23 May 2023
Cybersecurity in the Maritime Industry
And cybercriminals, unfortunately, know – and so the attacks on the maritime industry increased tenfold. To prevent or minimize the damage caused by those attacks, the industry needs to double its efforts when it comes to boosting its internal security.
Why have maritime companies suddenly attracted the criminals’ attention and what can be done to stop them? Keep reading to find out.
Why is strengthening the maritime industry cybersecurity such a pressing matter?
If a decade or two ago, you asked anyone working in the maritime companies about cybersecurity, you would probably only get confused looks in response. Since all of their systems were isolated, and only the crew had access to them, the risk someone unauthorized would gain access to those was minimal.
Today though, the maritime industry relies on technical solutions more than ever before as they are using:
- Fleet management systems,
- Automated machinery and equipment control,
- Cargo management,
- Employee and passager management solutions, etc.
On the one hand, those platforms enable them to plan and navigate their shipping routers better and ensure that all of the vessel’s equipment is in top condition.
Unfortunately, the digital revolution in the maritime industry also attracted the cybercriminals’ attention.
For example, Inmarsat’s 2022 Beyond Compliance report found that cyberattacks that target the maritime sector increased by 168% in the Asia-Pacific region alone. Overall, attacks targeting ships increased by 33% percent in 2022.
What makes the situation even more complicated is that only recently the maritime industry noticed the threat and started to work on boosting their security. The result is that many ship owners and crew still have difficulty understanding and implementing cybersecurity best practices.
In an HFW report, over 25% of seafarers admitted that they don’t know what to do during a cyber incident.
Given how costly each incident can be, neglecting cybersecurity practices isn’t the wisest idea though.
- On average, cyber-attacks cost ship operators $182,000 per year.
- For 1 in 12 ship operators (8%), the average cost of cyber attacks is $1.8 million annually.
- An average ransom paid is $3.1 million
Examples of cyber attacks on the maritime industry
To prove the situation is serious, let’s first look at a few examples of recent cyber attacks targeting the industry.
Oslo-based DNV experienced a ransomware cyber-attack on its ShipManager servers on the evening of Saturday, January 7, 2023. To minimize the damage, the DNV experts shut down their servers right after they noticed the issue. And while the attack didn’t spread to other systems, it still affected around 70 customers and 1,000 vessels.
Following the attack, the company had to rebuild their server’s environment – and during that time, their ships could only use the onboard, offline functionalities of the platform.
As of March 15, 2023, DNV’s services are back online.
On January 29, two German oil suppliers (Oiltanking GmbH Group and mineral oil dealer Mabanaft GmbH & Co. KG Group) discovered their IT systems and supply chain were under attack. The attack effectively stopped all of Oiltanking’s loading and unloading operations and forced them to declare force majeure. As a result of the incident, energy giant Shell also had to reroute their oil supplies to other depots.
Although Oiltanking did not reveal what type of cyberattack they faced, it’s speculated they have been hit by a ransomware attack as well.
Port of Houston
Cybercriminals also targeted the Port of Houston, the second busiest port in the entire USA in terms of tonnage. The cybercriminals exploited a vulnerability in a password manager to breach the port’s network and then attempted to escalate the breach to gain access to other systems.
The Port of Houston’s IT team spotted the breach early though, and took steps to mitigate it. Thanks to their quick reaction, no sensitive data was exposed, and no systems were apparently disrupted.
According to an unclassified report by the US Coast Guard Cyber Command:
“If the compromise had not been detected, the attacker would have had unrestricted remote access to the [IT] network. With this unrestricted access, the attacker would have had numerous options to deliver further effects that could impact port operations”.
Port of Lisbon
The Port of Lisbon, one of Europe’s busiest seaports, was struck by a ransomware attack in January 2023. Fortunately, the incident did not affect the port’s operations, but it took down its official website, portodelisboa.pt, for a week.
A few days after the attack, the LockBit ransomware group admitted to being behind this attack and added the APL company to their extortion website. The message on the website claimed that the LockBit stole financial reports, audits, budgets, contracts, ship logs, and various other information about cargo and crews as well. The group then threatened to release the information online on January 18, 2023, unless the port would pay the ransom of $1,500,000.
The Administration of the Port of Lisbon didn’t share any details on the attack or how they responded to LockBit messages.
Danaos Management Consultants
In November 2021, multiple Greek shipping companies were hit by a ransomware attack that spread through the Danaos Management Consultants communication system. The company’s systems were supposedly unaffected, and the attack only encrypted around 10% of the data they held. However, many Greek shipping companies using the Danaos communication system have lost contact with their ships, suppliers, agents, and charterers.
