The maritime and broader logistics industries have, until recently, been viewed as relatively “low risk” from a cyber threat perspective in comparison to finance, insurance and manufacturing industries due, in part, to their cautious adoption of technology. Like in many other industries, however, organisations within the maritime sector are increasingly becoming “digitised” as technological solutions improve efficiencies.
Integrated digital systems are now revolutionising the way in which mobile assets (vessels, containers and offshore platforms) operate and interact while at sea, but also the way they interact with fixed assets (port infrastructure and fixed pipelines) on land. The culmination of this revolution is embodied by the plan to launch fully autonomous vessels in the next 12 months. Today’s reality is that maritime industries now use vast quantities of electronically-stored and transmitted data and, because of this, cyber criminals will increasingly view the sector as a lucrative target.
There have been a number of high-profile attacks that demonstrate the potential for disruption to the maritime sector as a result of cyber attacks. In June this year, a container ship operator was subjected to a malware attack that forced the company to suspend its online platform from taking orders for six days. The company’s port operator was also subjected to a ransomware attack which encrypted the hard drives of computers at more than 15 terminals across the US, Asia and Europe. This forced the company to re-route a number of their ships from their original destination ports. The company estimated that the attack likely cost it US$300 million in lost revenue.
Similarly, in 2011 hackers remotely accessed the Port of Antwerp’s network by sending “Trojan Horse” viruses, malicious programmes disguised as legitimate software, to the port’s staff. This resulted in the port’s IT system being infected, as well as key-logging devices being installed to capture the passwords of port employees. The criminal enterprise then used the port network to identify containers in which they had hidden illegal goods so that they could remove them before they were found by the authorities. This compromise to the port’s systems remained undetected for two years.
Although the two examples above demonstrate the current “reality” of the cyber threat, they by no means capture the full potential of the disruption that cyber risk could inflict on the industry at large. Increasingly the implications of any cyber attack extend well beyond the single asset that may be subject to operational compromise. There is growing concern over what “could” happen if hackers were able to compromise the automatic identification system or GPS system of a vessel, as the resulting collisions and/or wreckage could lead to devastating financial, environmental and operational consequences. These risks would be particularly pronounced in areas of strategic importance to the industry, such as the Panama and Suez canals, or along other congested shipping routes such as the Strait of Malacca or the English Channel. These areas of operation also happen to be the most vulnerable to (or desirable for) politically motivated cyber attacks.
Given that roughly 90 per cent of world trade is transported by sea, shipping and container operators are particularly vulnerable to ransomware attacks that encrypt key operational systems both onshore and offshore and impacts on their ability to deliver goods on time, or unload goods at the destination port. The recent attacks noted above should serve as a warning.
What both the real-life examples and the scenarios outlined above demonstrate is the co-dependency of organisations across maritime industries. A cyber vulnerability in one vessel, or across the operating system of one port service provider, could expose many others in the industry to significant operational risk. As such, risk can only truly be minimised by a concerted effort of the industry on the whole to raise cyber security standards.