Container businesses remain extremely vulnerable to cyber-attack warns maritime analysts

Analysts have highlighted the ongoing threat of cyber-attack in the container shipping sector and their research makes for a worrying read in the light of the ongoing fallout from the widely-reported attack on Maersk.

Leading market intelligence provider SeaIntel warned that close to half of container carriers have a disturbingly low level of cyber security, as reported in ShippingWatch.

Against the backdrop of this grim prognosis, and with impeccable timing, a major new report, ‘Cyber Security Onboard Ships’, backed by heavyweight organisations in the shipping industry, including the Baltic and International Maritime Council, was issued. The report offers comprehensive directions on how the industry should cope with the growing menace of cybercrime. Maersk itself has recently updated its IT security systems, and claims to have created multi-layered protective systems.

At the outset, the report makes it clear that the “safety, environmental and commercial consequences of not being prepared for a cyber incident may be significant.” Offering practical advice and management best practice on cyber security and cyber safety-related matters, the guidelines in the report are further aligned to recent research and recommendations published by The International Maritime Organisation (IMO).

The guidelines fall into six main sectors:

• Identify threats
• Identify vulnerabilities
• Assess risk exposure
• Develop protection and detection measures
• Establish contingency plans
• Respond to and recover from cyber security incidents

Threats identified in the guidelines include: groups who may want to target a ship include so-called activists, which contain within their ranks disgruntled employees, and whose motivations could be reputational damage and operational disruption; criminals who seek financial gain or who are involved in commercial espionage and perhaps may want to sell the data; opportunists whose motivation is getting through cyber security defences and the thrill of the challenge; state-sponsored organisations who seek political gain; and the most serious of all, terrorists who want to disrupt national economies and critical infrastructure.

Following threat identification, the report outlines how the next stage is to carry out vulnerability assessment and how the shipping line can meet the challenges posed by these threats. The guidelines hold no punches in terms of responsibility, “Accountability and ownership for cyber security assessment should start at senior management level of a company, instead of being immediately delegated to the ship security officer or the head of the IT department.”

Ships can be particularly vulnerable as multiple stakeholders involved in the chartering of a ship can result “in lack of accountability for the IT infrastructure”.

The report goes on, “The growing use of big data, smart ships and the ‘internet of things’ will increase the amount of information available to cyber attackers and the potential attack surface to cyber criminals. This makes the need for robust approaches to cyber security important both now and in the future.”

This Achilles’ heel to cyber-attacks was investigated by Sam Chambers, editor of Splash 24/7. He stated, “Shipping has a very soft underbelly that makes it an easy, dare I say it, ‘fun’ target.”

In an incident that sent shockwaves through the shipping community a so-called ‘security researcher’ managed to access a ship’s satellite communication system using standard factory default settings, simply by entering the username ‘admin’ and ‘1234’.

The researcher was up front in his assessment, “Hacking ships is easy.”

Using the search engine Shodan, this security researcher tracked a ship via very small aperture terminal (VSAT) antennas, which is a two-way satellite ground station with a dish antenna that is smaller than 3.8 metres, exposing web services and found it all too easy to hack into the vessels computer systems. He recommends against revealing username details on the internet and regularly changing passwords.

Maritime security specialist Lars Jensen urged vessels operating VSAT systems to cease using factory settings as a matter of priority.

As this month’s report states, “Knowledge about previous identified cyber incidents should be used to improve the response plans of all ships in the company’s fleet and an information strategy for such incidents may be considered.”

However, many industry insiders fear this problem will just multiply in its complexity, with ongoing vigilance and constant awareness needed of the myriad challenges this threat poses right now and will continue to pose well into the future.