Cyber Intelligence for Shipping assets

ENISA produced its first EU-report on Maritime Cyber Security back in 2011, warning of the low cyber security awareness and intelligence within the sector, the complexity of the ICT and the lack of cyber security policies. Further difficulty is added to this situation due to the fragmented nature of the maritime governance between different levels.

However, fast forward 8 years to 2019 and the first Transport Cyber security Conference was held in January highlighting the progress and awareness that is being made throughout the transportation industry, not just maritime.

Within the maritime industry over the last quarter alone there have been 2 separate incidents in which the US Coast Guard has sent out security alerts, highlighting the ongoing problem with cybersecurity policies and practices on board commercial vessels.

In May, a wave of spear-phishing emails were being sent out intending to spread malware across commercial vessels, posing to come from official US Port State Control authorities. The malspam campaign intended to spread malicious software that was designed to disrupt shipboard computer systems.

On July 9th the US Coast Guard published another alert indicating that a cyber security incident had impacted a vessel bound for the Port of New York. Whilst the malware on this occasion had not impacted the essential vessel control systems, there was ‘significantly degraded functionality of the onboard computer system.’

These are just the latest in a series of cybersecurity incidents on shipping vessels, however, and is not something that is considered a surprise to industry experts. A report published in 2018 by a conglomerate of 21 international shipping associations identified a ‘plethora of cyber security problems aboard ships, where investigations found ransomware, USB malware and worms on numerous occasions.’

The report also indicated interference with onboard automatic identification systems and electronic chart display and information systems, the jamming of global positioning systems and the manipulation of cargo and other ship and port systems, allowing access to ship manifests enabling the identification of crews and cargo.

The combination of such information has been linked to a hybrid of cyberattacks and physical piracy, whereby pirates have reportedly identified ships containing valuable cargo and minimal onboard security, providing a perfect target.

Whilst all of these incidents have happened through the introduction of malware/ ransomware etc within ports, the effects clearly may only be identified at sea. In either case, the malware would likely have already completed its task and caused unnecessary damage.

This highlights a growing trend with the ever more connected world whereby industries of all types need to ensure they are protecting their assets at every level. Networks such as those used within the maritime industry are already connected to the outside world, therefore it is essential that they are provided adequate levels of network security to protect their cyber threat intelligence.