the consequences thereafter.
Incidents of Maritime Cyber Security Breaching
1. The Port of Antwerp
A drug-smuggling gang hired hackers to breach the digital tracking systems of a ship and locate drug-filled containers. The smugglers were then able to dispatch their own drivers and retrieve these containers by sending then ahead of the scheduled collection time.
Fortunately, the severity of the situation was easily seen and with due cooperation, the authorities shut down the smuggling ring within 2 years. Although the maritime companies involved did not suffer any lasting damage, according to security experts, the damage could have been far greater and the companies were extremely fortunate. These criminals could have gained access to and manipulate a vessel’s AIS, giving the impression vessels were in false locations or making phantom structures or vessels appear. The damage could have easily been severe and irreparable.
2. The Hacking of a Drilling Rig
Our second incident of breaching occurred when the maritime internet on a drilling rig was compromised and operations were forced to suspend. Furthermore, during this incident, hacker were able to eliminate an entire database of cargo information associated to a container line. All sorts of crucial information like container location, place of origin, and contents were removed from the system.
Although there have been a number of reported instance of cyberattacks in the maritime industry, there is a remarkable lack of transparency on the issues, as companies involved attempt to hush up their involvement. Thus far, neither the names of companies attacked have been reported, nor have companies come forward with information about the attacks. To date, we are still unsure who has been affected. Of course, this is to be expected as news of cyberattacks related to a company can severely affect trust in their brands. However, this lack of transparency severely hampers attempts to help secure the industry from future attacks.
What Should Maritime Industry Companies Do?
Ultimately, whether a company name gets exposed or not might not be as important as a leak of confidential information from a hacking. Protecting one’s self and one’s customers must take precedent over all else. Therefore, although maritime internet security is not traditionally a sexy issue, it needs to be discussed out in the open and acted upon. The following are some of the preventive measures that concerned companies, ship owners, and managers should take:
- Raise awareness of the cyberattack issues at the executive level
- Adopt good “cyber hygiene” in order to dissuade opportunistic attacks
- Prevent accidental security compromises, develop and implement proper IT policies and maintain a top-down approach
- Regularly backup data
- Maintain strong user access controls
- Set strong network access controls
- Update all software constantly
- Train employees to recognize cyberattacks and seek immediate support to prevent losses
- Develop strong policies regarding external computer storage, such as USB memory sticks and other external drives.
Though few and simple, most companies do not maintain these kinds of cyber policies, though just these would be extremely effective in securing maritime networks from cyber attacks. Often, many attacks and opportunities arise from human error and poor standard procedures on that lead to lapses in judgement. These few simple rules may make ultimately make the difference to your company in the future.