Troubled Waters: Responding to Cyber ​​Attacks in the Maritime Industry

Shipping is increasingly digitized and interconnected. As traditional maritime operations are replaced by autonomous, computerized processes, cybersecurity vulnerabilities are becoming more prevalent.

While not unique to the maritime industry, there are some innate challenges ships face when it comes to cyberattacks. These include the hyper-complex nature of ships and global supply chains, as well as the many stakeholders involved in operations and chartering.

Some industry experts are already making waves in the fight against these threats, but given the global reach and importance of the sector, there is likely no short-term fix.

An ocean of trouble

Speaking on the Standard Club’s Alongside podcast (listen to the podcast here), two professionals in the field of maritime cyberattacks described the nature and scale of the threat facing the industry.

Daniel Ng, CEO of CyberOwl, a company that helps the maritime industry manage cyber risk and compliance, explained that the vast majority of attacks come from small ransomware.

Rather than being large James Bond-style computer equipment shutdowns that immobilize ships, Ng explained that the risks the shipping industry faces from cyberattacks are generally quite low from criminals trying to earn money quickly with a shipping company. ‘.

So far, no attack has resulted in a ship colliding or running aground due to loss of control, but that doesn’t mean concerns are any less on the radar for shipowners.

Although cyberattacks do not tend to lead to tragedies, they can have a significant impact on revenues and revenue streams due to delays resulting from a cyberattack. A means by which owners, operators, shipowners, charterers and traders can protect themselves with cyber Strike & Delay coverage.

An example of severe disruption occurred in February when CyberOwl was particularly vigilant due to the increasingly unstable international situation.

“Across eight ships from two different customers and across eight very different ship types, we found evidence of some malware designed to get on board the ship and on a computer,” Ng said.

The virus, designed to give the attacker full control of the machine, spread across the entire network in two vessels.

Operational technologies (OT) include navigation systems, engine control systems or ballast and water treatment systems on board the ship, and therefore threatened by this particular virus. While attacks on information technology (IT) can mean loss of data and information, third party access to EO means potential loss of vessel operations and security.

“Whether it’s overwriting files on the machine by shutting it down, stealthily trying to copy information to the back of the machine, or simply running a new command or process on that machine, this particular malware was designed for that,” Ng said.

The malware identified by Ng’s team is called “Plug X”, primarily known for political espionage rather than commercial or ransomware activities.

However, given the controls put in place with these customers, there was no evidence of a takeover of the vessel’s systems.

“So what did we learn from that, in terms of typical things on board for cybersecurity of on-board systems?” The first is often the separation of what is the more traditional shipboard computing and the operational technology that happens, and where that happens there is a good layer of control,” Ng explained.

Another issue brought to light by the event is that these “attacks” can often be collateral damage from larger, less targeted programs.

“We call it the ‘spray and pray’ approach, where the abuser just releases him, hopes he grabs a computer,” he said.

This can pose a problem for insurers because the origins of cyberattacks remain shrouded in mystery and their origins unknown.

Besides ships, cyberattacks can also affect land-based infrastructure, which in turn can lead to ship delays in a port.

For more information, please see Standard Club’s Cyber ​​Strike & Delay coverage.

Security-focused responses

The first phase of cleanup after an attack, Ng said, happens roughly within the first 24 hours, depending on the severity of the incident. After that, the main objective is to stop the spread of the attack and ensure the safety of ship operations.

This is your only concern in this first phase. After that, the second phase is to restore, restart, get the business back on track and keep running,” he added.

Finally, collect evidence to understand where the vulnerabilities were in the first place.

While some companies may want to prioritize getting their business back up and running, the world of shipping means living at sea.

“The main objective is always the safety of vessel operations; then it’s business interruption,” Ng said.

For AXIS, 24/7 communication in the event of an attack is part of their coverage capability.

“With our cyber insurance policies, we have an incident response team. And it has a dedicated 24/7 helpline number, which provides a suite of experts who can help sort out the event,” Furness-Smith said.

Loss prevention

The cyber side of the insurance market is newer than the more developed property damage industry. The embryonic nature of cyberattack coverage explicitly implies the process of constant evolution.

Furness-Smith says owners have had to become more aware of the rest of their business and the coverage they need from an insurance perspective. For example, property damage resulting from a cyberattack will generally not be covered by hull and machinery policies.

Georgie Furness-Smith, Senior Cybersecurity Underwriter and Head of Maritime Cybersecurity at AXIS Capital, said: “Over the past five years, the main thing that has changed is the perception and appreciation of the threat.”

AXIS Capital is one of the world’s leading providers of specialty insurance and reinsurance. Coverage of cyber-attacks is rapidly becoming a major priority in the maritime sector.

“Essentially they need a separate cyber insurance policy for that. We have seen the severity and frequency of cyberattacks increase over the years. It has therefore become essential that companies like mine, Axis, can offer a solution to solve this problem,” she said.

Moreover, it is not just ships that are vulnerable. The increasing number and severity of attacks across industries has signaled that maritime businesses are vulnerable to cyber events, such as ransomware attacks on corporate networks.

In terms of coverage, Furness-Smith said mitigating the cost of attacks requires certain insurance policies.

“They should have a traditional cyber insurance policy, which covers their balance sheet against risks, such as ransomware, and also covers business interruption and various other things,” she suggested.

“The second thing they would need is coverage for material damage to the ship.”

Transparency issues

Companies may be reluctant to reveal the exact extent of cyberattacks due to fears of appearing vulnerable to potential investors.

Ng suggested the shipping industry should look at measures used by other industries, such as financial services, to move from a secrecy to a transparent approach. Reporting and information sharing lets others know what weaknesses have been exploited, which would have long-term benefits for the entire industry.

As part of a partnership with the Singapore Shipping Association – representing 450 shipping companies in the city-state – CyberOwl took inspiration from the Port Authority of Singapore to set a standard for Singaporean shipping companies in terms of cyber maturity . The larger goal is to set a precedent for the global industry on how to form a bulwark against attacks.

“Some ability to understand the maturity in the shipping sector in Singapore and to compare that across the different areas of cyber capabilities becomes very meaningful and very powerful,” Ng said.

Cyber ​​attacks on the rise

The increasingly digitized and automated nature of the shipping industry means that cybersecurity is likely another inherent cost that shippers will need to consider. In this regard, shipping is no different from most other industries.

However, although the arms race has begun, it is a race that the shipping industry is in an excellent position to win, as long as it maintains its resilience in both smart coverage and technological supremacy.

“I think it’s inevitable, but we’re also getting stronger, we’re getting more educated, we’re putting more controls in place. So those things balance out over time,” Ng said.
Source: The Standard Club