Ports and ships — the maritime industry — are vital points in the global supply chain for food, medicine, consumer goods, fuel and many other products. Most of the world’s globally traded goods travel by sea. That’s why maritime security is key for supply chain security. Meanwhile, maritime cybersecurity faces threats at multiple places, including ports, communications systems and ships themselves.

Potential cyber attacks on maritime infrastructure are familiar types: phishing, malware, social engineering, brute force, denial of service, ransomware and others. What’s different is the unique placement of the targets.

Ships Rely on Digital Tools

Ships often rely on digital tools to function, many of which are automated. Even ship compasses are digital and depend on a mix of gyroscopes and GPS. All these systems could be at risk for a digital attack. Dependence on GPS puts shipping at risk because attackers can spoof or jam GPS signals.

More than most industries, maritime infrastructure tends to be old and complicated, further hampering marine cybersecurity.

Is There an IT Worker on the Ship?

Another risk factor people don’t talk about enough is the absence of IT people on ships. A ship is like a building packed with computer systems, servers and electronics. Yet, out at sea, the crew is on their own in managing these systems and dealing with breaches.

A digital attack could control or shut down a ship or drive it off-course, causing a crash. Some ships have dangerous cargo, such as explosive fuel, in large quantities.

Ports are also heavily dependent upon complex digital network logistics management systems. Some of these systems track every container on every ship. In the past, attackers have been able to delay, erase the knowledge of, redirect and steal actual cargo. They could abuse access to data on the location of cargo in a ransomware attack, or lock records.

The most likely risk is that digital attacks, through any number of possible attack types, delay shipping. That costs millions or billions of dollars to shipping companies, ports or shipping customers.

Maritime Cybersecurity Attacks Increasing

Attacks targeting maritime information systems are on the rise. In the first few months of the pandemic, attempted cyber attacks rose by 400%. We can expect this trend to continue, with rising attacks on ships and ports.

Attackers targeted the Port of Houston this year in a suspected nation-state attack, an event that raised the urgency level of maritime security infrastructure. The port is 25 miles long and handles a quarter of a billion tons of cargo every year.

The attack involved a password management program that contained a formerly unknown vulnerability. The attackers exploited that to install malicious code that granted access to the networks, which they used to exfiltrate log-in credentials needed to control network access. Luckily, “no operational data or systems were impacted,” according to a statement issued by Port authorities.

How To Handle Maritime Cybersecurity Risks

The need to address maritime cybersecurity is urgent. Here are some general approaches for how to address it:

  • Pinpoint specific possible threats. Understand what cyber criminals and nation-state actors might want from an attack. Pay special attention to the risk of ransomware. Consider attacks that could shut down the flow of goods, take ports offline and bring ships off course. Run red-team exercises and hire ethical hackers to help find likely attack points and methods.
  • Identify digital vulnerabilities. Inventory all systems and figure out what are unpatched, unpatchable, legacy or problematic in any way from a cybersecurity perspective. Think through the implications of existing physical security, and figure out how unauthorized people could gain access to digital systems. Consider how rogue or disgruntled employees could threaten security.
  • Initiate a maritime cybersecurity action plan. Address all vulnerabilities correctly, by patching or replacing problematic systems. Work with managers, leaders and stakeholders to develop these plans, then brief all concerned on how to use the plans in the event of an attack.
  • Install smart detection tools. For example, network detection and response tools use artificial intelligence (AI) to find odd and potentially malicious behavior on maritime networks. Have your software working 24/7 to watch for possible emerging attacks.
  • Launch new crew and employee cybersecurity training programs. Focus on phishing attacks, physical security and social engineering.
  • Establish contingency or continuity plans. For each possible attack scenario, develop a detailed plan for running your business through it, and also what the recovery processes are.

A threat to maritime information systems is a threat to global trade. Therefore, supply chain cybersecurity is one of the world’s most urgent business priorities.

more from Incident Response

IBM to Acquire Randori, Transforming How Clients Manage Risk with Attack Surface Management

Organizations today are faced with defending a complex technology landscape — with cyberattacks targeted at constantly changing cloud, distributed, and on-premises environments. Often escaping security scans and periodic assessments, these changes represent windows of opportunities for attackers looking to bypass defenses. While there always have — and always will be — unknown risks, having a […]