01 Sep Increased number of maritime cyberattacks
Ports are increasingly targeted by cyberattacks amid a surge in maritime incidents.
Over the past three years, the number of cyberattacks on operating technology (OT) * systems in the maritime industry has increased by 900%, and the number of reported incidents will reach record levels by the end of the year.
* Operating technology or OT is a category of computing and communication systems for the management, monitoring and control of industrial operations, manufacturing process and equipment.
According to data from cybersecurity experts from Naval Dome, there were 50 significant OT hacks in 2017, which increased to 120 in 2018 and more than 310 last year.
This year looks set to end with over 500 serious cybersecurity breaches, as attacks are growing at an alarming rate since NotPetya, the virus that cost Maersk $ 300 million.
Recall that in 2018 the first ports suffered, first Barcelona and then San Diego came under attack. Australian shipbuilder Austal was also hit, and the attack on COSCO destroyed half of the shipowner’s American network. This year, the operating systems of a US cargo company were infected with malware, and last month, OT systems in the Iranian port of Shahid Rajee were hacked, restricting all infrastructure movement and massive non-made work.
According to information from Iran, along with digital satellite images, the Iranian port has been in a constant state of flux for several days. Dozens of cargo ships and oil tankers awaited unloading as long queues formed at the port entrance, stretching for miles. The reports of this attack helped raise public awareness of the potential broader impact of cyber threats on ports around the world.
A report released by Lloyd’s of London indicated that if 15 Asian ports were hacked, there would be more than $ 110 billion in financial losses, a significant amount of which would not be reimbursed through insurance policies as OT system hacks are not covered. This further underscores the economic impact of cyberattacks on port infrastructure.
Distinctive features of OT networks
Unlike IT infrastructure, OT networks lack a “dashboard” that allows operators to see the status of all connected systems. Operators rarely know if an attack has occurred, invariably logging any anomaly as a system error, system failure, or a need for a reboot. They don’t know how to describe something unfamiliar to them. The systems are attacked, but they are not registered as such, and subsequently the IT network becomes infected.
Operational networks, in contrast to information networks, are measured by their performance level. Their work cannot be disabled and stopped. The emergency condition in these systems can usually only be determined after impact and is likely to be irreparable and irreversible.
In doing so, hackers can gain access to storage systems and infiltrate mainstream operating systems via cellular networks, Wi-Fi, or USB sticks. They can enter these systems directly.
As the maritime industry moves towards greater digitalization, increasing the use of networked autonomous systems, more and more vulnerabilities will be created. There will be a whole host of new cybersecurity capabilities through which people can attack if systems are not properly secured.
Therefore, one of the first steps that port operators must take to protect their OT systems should be to understand the difference between the two areas – between IT security and OT security. There is no real separation between the networks. People can enter on the OT side and infiltrate the IT side. In fact, we are seeing it now. Successful IT hacks have their origins in the initial infiltration of the OT system.
Work on finding solutions to the problem
The maritime industry is becoming increasingly aware of the growing cyber threat to OT systems. In this regard, new solutions for cyber defense are already being actively developed. For example, a subsidiary of ABS and the American Club have joined forces to work on maritime cybersecurity.
Collaboration between the risk management and insurance sectors will focus on education, training and the development of guidelines and guidance to reduce maritime cyber risk. After all, with a better understanding of the available tools and programs that can be implemented and their integration into the maritime industry, it will be possible to provide better services to shipowners and charterers around the world.
Cybersecurity has become a business imperative, and such alliances will enable the development of tools that support compliance and help ship owners and operators establish safeguards to ensure the safety of their ships – from design and construction stages to continuous operation throughout their life cycle.