The maritime industry is colossal but the large scale ransomware attack on transport and logistics conglomerate Maersk in 2017 shows the industry is still susceptible to cyberattacks.
A new podcast from cyber risk management company KYND looks into the cyber risks in the maritime industry. The discussion is led by KYND chief marketing officer Melanie Hayes and gets the thoughts of KYND CEO Andy Thomas and special guest Asceris CEO Anthony Hess.
During the discussion, Hess explained that the 2017 ransomware attack on Maersk was a particularly defining moment in the industry. The attack was collateral from the Not Petya attack and forced the insurer to spend a lot of money repairing it from the aftermath. The company reported losses of between $200m and $300m for the attack.
In 2019, the total value of the global shipping trade reached more than $14trn, according to data from the International Chamber of Shipping. While the industry is so large, it is often gone unnoticed.
Hess said, “I think unless someone happens to live near a major port, the average person doesn’t even really grasp the actual scale of the industry. So I think considering this perspective, most people just aren’t aware of shipping as an industry, and it would be reasonable to assume that it would be somewhat under the radar of cyber criminals as well have a lot of other sectors that look a lot more attractive.”
The media is often littered with stories about cyberattacks and data breaches happening in other sectors, such as banking. While there might be a higher level of risk in other sectors, there are still a lot of attacks happening in the maritime space, he stated. Furthermore, Hess explained that there are many industries that are a little less developed and prepared for cyberattacks and the maritime industry is one of them. “They really are in a good position to learn from what other industries have done to deal with them.”
Thomas joined in the conversation to state that the shipping industry, like many other sectors, has rapidly been adopting technology to digitise operations. Complex cargo management, automated identification, GPS systems and electronic chart displays are just some of the solutions being leveraged. Even more crucial, is that they are not more connected rather than being siloed like they once were.
While this sets to improve the efficiency of the industry, it comes with a host of new risks. Thomas said, “There’s a number of opportunities that pop up in these assets that mean that they become really quite interesting targets for cyber criminals or organised crime. There’s basically there’s a lack of inbuilt encryption or authentication in many of the navigation systems. I think this is one of the most significant issues that’s causing additional risk right now.”
He continued, “For example, automatic identification systems, which are a very key navigation tool used in vessel positioning and tracking. I hate to use the word poorly designed, but it is poor design at the protocol level and it allows attackers to abuse the system by generating automated commands and transmitting false error messages. This potentially has quite some significant consequences. As you can imagine. You can make a boat steer itself to a certain extent, which is not healthy for anybody.” Another other example is GPS jamming, which has been used to falsify the location of ships or even conceal the locations, leading to very troubling scenarios.
Improving legacy infrastructure should be a priority for firms so they can better safeguard their ships. More technology needs to be implemented that can better protect them from threats, he explained. Attention also needs to be put on third-parties that have access to infrastructure, whether it is to pilot the ship, dock the ship or remove cargo, there are vulnerabilities intertwined with each of these.
Episode 007 The KYND #StopTheBad Podcast: Cyber risks in maritime – sinking or swimming? Can be listened to here.
KYND’s previous podcast explored cyber risk management and cyber insurance and if one is more important than the other. Click here to view that episode.
Copyright © 2021 FinTech Global
Copyright © 2018 RegTech Analyst