Shipping companies not immune from cyber crime

"Cyber attacks continues to rise globally"

The maritime sector faces a multitude of emerging and present cyber extortion threats. The increasing trend of networking information technology and operational technology onboard vessels and within port control systems has increased the sectors vulnerability.

Shipping companies, ports and vessels can be affected by targeted and untargeted extortion attacks. Untargeted extortion attacks, such as ransomware can exploit vulnerabilities in systems and hold sensitive data and core systems to extortion. The recent outbreak of the WannaCry ransomware, which infected more than 230,000 computers in over 150 countries, demonstrated how vulnerable all sectors of the economy are to known or zero-day exploits.

Targeted extortion attacks conversely will conduct extensive reconnaissance of specific companies probing for exploits, before infiltrating the systems with the primary aim to avoid detection as they map, deploy and expand their access to systems. The motives and objectives of these advanced persistent threats (APTs) within the maritime sector are extremely varied. For example, criminals can seek to steal company data for ransom, exploit known vulnerabilities and blackmail companies into paying retainers for ‘tech support’.

Hackers have cost asymmetry on their side, for near to zero startup costs and ease of access to online reading and experienced contacts, the barriers to entry into cyber extortion are extremely low. From human error, poor cyber-hygiene and low risk awareness hackers have multiple avenues to infiltrate systems. The social engineering of access to one shipping company employee username and password could potentially lead to an effect on the confidentiality, integrity and availability of companywide data and systems. Now armed with sensitive commercial data and personal identifiable data (PID) the hacker can begin to extort their target through anonymised and encrypted email services, which make the attacker almost undetectable.

As the need for operational efficiency increases companies have sought to add remote monitoring and interfacing with vessel management systems, including communications, cargo, propulsion and navigation equipment, an infiltration of shore based systems can potentially allow hackers access from one system to another. Consequently, the core supervisory control and data acquisition (SCADA) systems of vessels are now susceptible to ransomware and other forms of disruption and denial attacks. An attack that costs less than the price of a laptop can render systems worth multimillions immobile and uncontrollable.

Ports are critical nodes in a national transportation and logistics network, the efficiency and effectiveness of container and bulk cargo operations are key determinants of shipping costs. This quest for efficiency has led to greater automisation of control over port operations and near universal integration of computing into port management. This reliance on operational technology has created vulnerabilities to extortion driven distributed denial of service (DDoS) attacks. Ports have utilised the internet to allow ease of access to customs clearance, cargo handling and port administration through web portals. Overwhelming these portals with traffic from botnets would make services unavailable and cause significant delays, increase turnaround times and incur operators’ significant costs. Even a limited demonstration DDoS attack, common in the initial stages of DDoS extortion incidents, has the potential to cause media interest and subsequent reputational damage.

Cyber extortion attacks continue to rise globally, shipping companies and port operators will not be immune. The maritime industries shift towards greater use of big data, systems integration and smart ships will only increase the many avenues for vulnerability in the long-term.

To secure excellence in cyber extortion response, crisis management and loss prevention services we have established a partnership with NYA International, a well-established, leading global risk and crisis management consultant. NYA International has produced this article at Norwegian Hull Club’s request.

NYA International’s opinion and advice is given on the basis of the information given to them in their instructions and the surrounding circumstances known to them to exist at the time when those instructions are given. They do not accept responsibility for verifying the information or investigating beyond its limits. Subsequent changes to relevant information or to the surrounding circumstances may affect the reliability of their opinion and advice but they do not accept responsibility for that effect. NYA do not accept responsibility for the outcome of action taken or not taken as a result of their opinion and advice unless the possibility of that action being taken or not taken is set out in specific terms in their instructions.


31. May. 2017