Cybersecurity Challenges for the Maritime Industry

1133

The crippling ransomware attack against the Colonial oil pipeline in the U.S. in May 2021 should be a wake up call for the maritime industry. As a critical part of the global supply chain, the shipping industry could become an attractive target for cyber criminals and politically motivated attacks. 

Marine insurer Allianz Global Corporate & Specialty explores these challenges in its latest Safety & Shipping Review 2021, says an article published on MarineLink website.

Cyberattack

The 9,000km long Colonial Pipeline, which connects some 30 oil refineries and nearly 300 fuel distribution terminals, was brought down by a cyberattack, which resulted in petrol shortages across the eastern U.S. The company paid a $4.4 million ransomware demand to hacking group DarkSide in return for getting its systems back online.

The attack has far reaching implications for critical industries, including shipping. Not only did it reveal weaknesses in cyber security, but also the attractiveness of critical infrastructure to cyber criminals and nation states. 

Given its perceived success, the attack could encourage similar attacks, and result in tougher cyber security requirements and higher penalties for critical service providers.

Ransomware

Ransomware has become a global problem. All four of the world’s largest shipping companies have been hit by cyberattacks, including the Mediterranean Shipping Company (MSC), which suffered a network outage in April 2020 from a malware attack, and CMA CGM SA, which was hit with a ransomware attack in September 2020. 

According to security services provider BlueVoyant, shipping and logistics firms in 2020 experienced three times as many ransomware attacks last year as in 2019. 

A spike in malware, ransomware, and phishing emails during the pandemic helped drive a 400% increase in attempted cyberattacks against shipping companies through the first months of 2020.

“To date, most cyber incidents in the shipping industry have been shore based, including ransomware and malware attacks against shipping companies and ports,” said Captain Nitin Chopra, Senior Marine Risk Consultant at AGCS. 

Alert to cyber risk

The shipping community has grown more alert to cyber risk over the past couple of years, in particular in the wake of the 2017 NotPetya malware attack that crippled ports, terminals and cargo handling operations. 

However, reporting of incidents is still uncommon as owners fear reputational risk and delays from investigations. Meanwhile, cyber security regulation for ships and ports has been increasing. In January 2021, the IMO’s Resolution MSC.428(98) came into effect, requiring cyber risks to be addressed in safety management systems. 

Increased awareness has translated into an increased uptake of cyber insurance by shipping companies, although mostly for shore based operations, according to Justus Heinrich, Global Product Leader Marine Hull at AGCS. 

“However, the threat to vessels is growing as more and more ships are linked to onshore systems for navigation and performance management. Smart ships are coming, and we would expect demand for insurance to develop accordingly,” Heinrich said.

GPS spoofing

Geopolitical conflict is increasingly played out in cyber space, as illustrated by spoofing attacks on ships. Recent years have seen a growing number of GPS spoofing incidents, particularly in the Middle East and China, which can cause vessels to believe they are in a different position than they actually are, while concerns have been growing for a potential cyberattack on critical maritime infrastructure, such as a major port or shipping route.

“From a hull perspective, the worst case scenario is a terrorist attack or nation state group targeting shipping in a bid to inflict damage or major disruption to trade, such as blocking a major shipping route or port. While this would seem a remote possibility, it is a scenario we need to understand and monitor,” Chopra said.

Summary 

  • The crippling ransomware attack against the Colonial oil pipeline in the U.S. in May 2021 should be a wake up call for the maritime industry.
  • Marine insurer Allianz Global Corporate & Specialty explores these challenges in its latest Safety & Shipping Review 2021.
  • Ransomware has become a global problem. All four of the world’s largest shipping companies have been hit by cyberattacks.
  • The shipping community has grown more alert to cyber risk over the past couple of years, in particular in the wake of the 2017 NotPetya malware attack that crippled ports, terminals and cargo handling operations. 

Did you subscribe to our daily newsletter?

It’s Free! Click here to Subscribe!

Source: marinelink