Professor Rasheen Bappu a Data Scientist, Logistics & Security studies professional alerted the industry leaders & professionals about the importance & challengers of Cyber Security at the recently concluded Colombo International Maritime & Logistics Conference (CIMC 2022) held at Cinnamon Grand, Colombo.
Sri Lanka is bleeding with an economic crisis, geo political developments are further threatening its economic climate and cyber terrorism is on the rise. Further due to competition among corporate sector, advancement in technology, Cyber attacks have been rapidly increasing over the years, resulting to big financial losses to businesses, regulatory sanctions, as well as collateral damages, such as reputation and trust. Cyber attacks on maritime transport increased by 400% in 2020 according to Naval Dome and More than 500 cyber attacks in the marine industry in 2020 according to US Coast Guard (Cyber Strategic Outlook) was reported. Therefore securing our businesses should be our utmost priority as a non military dimension of National Security.
Although some research is being conducted in this area, maritime cyber security has not been deeply investigated. Hence, his presentation provided a close investigation of the landscape of cyber security in the maritime sector with the aim of highlighting security problems and challenges. First, it explores the systems available on ships, ports & logistics network that could be targeted by attackers, their possible vulnerabilities that an attacker could exploit, the consequences if the system is accessed, and actual incidents. Then, he described and analysed possible mitigation actions that can be utilized in advance to prevent such attacks. Finally, several challenges and open problems were discussed for future research. Modern and autonomous ships are equipped with a variety of complex automated systems that have made the sea a much safer place than before. However, some of these systems are often insecure and vulnerable to attack because they are considered less critical to security and performance
The extensive utilization of automation and IT systems in modern ships provides new opportunities for hackers and malicious actors to implement different cyber attacks that could lead to catastrophic incidents and cause major safety losses. Extensive research efforts have been made by the research community to identify vulnerabilities in the modern maritime industry and many successful cybercrime cases have been reported in the last few years. In fact, most of the IT systems in modern ships are insecure and vulnerable to attack because they are considered less critical to security and performance in following areas;
Increased automation and artificial intelligence appear to be opening up new avenues for cyber attacks against the shipping industry, which has experienced serious cyber security incidents in recent years. The technology needed to “spoof” a vessel is not expensive and us becoming easier to find and download online. Spoofing incidents have already been reported in the Black Sea, where a number of ships reported anomalies with their GPS-derived position and found themselves apparently located at an airport. In the same area as the incident above, a ship was also exposed to GPS spoofing. The ship was at sea, but the geo location system onboard claimed that the ship was on land. Moreover, ship collisions and sea accidents due to the malfunction of navigation systems have been observed many times. In May 2017, a spoofing attack led to a collision between a U.S. Navy ship and a South Korean fishing boat. In February 2017, an 8250 Twenty-Foot Equivalent Unit (TEU) vessel was completely hacked in route from Cyprus to Djibouti. For about 10hours, the attacker took over the ship’s navigation system and the Captain was helpless to do anything to put the ship back into operation. In a previous GPS Jamming attack, more than 280 vessels were reported by South Korea to have experienced Navigational system issues; the GPS signal was jammed by hackers, causing some GPS signals to die and others to receive incorrect data. When GPS fails to function properly, there is a very high risk of a disaster with catastrophic consequences for the crew, the ship, and the environment The most frequent types of attacks are phishing, malware, social engineering, brute force, and denial of service. In March 2020, the port of Marseilles was hit with the “Mespinoza/Pysa” ransom ware. In this incident, the maritime infrastructures were affected by the attack due to their interconnection with information systems in Aix-Marseille-Provence, which was the main target of the attack . In another large-scale incident, the port system of Maersk fell victim to a major cyber attack caused by the “NotPetya” malware, which also affected many other shipping companies globally. Maersk’s ships were still at sea, and its 76 port terminals around the world have stopped. This incident was followed in 2020 by a serious ransom ware attack on the shipping company CMA CGM SA, which impacted some servers on its network and prevented customers from having external access to the company’s IT applications and booking systems. This year, the Port of Houston was the target of an attack that involved a password management
program that contained a formerly unknown vulnerability .Further some of the recent attacks were too highlighted by Prof Rasheen such as Attack on Expeditors in mid Feb 2022 took 2-3 weeks to recover, In 2022 attack on JNCPT container terminal in Mumbai ,2022, HMM breach the South Korean shipping company, June 2021, Japan’s K Line suffered two attacks in 2021, August 2021 Port of Houston was the target of an attack that involved a password management program that contained a formerly unknown vulnerability, Transnet Attack, the major South African logistics, rail and port operator was attacked in June 2021 appeared to be the result of ransom ware, Swire Pacific offshore breach – The Singapore based shipping Company suffered unauthorized access to its IT systems in November 2021. Company reported loosing proprietary commercial information, data breach was very serious, November 2021,Danaos Management Consultants suffered a Software supply chain attack in which cybercriminals use vulnerabilities in software platforms to breach multiple targets at once. The cybercriminals apparently aimed to encrypt victims data and held it for ransom, Hellmann Ransom ware attack in December 2021, which put a halt to their day to day operations. As a result of this they were forced to remove all connections to their central data centre. Their data was accessed before they took themselves offline.
Modern and autonomous ships have become ripe targets for high-profile cyber attacks due to the increasing usage of digital technologies. Therefore, several countermeasures and in-depth defense strategies should be adopted in order to build resilience to external and internal security threats. The first is to create a continuous monitoring system that can provide real-time situation awareness of the ship’s security health status. In this context, block chain technology has been proposed to improve autonomous vessels’ control security in many studies. The main feature of block chain technology, including traceability, transparency, audit ability, immutability, and decentralization, is proposed to enable secure communication and secure storage of the data exchanged between vessels and the shore control centre. The utilization of this technology will eliminate some critical security threats for ship communication, such as losing data, data changing by malicious actors, or data hijacking. According to, block chain technology will play a major role in identification and certification, ensuring data integrity and information security in the future of the maritime industry and autonomous vessels.
Although the maritime industry faces broadly the same cyber security challenges as other sectors, it is becoming increasingly apparent that it fits the profile of critical infrastructure being targeted by cybercriminals, and it also faces risks that might be considered unique to the nature of this industry. For instance, a successful cyber attack could shut down a ship, disclose valuable information, disable the vessel’s AIS, and/or create false or misleading AIS reports facilitating cyber piracy and criminal, terrorist, or even state actors. In this context, various types of cyber attacks, these ships could face, were discussed along with real-world incidents. From the numerous reported cyber incidents and their consequences, there is clear evidence that every ship, vessel, or even port is at risk of cyber attacks if key information systems are not adequately protected. Therefore, IT and OT systems in modern ships should be prepared with enhanced security measures due to their great vulnerability to cyber threats. In this paper, we discussed some possible countermeasures that can mitigate potential cyber attacks and make the shipping industry a hard target, such as the implementation of a new security standard that reduces the number and scope of cyber attacks. However, many security challenges remain unresolved, especially with the increasing use of autonomous and semi-autonomous vessels.
Professor Rasheen Bappu made following recommendations, Ports need to secure Operations Technology (OT) systems, asset inventory, vulnerability assessment to be done, Prepare businesses for cyber resilience(Cyber resilience Plan), Take measures to prevent breaches, The Privileged access management(PAM) approach, Use Cyber drills to practice responses in order to minimize the damage caused by the attacks that will inevitably occur, Losses arising from cyber risks to cover under the traditional insurance policies, Train employees, Hire a Cyber security experts and Conduct regular security audits or have external security certifications.