Cyber ​​hackers prowling ship controls threaten another big shock

In February 2019, a large container ship sailing to New York identified a cyber intrusion on board that surprised the US Coast Guard. Although the malware attack never controlled the vessel’s movement, authorities concluded that weak defenses exposed critical functions to “significant vulnerabilities”.

A maritime disaster did not occur that day, but an alert was raised over an emerging threat to global commerce: computer hacking capable of penetrating shipboard technology that replaces old methods of steering, propulsion , navigation and other key operations. Such leaps in hacking capabilities could cause huge economic damage, especially now when supply chains are already stressed by the pandemic and the war in Ukraine, experts including a senior custodian have said. -ribs.

“We’ve been lucky so far,” said Rick Tiene, vice president of Mission Secure Inc., a cybersecurity firm in Charlottesville, Virginia. “More and more incidents are occurring and hackers have a better understanding of what they can do once they have taken control of a working technology system. In the case of shipping – whether it’s the ports or the ships themselves – there’s an awful lot that could be done to harm both the network and the physical operations.

Rear Admiral Wayne Arguin, the coastguard’s deputy commander for prevention policy, said shipping faces similar cyber risks to other industries – it’s just that the stakes are much higher given that nearly 80% of world trade is carried out by sea. Although Arguin declined to put a figure on the frequency of break-in attempts, he said: “I’m very confident that daily networks are being tested, which really reinforces the need to have a plan.”

Anti-stress system

“A potential intentional attack could really stress the system and we’re definitely thinking about how to consolidate that,” Arguin said in an interview. “When you couple that with the sensitivity of supply chain disruptions, it can be devastating to the shipping system.”

This universe includes not only ship operators, but also port terminals and the thousands of logistical links of increasingly interconnected global supply chains.

BlueVoyant, a New York-based cyber defense platform that recently analyzed 20 well-known shipping companies, said progress has been made since 2021, but “there are more cyber defense actions the industry can take to make things more secure”. A broader survey of third-party cyber risks showed that 93% of respondents acknowledged having experienced direct breaches related to supply chain weaknesses, with the average number of intrusions rising from 2.7 in 2020 to 3.7 last year, according to Lorri Janssen-Anessi, director of BlueVoyant external cyber assessments.

Hackers have hit several major logistics operations already this year. Jawaharlal Nehru Port Trust, India’s busiest container port, suffered a ransomware attack in February. A targeted attack on Washington Inc.’s Expeditors International, a large freight forwarding company, crippled its systems for approximately three weeks and resulted in $60 million in expenses. Blume Global Inc., a Pleasanton, Calif.-based supply chain technology company, said in early May that a cyber incident temporarily rendered its asset management platform inaccessible.

“Vulnerable areas”

“You picked an industry that has a lot of vulnerable areas,” said Jennifer Bisceglie, CEO of Arlington, Va.-based Interos, a supply chain risk management firm.

The shipping industry is the backbone of global trade in goods, but when it comes to cyber vulnerabilities, its wide reach is an Achilles heel. The biggest companies are catching up and, after years of struggling to make money, now have the resources to invest in improved ship-to-shore technology.

Hapag-Lloyd AG, Germany’s largest shipping company, announced in April that it would become the first carrier to equip its entire container fleet with real-time tracking devices. Most major container lines use remote sensors for functions such as monitoring engine performance, maintaining cooling systems or opening a pump valve. Electronic charts and collision avoidance mapping can be updated ashore and shared remotely. Many new ships ordered during this peak profitability period will be equipped with greater online connectivity for shore operations.

Such advances add visibility and efficiency, but they also potentially make it easier for hackers to work, experts said.

“Vessels were quickly connected to the internet using satellite communications, but without all the other security checks necessary to be safe and secure at sea,” said Ken Munro, security specialist at Pen Test Partners, a cybersecurity company with clients in the maritime industry. . “So now maritime operators are frantically trying to reinstate those controls, but are struggling with decades-old equipment on board that can be very difficult to secure.”

To help guard against threats, the International Maritime Organization, a United Nations agency responsible for safety and security, issued guidelines that companies were supposed to adopt from 2021. Some analysts said these regulations had not had enough of the intended effect and led to a wide range of responses.

System patchwork

“Some have been very proactive and started working long before the regulations,” said Captain Rahul Khanna, global head of maritime risk advisory at Allianz Global Corporate & Specialty, a unit of the Munich-based financial services firm, Allianz SE. “On the other end of the spectrum, you had people who are aware and just doing the bare minimum to get the certificate on their records.”

Even modern ships have a patchwork of systems from different manufacturers that have taken cybersecurity to varying degrees of seriousness, said Andy Jones, the former head of information security at AP Moller-Maersk A/S. , the world’s number 2 container ship. “Some operators have taken this seriously, but with large fleets and vessels that are probably over 30 years old, this is a very heavy order.”

Jakob Larsen, maritime security specialist at Bimco, one of the world’s largest associations representing shipowners, defended the industry’s position on cyber protections as “relatively strong” and on par with other sectors. Although increased digitization brings “more and more attack surface,” he said, instances where operational controls have been hacked are rare and technically difficult to achieve.

“This idea that someone can take over a ship and do all kinds of things, when it might be technically possible for a really skilled hacker who has the time to do it, in reality it’s not really something we see,” Larsen said. “Theoretically, yes, it can happen and of course we have to constantly stay up to date with our defenses and watch out for new threats.”

“Huge under-reporting”

Khanna said there was “huge under-reporting” when ships are attacked and “those who say they weren’t just don’t know”.

There is consensus within industry and government that there needs to be more information sharing. “Everyone needs to be all in on this game and understand when there are vulnerabilities — getting this information out quickly is going to continue to help us close doors,” the Coast Guard’s Arguin said.

For some observers, a wake-up call about the stakes at stake came in March 2021, when the Ever Given – one of the world’s largest container ships – ran aground and blocked traffic in the channel. from Suez for almost a week. The crash, attributed in part to high winds, cut off much of Europe’s trade with Asia and upended supply chains for several weeks.

“The Suez incident made everyone realize that global supply chains are actually quite vulnerable,” Munro said. “It’s not that Suez was a hack – it wasn’t – but it so easily could have been.”

James V. Hayes