Danaos has contracted an independent cybersecurity firm to investigate the incident and determine how the ransomware entered its systems. In the meantime, the company has been helping affected customers recover their systems and data.
How can maritime industry companies enhance their cybersecurity?
Since 2017, the number of attacks on the maritime industry’s operational technology (OT) systems has increased by 900%, according to several studies. And as the consequences of an attack can be quite severe, all companies in the sector should put fortifying their security at the top of their priorities.
Where should they start though?
Here are a few steps maritime companies can take to protect their systems from cyber threats.
Develop a cybersecurity strategy
Remember the statistic about ¼ of the seafarers admitting they wouldn’t know how to react during a cyber attack? Designing a comprehensive cybersecurity strategy is one of the best ways in which you can ensure that your crew will know what to do during such a crisis.
A cybersecurity strategy is an action plan outlining how a business will protect itself from cyber threats and how its employees should react in case of an attack or data breach. By creating such a strategy, maritime companies can identify their biggest security gaps and vulnerabilities and think of ways to patch them.
Plus, a company-wide cybersecurity plan also makes ensuring that all crew members understand and follow the best security practices easier.
The document is also a great place to include:
- What security practices should all staff members adhere to
- Which regulatory requirements do they need to comply with
- A guide on recognizing the most common cyber threats (and who to alert then)
- Information on how the crew should handle and secure sensitive data
Establish an incident response plan
A cybersecurity strategy should also include a plan for handling security incidents and data breaches to reduce the time needed to react and mitigate the incidents.
The plan should cover:
- The procedure for reporting any suspicious activity or system behavior
- Steps to take during a cybersecurity incident alert (such as shutting down the affected systems)
- The staff roles and responsibilities
- Recovery steps
Conduct risk assessments
New attack methods and potential threats appear daily, so performing regular risk assessments and updating the incident plan and cyber strategy is vital. The risk audit should be performed at least once a year.
Many breaches and attacks still come from human error – such as falling for a phishing email. Here’s where regular cybersecurity awareness and training programs can be incredibly helpful. During the training, employees can learn what are the possible consequences of a cybersecurity breach but also how they should react to phishing attempts.
Implement strong access controls
Strictly limiting who has access to what parts of the system can also significantly boost maritime network security. A good practice here is to use the least privilege principle- giving the crew access to only necessary data or functionality.
Security can also be enhanced by implementing multi-factor authentication (MFA) and ensuring employees use unique passwords and change them regularly.
Encryption is one of the most effective methods of protecting sensitive information, both in transit and at rest. Even if the criminals somehow gained access to the database, they couldn’t decrypt the data without a dedicated key. That makes the files useless for them.
All communication channels should also be encrypted to prevent hackers from trying to steal or manipulate the messages coming through the channels.
How can an MDR platform help with protecting maritime industry companies?
There’s one more thing that can help a maritime company defend itself against the waves of cyber attacks. Namely, a reliable managed detection and response (MDR) solution such as our CyberDefender.
With how many cyber attacks there are every day and how sophisticated many of them are, it might be impossible for a regular IT team to spot and mitigate all of them. Finding and hiring full-time cybersecurity experts is easier said than done though.
Here’s where the CyberDefender platform (armed with the experience of our own Security Operations Center) can take over and make the maritime network safer than ever.
The platform can monitor the maritime infrastructure on all endpoints 24/7, and report any suspicious activity to the SOC team. During the attack meanwhile, our team will use their experience to minimize the damage and restore the systems to their previous state. Our SOC team can also help with preparing and running security audits or managing compliance requirements.
So if you’d rather focus on your maritime business than worry about when your systems might be compromised, give us a call. Our CyberDefender experts will show you how to use our platform (and our SOC team) to make your business safe and sound.
Looking at how the maritime industry didn’t have to worry about cyberattacks until recently, it shouldn’t be surprising that they still struggle with boosting their security levels. As the consequences of a single attack can be disastrous though, the industry businesses should do everything they can to safeguard their infrastructure, cargo, and crew.
And as cargo management or navigation systems can help them become more efficient, dedicated cybersecurity solutions like CyberDefender can make them feel much safer as well.
If the maritime industry combines the powers of our platform with company-wide cybersecurity training and industry best practices, then thwarting the cybercriminals’ plan will become easy.
What is NIS2 Directive?
+48 58 380 01 10
Office of the company
ul. Uphagena 27,
80-237 Gdańsk, Poland
Al. Jerozolimskie 81
02-001 Warsaw, Poland