The world of shipping and sea transport has undergone some significant changes in recent years, mainly with regard to networking and connectivity, digitizing, automation and integration of information systems and operations systems used in seaports, by shipping companies, and onboard ships. Consequently, seaports and ships have become attractive targets for cyberattacks.
Back in 2011, the port of Antwerp, Belgium came under a cyberattack. Hackers who operated in the service of a drug cartel were responsible for that attack. They hacked the cargo management systems and changed numerous manifests in order to mask drug smuggling on an international scale. The authorities spotted the attack after a long time and disrupted it. In the course of the same year, the Iranian shipping company IRISL came under a cyberattack staged by an unidentified party. That attack completely erased the company's database, including data on cargoes and containers. Seaports in Australia came under attack for similar purposes in the years 2011 through 2013.
Offshore drilling rigs are also not immune to cyberattacks. In 2014, two offshore oil-drilling rigs came under significant cyberattacks. The first attack, against an offshore rig opposite the coast of Africa, caused the rig to list and sink. The second attack, against a South Korean offshore rig, rendered the rig unserviceable for 19 days. Presumably, North Korean hackers were responsible for this attack.
Apparently, the most infamous cyberattack in the maritime field occurred in June 2017, when the world's leading shipping company, MAERSK, sustained serious damage following a cyberattack. The attack, which lasted about a week, forced the company to close down its services and inflicted damage on tens of thousands of computers in numerous corporate branches worldwide. The attack caused damage amounting to a total of more than $300 million.
As stated, this was not the first cyberattack against a shipping company. Many additional attacks against seaports and shipping companies around the world followed – like the attacks against the ports of Rotterdam, Bombay, and others. In the most recent cyberattacks we know about, the targets were the shipping companies COSCO and San Diego, in July and September 2018. These attacks rendered the companies' branches unserviceable for a few hours. In most cases, the authorities are unable to determine the source of the attack, but the damage is reflected in the closing down of seaport and shipping company services, as well as in financial, public image, and safety damage.
The Maritime World becomes Interconnected
Seaports employ numerous computer-based systems for such purposes as port management, loading and unloading of containers and cargoes onto/from ships, port haulage and storage, maritime command and control systems, data systems for client relations, physical security, and more. All of these systems are interconnected through the Internet and are even connected to the ships at sea.
Ships, too, carry numerous computer-based systems, from surveillance through satellite navigation, vessel identification and tracking, automated chart loading, engine and steering control, sensor control (fuel, water, damage control, etc.), to cargo and transshipment control and more. The various systems onboard the ship are interconnected, and are connected to the port systems and the systems of the shipping companies through satellite communication channels and other communication channels.
The increasing importance of seaports and ships to world economies, combined with the technological changes, the abundance of computer-based systems at the seaports and onboard the ships and the connectivity between all of those systems, have made seaports, ships and shipping companies vulnerable to cyber threats. Cyber attackers regard seaports and shipping companies as high-value targets, in view of the massive amounts of data they maintain, the substantial capital involved in their activities and the technological vulnerability of the systems.
Threats on the Water
The risks associated with a cyberattack against seaports and shipping companies could include the partial or complete shutdown of the port for a long time, through various methods. Such a shutdown or disruption of the port's activity could have a significant effect on the exports and imports from and to the country or on the services the seaport provides, as well as on the national chain of supply (for example, it might adversely affect the state's ability to provide energy to its inhabitants).
Denying the ability to assemble a maritime status picture (for the vicinity of the port) for access control; preventing ships from entering and exiting the port; physical intrusion of terrorist or criminal elements into the port; smuggling; environmental and public image damage; damage to reputation and collection of state intelligence – all of these are potential risks to the maritime industry.
What about the vessels themselves? Gaining control over the ship's steering and navigation systems remotely will enable the attacker to do with the ship whatever he pleases – either steer it in an undesirable direction, cause it to collide with another vessel or object (port, dock, offshore rig, etc.) or hijack the ship for terrorism or piracy purposes.
Uninterrupted, Extensive Monitoring
Securing seaports and ships against cyber threats is a complex undertaking. The challenges facing the security needs are diverse and severe. Seaports and shipping companies must develop a corporate security culture that would ensure a secure conduct and personal responsibility at the management and employee levels. Such an effort must involve the introduction and implementation of procedures, awareness, operating methods and resources that would improve the organizational resilience in the face of cyberattacks.
Shipping companies manage seaports and handle goods and cargoes in many countries around the globe, over a worldwide geographic dispersion, using the Internet, which provides the comprehensive connectivity they require. The geographic dispersion makes it difficult for the shipping companies to come up with a unified security strategy that would enable them to secure all of the seaports and the connectivity between them. Numerous seaports, shipping companies, and vessels operate around the world without a uniform, standardized configuration of information systems, surveillance and navigation systems, communication, command and control systems, et al. Consequently, shipping companies are required, in practice, to implement cybersecurity solutions that are as generic and as cost-effective as possible on the one hand, while on the other hand providing a solution to the different configurations of the systems onboard the vessels and to the numerous and highly diverse threats. The crews operating today's ships are highly diversified, with members of different nationalities. They lack security awareness and operate without the close supervision and control of information security professionals. Ship crews must operate subject to 24/7 supervision, threat control and monitoring and provided with the ability to generate real-time alerts and deal with threats as promptly as possible.
As far as the organizational aspect is concerned, shipping companies must chart and identify reference threats and critical core processes in the systems and infrastructures of the seaports and vessels. Opposite those reference threats and critical processes, they should formulate a comprehensive, integrated security strategy that would match the missions and methods of operation of the vessels and the seaports. Additionally, they should implement and assimilate information security procedures, train their employees and even hold simulations and training exercises to train their managers and employees to cope with cyber events.
As far as the physical aspect is concerned, the shipping companies should implement solutions to prevent access to their computer systems and provide those systems with physical protection against unauthorized elements and illicit operations.
As far as the technological aspect is concerned, the shipping companies should identify the existing gaps according to their definitions of the threats facing the systems used in the seaports and vessels. Then, they should implement suitable, relevant technological solutions based on the gaps identified.
One final recommendation involves the establishment of control centers for monitoring new threats and controlling the organizational systems. These centers should operate 24/7, 365 days a year.
Cmdr. (res.) Eyal Pinko served in the IDF Navy and the Israeli defense establishment for 28 years, in various positions – technological, operational and intelligence. He is a doctoral student at Bar-Ilan University and a research fellow with the Haifa Research Center for Maritime Policy & Strategy