All four of the biggest maritime shipping companies in the world suffered a digital attack within a few years of one another. It all started with Maersk back in 2017 when the Danish transport and logistics conglomerate fell victim to NotPetya. The wiper didn’t expose any of Maersk’s customer or business data, ZDNet reported, but the company suffered a disruption as a result of the attack when it halted operations and spent 10 days reinstalling thousands of its IT assets.
The following year, COSCO confirmed that it had temporarily disabled connections with some of its regions after it suffered a disruption to its email and network telephone services in the Americas. The shipping company didn’t mention a digital attack in its statement. But according to SecurityWeek, COSCO told some news outlets that ransomware had caused the disruptions.
Then came Mediterranean Shipping Company (MSC) two years later. In a statement posted on its website, MSC confirmed that it had restored its booking options and website after a malware attack affected some of the physical computer systems in its Geneva headquarters. That was just a short time before CMA CGM revealed that a ransomware attack had temporarily affected its booking system and several of its offices in China, as covered by Lloyd’s List.
Putting These Security Incidents into Perspective
All of the attacks described above targeted maritime shipping companies’ Information Technology (IT) systems. But this is a dangerous development given the ongoing convergence between IT and Operational Technology (OT) in the maritime industry, among other sectors.
Per Tripwire, maritime organizations are increasingly connecting their Vessel Integrated Navigation Systems (VINS), Global Positioning Systems (GPS), radar systems and other OT assets to one another and to shore-based assets. Such connectivity helps those organizations to improve their efficiency. But it also introduces several digital risks. Insurance Business explains that digital attackers could leverage a data breach to steal operational information and intellectual property such as design plans for a new ship, for example. If the former is affected, ships might not be able to deliver their goods to their intended destination within a defined shipping window, potentially damaging the company’s reputation. Corrupted operational information could also expose personnel to life-threatening situations; as an example, a manipulated charting system could lead ships into a storm or into waters that are frequented by pirates.
These digital attacks aren’t rare occurrences, either. According to Hellenic Shipping News, digital attacks against the maritime industry’s OT systems increased by 900% between 2017 and 2020. In that span of time, security professionals catalogued 50 significant OT attacks in 2017. That figure increased to 120 in 2018 and 310 a year later, with the expectation that those major attacks would surpass 500 by the end of 2020.
Security Guidelines for Maritime Organizations
Governments and other organizations understand that maritime organizations are increasingly under attack and are creating new guidelines to help them. Provided below are three examples:
- The International Maritime Organization (IMO): On June 16, 2017, IMO adopted Resolution MSC.428(98). The action encouraged administrators at maritime organizations to appropriately address digital risks confronting their systems by January 1, 2021. The document informed admins that they could use MSC-FAL.1/Circ.3, “Guidelines on maritime cyber risk management,” towards that end. Among other security practices, those guidelines emphasize that admins evaluate their existing risk management posture and use a risk management plan to address digital risk gaps.
- The Government of Canada: Near the end of January 2021, the Chamber of Shipping (COS) reported that Canada’s Maritime Cyber Security Centre of Excellence had partnered with Quebec cybersecurity startup Neptune Cyber and Davie Shipbuilding on a five-year research project to research digital security for critical maritime infrastructures. This announcement came several years after Transport Canada released a document containing security best practices for maritime organizations. Along with recommending other security controls, the document recommended that organizations use zoning to isolate their critical information and apps in more secure areas of their networks.
- The Government of the United States: In early 2021, the United States published the National Maritime Cybersecurity Plan. The purpose of the Plan is to help unify resources, stakeholders and initiatives around improving digital security within the maritime industry, reported the Greater Houston Port Bureau. Towards that end, the Plan recommends that maritime organizations adopt a digital security risk framework so that organizations can begin to identify the digital and mitigate risks confronting them.
How ORIGNIX Can Help
The best practices referenced in the security guidelines above are a lot for maritime organizations to do on their own. Some entities might not know where to start.
Fortunately, maritime organizations don’t have to approach the task of strengthening the security of their OT assets on their own. ORIGNIX can help them to secure their OT assets. The managed services provider begins by using its cyberPRA methodology to conduct a cyber and operational risk assessment associated with maritime organizations’ industrial processes. It then uses its cyberORM framework to help organizations to achieve the desired risk tolerance level for their OT assets using good engineering practices and internationally recognized standards.
For more information on how ORIGNIX can help your maritime organization secure its OT assets, click here.