The current US administration is signaling it will be updating the US government’s approach to its maritime cybersecurity strategy. Cyber security priorities are being discussed to enhance and secure the US’ ability to ‘project power at sea and defend against adversarial cyberattacks.’ The plan involves a re-examination of the national approach to information sharing and better emphasizing the use of operational technologies in ports.
Hackers at all tier levels have long targeted shipping firms and the maritime supply chain to steal data involving governments and, or interrupt cargo operations. Bad actors using a family of ransomware known as Ryuk have compromised computer networks at a maritime transportation facility in 2019, disrupting operations for 30 hours, according to the US Coast Guard. Nation-state hackers (APT) also have targeted Americans aboard maritime vessels to trick them into revealing their location or activities. More recently, one senior US administration official shared concerns regarding about a ransomware attack targeting a shipping company, which “affected COVID-19 supply chains in Australia.”
“Adversaries frequently interfere with ship or navigation systems by targeting position or navigation systems through spoofing or jamming, causing hazards to shipping,” one senior administration official said. This announcement was provided within several efforts at the US Department of Defense (DoD) to test readiness against cyberattacks in the maritime domain. The Pentagon’s offensive cyber unit, Cyber Command, simulated a cyberattack in 2019 on a US seaport. The US Army is also participating in a current cyber exercise meant to simulate adversaries targeting US ports.
The most recent victim in a long list of cyber-attacks was cruise operator Carnival Corporation, who reported last August 2020 that they had been hit by a cyber-attack involving files being stolen. Cruise ships are floating hotels with very valuable personal identifying information (pii) and financial data in their data systems. Carnival said, the company “detected a ransomware attack that accessed and encrypted a portion of one brands’ information technology systems. The unauthorized access also included the download of certain of our data files.” It seems that the ransomware attack included unauthorized access to personal data of guests and employees. The incident will likely be costly for Carnival, as it may result in potential claims from guests, employees and regulatory agencies.
This was the most recent event in a series of incidents that affected both shipping companies and ports. Since NotPetya caused US$300 million in losses for Maersk, the attacks are increasing at an alarming rate. In 2018, the ports of Barcelona and San Diego fell under attack. Australian shipbuilder Austal was also hit and the attack on COSCO Shipping line disabled half of the shipowner’s US network.
Now in 2020, the major shipping company MSC was targeted by malware, which resulted in shutting down the shipowner’s Geneva headquarters for five days. According to the above reported US Coast Guard security bulletin, Ryuk ransomware was used in a maritime attack. And then, the operating system (OT) systems at Iran’s Shahid Rajee port were hacked, restricting all infrastructure movements and creating a massive backlog. This a clear example of the convergent vulnerabilities of IT and OT systems.
The quantity of information transmitted from ship to shore has increased dramatically thanks to advances in maritime communications and an ever-increasing reliance on technology-enabled on-board systems. “What is interesting is that many operators believe they have this protected with traditional cybersecurity, but the firewalls and software protecting the IT side, do not protect individual systems on the OT network,” says the General Manager of Cyber Security and Marine Business at Wärtsilä. As an example, installing an antivirus platform on a vessel bridge navigation system (ECDIS) could very quickly impair and inhibit system performance.
Taking precautions by installing security systems, such as firewalls and detection systems for denial of services attacks and other malware, is crucial but insufficient. Adopting proactive cybersecurity risk management provides an opportunity for shipping companies to differentiate themselves. The Red Sky Alliance, RedXray service does just that. We sourer open source information in the Deep, Dark and Surface web. These indicators of compromise are then provided back to network security to blacklist IOCs. https://www.wapacklabs.com/redxray
Cyber resilience has emerged over the past years because traditional cybersecurity countermeasures are not sufficient to protect organizations against sophisticated attacks. Preserving both cybersecurity and cyber safety are important because of the potential effect a cyber-attack might have on personnel, the ship, the environment, the company and the cargo.
Cyber resilience programs should be able to identify, assess and manage a cyber risks. These programs must collection and monitor, 24/7/365, all mission critical systems to detect anomalies, change and potential cybersecurity incidents before they cause significant damage and disrupt the reliability and safety of operational processes. An incident response management program ensures business continuity and helps the maritime and shipping company to continue to operate despite a cyber-attack.
With cyber-attacks ever increasing in frequency and severity, supposing that maritime and shipping organizations can defend against every potential attack scenario is just plain unrealistic. Yet, maritime organizations need to combine cybersecurity with business resilience to be cyber resilient. As the maritime sector continues its digitalization quest, safer shipping programs are a competitive strategic advantage.
Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports. Specifically, our analysts have been collecting and analyzing on maritime cyber security issues for years. We publish weekly Vessel Impersonation report, associate IOCs and a Maritime Watchlist.
Red Sky Alliance can help protect against attacks as described above. We provide both internal monitoring in tandem with RedXray notifications on ‘external’ threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.
The installation, updating and monitoring of firewalls, cyber security collection and analysis and proper employee training are keys to blocking malicious attacks. Please feel free to contact our analyst team for research assistance and RedXray Cyber Threat Analysis report on your organization.
Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or email@example.com
- Reporting: https://www.redskyalliance.org/