Premise
More than 80% of international trade occurs by sea. Regulators and markets are increasing the pressure on the shipping industry to mitigate risks and ensure timely delivery, which, in turn, are heavily reliant on the continuous and secure flow of data.
As the digitalisation of the maritime industry progresses, so does the exposure to cyber-attacks. In 2017, for instance, Maersk was the target of an attack that costed the company approximately $300 million and theCOSCO port terminal in Long Beach was attacked in 2018, to cite but two incidents.
Furthermore, in 2022, the average age of the global merchant fleet was around 22 years, with some segments (e.g., general cargo ships) well over 25 years. Overall, over 40% of all vessels are more than 20 years old. Considering these statistics, it is safe to assume that a large portion of international trade is relying on out dated and vulnerable operational technology infrastructure.
In 2022, the Safety and Shipping Review, a report annually published by Allianz, highlighted how since the coronavirus pandemic began, maritime industry businesses have faced a 400% increase in attempted cyber-attacks.
Drawing on these premises, we discuss cyber-security with Frode Alirash Roarson. Frode holds a Ph.D. in Digital Forensics and has several years of experience in software R&D and cyber-security. Frode has been Chief ProductSecurity Officer at Navidium and is currently a Director at KPMG, ManagedServices & Solutions.
Navidium - What makes the maritime industry attractive to cybercriminals?
Frode - There are several factors. Among the most relevant I would list the fact that, overall, the industry still lacks specific competence in digital security good practices. Particularly on board the vessel, where much of the focus is on people safety. Another element is that on-board systems can be accessed and monitored by a variety of shore parties concerned with ship machinery, sensors, and software. This aspect alone multiplies the potential for attacks.
The fact that much of the data is transmitted via email and through attached .doc or .xls files make sit also relatively simple to devise an attack.
Finally, based on what we know on the global merchant fleet's age, we can assume that many IT and OT systems are obsolete and no longer supported. This is indeed one of the reasons why, when I was working at Navidium, we decided to focus exclusively on offering Software-as-a-Service (SaaS), to ensure constant updates and better control over security.
Navidium - What type of attacks are most likely to occur in the maritime industry?
Frode - I don't think the maritime industry as a whole is more vulnerable than other industries to a specific type of attack. Cyber-attacks can take a great variety of forms. Phishing, for instance, is quite common. In these cases, cybercriminals target a number of people within a relevant pool (for instance, crew members) with increasingly accurate and believable messages, hoping to get someone to follow a link or input their data in a form. Phishing is often delivered via email or via a website, in this case it can be called "WaterHoling", but the purpose is always the same: get users to give up sensitive information. A report published by Cisco in 2020, for example, showed that 86% of the surveyed organisations had at least one user trying to connect to a phishing site.
Malware delivered through a variety of methods, including infected USB drives, is also relatively common. Macros and even pixel-tracking can also be used to deliver malware.
In short, as cyberattacks increase in frequency and severity, it is apparent that a cultural change is needed. The maritime industry could, in particular, increase the investment on training and updated software. Hiring a digital security officer could also be a good investment as it would ensure that the company has the right set of competences for most scenarios.
Navidium - Which elements of maritime operations are most likely to be vulnerable to cyberattacks?
Frode - All outdated elements of any given system are, of course, more vulnerable. There is an aspect that I'd like to cover though: connectivity.While it's obvious that vessel security is particularly at risk in high-connectivity areas, cyber-attacks can also occur in low- or no connectivity areas. Relying on low connectivity as a security means is risky at best.
As the digitalisation of the maritime industry progresses, it is vital for shipowners, charterers, and operators to partner with companies offering the highest level of protection against cyber-attacks. Navidium's SaaS approach provides constant updates and support to clients and partners.