The ongoing COVID-19 pandemic has challenged many aspects of maritime operations worldwide. In addition to the challenges relating to crew changes, maintenance , and surveys, the pandemic has also affected the volume of the merchandise trade across the globe, and influenced the value creation and economic capacity of the industry (UNCTAD 2020).
The maritime education and training (MET) industry, which forms the platform of skilled manpower supply for the maritime domain, is also facing an unprecedented challenge to ensure the continuity of the MET practices, and to cope with and adapt to the constraints imposed by the COVID-19 pandemic.
As the maritime industry’s reliance on computer-based systems increases, so do the cyber-attacks. From the almost-accidental NotPetya ransomware attack on Maersk, to the hacks of the ports of Barcelona and San Diego, cybercriminals are increasingly targeting the maritime industry.
Critical safety and security systems that rely on computers are an invitation and a challenge to cybercriminals. Old systems, out-of-date software, operating systems and firmware, and increased connectivity for remote monitoring present tempting targets for attackers.
What is a cyberattack?
Like physical attacks, cyberattackers have a variety of motivations and methods. For a script kiddie or amateur hacker, hacking may be a puzzle game or competition, while black-hat hackers and organised attackers aim for financial gain, cyber espionage, or ideological goals.
Cyber attacks are constantly evolving. Broadly speaking, they can attack either information technology (data on computer systems) or operational technology (computer-controlled physical systems) for one of four objectives:
- copy data
- modify data
- deny access to systems or data or
- take control of systems.
Data theft or alteration are hard to spot.
Would you notice if criminals sell – or change – your data?
Are pirates interested in your route planning data or your crew list?
Would you notice any unauthorized additions to your cargo manifest?
Ransomware, like the NotPetya attack on Maersk, is a growing problem. It encrypts the data on a computer, denying you access unless you pay a ransom. Denial-of-service attacks deny access to the data on a site by overloading the servers with requests.
These are a problem, but attacks on operational technology (OT) can cause greater physical damage. A hacker who controls a ship’s ballast system or loading computer could capsize the ship. Introducing errors in the hull stress monitoring system could break the ship in half. Do your crew plug mobile phones or USB devices into your critical systems?
What is cybersecurity?
To protect your people, systems and organization, you need to know and understand the threats and plan adequate security measures to counter them. Under Resolution MSC.428(98), the IMO encourages Administrations to ensure that cyber risks are appropriately addressed in safety management systems by the end of 2021.
In MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management, the IMO advocates a five-step risk-based approach to cybersecurity:
1. Identify your critical and vulnerable systems
Whether you’re a ship, a port, or a shipping company, your industrial control systems (ICS), human machine interfaces (HMI) and databases are tempting targets. According to Pen Test Partners, the main shipboard targets are physical security, communications, industrial control systems, loading and stability systems, ship and crew networks, navigation systems, and updating and remote administration systems.
2. Protect your systems
Even among the less technically inclined, basic cyber hygiene practices such as strong passwords, up-to-date anti-virus and firewall software, regular scans, software updates, and appropriate user privileges are becoming common knowledge. But it’s not enough just to protect the network. Network segmentation helps, but if an attacker gets into the network every individual system needs its own defense to slow or prevent the attack from spreading.
Your employees are your primary weakness – and your first line of defense. They’re the ones who will click a link in a phishing email, or plug an infected USB device into the network. They’re also the ones who will detect early warning signs of a cyber attack, or notice an unusual device plugged into the back of a computer. Training your crew and employees is critical, and the regular Phish and Ships newsletter is an effective way to get started.
3. Detect a cyber attack
The basic steps to detect a cyberattack are:
be aware of all devices connected to the ship systems and networks;
establish procedures to detect unusual activity on the ship or port systems; and
constantly scan the network for problems, including signs of physical tampering with network-connected devices.
Non-technical folk can check the company website for odd changes, monitor alerts, and use automated threat detection software. Professionals can monitor and review logs for suspicious activity, or set up honeypots to trap attackers.
4. Respond to the attack
Detecting a cyberattack isn’t enough – you have to know how to respond. Cybersecurity professionals can help you develop and implement a comprehensive response plan. Your response plan should identify the scale of the attack, assess the impact and limit the damage.
5. Recover from the attack
Backups are critical in recovering from a cyber attack. Data backups, system images and backup systems help to restore critical services. When creating your backup strategy, it’s important to ensure you isolate your backups, preferably off-site. This helps to prevent malware from corrupting your backups, or a fire in one location from destroying them completely.
Recovering from a cyber attack isn’t only about getting your systems up and running. If you don’t find out what happened and learn from it, it will happen again. Review your cyber risk assessment. Find out how the attacker gained access to your systems, and amend your risk mitigation strategies and procedures to prevent it from recurring.
How can cybersecurity companies help?