Threats of even more costly cyber attacks increase dramatically as shipping becomes more cyber reliant
 During Covid lockdowns, cyber criminality came into its own as ocean carriers were hacked, Maersk, MSC, CMA and others large and small.
A profit making motive surfaced in the cyber attack on the French shipping giant CMA CGM, reported the Wall Street Journal, when dealing with an encryption malware, the liner had been contacted by someone claiming to be the hacker who asked for ransom in exchange for the decryption key.
Not surprisingly, cyber security firms have been out to sell their wares in an atmosphere of great scepticism as those old to remember recalled the Y2K scare of the 1990s.
Back then, software engineers, a new breed of cat, warned all cyber newbies that if we did not buy protection, our computer networks would turn into a pumpkin at midnight December 31, 1999.
Some did buy protection; some didn't, but in the end not much of anything happened. The year 2000 came and went as another click of the clock.
A young insurance agent at the time hoped to cash in on the fear, but found computer damage hard to find. Novell software maker had some problems, but then those people tended to be the source of such bugs.
Or in one case, the South West Township in Johannesburg suffered the loss of its tax records. But one suspected a self-interested merry prankster at work. What underwriter wanted to assess the cost of that. To this day, computer losses are largely uninsurable or subject to a cap.
The Baltic and International Maritime Council (BIMCO), representing shipowners and ship managers, have since drafted standard contracts stipulating that in the absence of an agreed amount during negotiations, the claims liability will be capped at US$100,000. Which isn't much when individual liner losses run into the hundreds of millions.
According to a recent report by California-based Cyber Risk Management, a major cyber-attack on Asia's ports could end up costing the global economy as much as $110 billion. Other estimates predict that cybercrime could cost the world economy $6 trillion annually by 2021, reports the American Journal of Transportation.
Naval Dome, an Israeli-based cybersecurity specialist, reported that there has been an increase of 400 per cent in cyberattacks since the start of the Covid-19 pandemic in February.
Maersk Line suffered what it saw as a $300 million loss when hit by the Petya virus in 2017, which disrupted a number of businesses worldwide. CMA CGM is the fourth shipping line to have been hit by a cyberattack. CMA CGM said systems at its intra-Asia arm Cheng Lie Navigation Co and the regional Australian National Line were unavailable.
MSC, Cosco Shipping and Maersk have also been affected. In April, MSC reported that some of the digital tools and the website were affected due to a malware attack.
CMA CGM asked clients to make bookings through a booking platform shared with some of its biggest competitors or to call local offices.
“This indicates potential compromise and/or loss of booking data received after that point,” said Lars Jensen, chief executive of Copenhagen-based SeaIntelligence Consulting and maritime security adviser to cybersecurity firm Improsec.
Brokers said some offices in China, including in Shanghai and Guangzhou, had been affected and staff were asked not to use company computers.
In addressing port and terminal operators during an online forum, Robert Rizika of Naval Dome said there were 50 significant hacks reported in 2017, increasing to 120 in 2018 and more than 310 last year.
Mr Rizika said that 2020 is looking like it will end with more than 500 major cyber security breaches, with substantially more going unreported.
He said that since NotPetya - the virus that resulted in a US$300 million loss for Maersk - "attacks are increasing at an alarming rate".
Emphasising the economic impact and ripple effect of a cyber-attack on port infrastructures, Mr Rizika revealed that a report published by Lloyd's of London indicated that if 15 Asian ports were hacked financial losses would be more than $110 billion, a significant amount of which would not be recovered through insurance policies, as OT (operational technology, meaning software that detects or causes a change in things) system hacks are not covered.
Going on to explain which parts of the OT system - the network connecting RTGs, STS cranes, traffic control and vessel berthing systems, cargo handling and safety and security systems - are under threat, Mr Rizika said, all of them.
"Unlike the IT infrastructure, there is no "dashboard" for the OT network allowing operators to see the health of all connected systems. Operators rarely know if an attack has taken place, invariably writing up any anomaly as a system error, system failure, or requiring restart.
"They don't know how to describe something unfamiliar to them. Systems are being attacked, but they are not logged as such and, subsequently, the IT network gets infected," Mr Rizika said.
"What is interesting is that many operators believe they have this protected with traditional cyber security, but the fire walls and software protecting the IT side, do not protect individual systems on the OT network," he said.
Where OT networks are thought to be protected, Mr Rizika said they are often inadequate and based on industrial computerised system, operating in a permanent state of disconnection from the network or, alternatively, connected to port systems and the equipment manufacturer's offices overseas via RF radio communication (wi-fi) or a cellular network (via SIM).
No stranger to direct responses to perceived dangers, Singapore has opened the Maritime Cybersecurity Operations Centre (MSOC), housed and operated by ST Engineering at its electronic hub. It conducts 24/7 monitoring and correlate data activities across all maritime Critical Information Infrastructure (CII).
"As the world's busiest transshipment hub, it is important that we safeguard our maritime and port critical infrastructure to prevent disruption to port operation," said Niam Chiang Meng, chairman of the Maritime and Port Authority of Singapore (MPA), the agency responsible for the new cybersecurity centre.
The MSOC, which started operations in November 2018, has been built with the capability to detect and monitor cyber attacks by analysing activities in the IT environment, detect anomalies and threats, and respond to the cybersecurity incidents using available technological solutions.
"We will also design an integrated command and control centre of the future when we move to the new Tuas port," said Mr Niam.
Singapore's Tuas mega port is scheduled to commence its first phase of operations in 2021 with two berths for ships. When fully operational in 2040, the port can handle up to 65 million TEU annually.
Mr Niam added that MPA is collaborating with the Singapore Shipping Association (SSA) and Singapore Polytechnic to develop a new Maritime Cybersecurity (Intermediate) Training Course for maritime personnel to enhance their knowledge in managing cyber threats and challenges. The one-day course will be rolled out in the first half of 2020.
"Third, MPA will embark on a Maritime Cybersecurity Research Programme in collaboration with the Singapore Maritime Institute and local institutes of higher learning. This programme will focus on the protection of shipboard systems and prepare bridge-officers to respond effectively to a cybersecurity breach," Mr Niam said.
Even more security conscious than Singapore is Israel. Thus, it is no surprise to find the Jewish state's flag carrier Zim at the forefront. Zim has deployed its experience and long-standing cooperation with cybersecurity experts Konfidas to establish ZKCyberStar, a subsidiary, offering a full range of cybersecurity services, tailor-made for the maritime industry, to increase cyber readiness and ensure business continuity in the event of cyber-attack.
The industry's ongoing digitisation, while indispensable, has increased exposure to cyber attack. ZKCyberStar provides a suite of services to support operational cybersecurity readiness, including cyber and regulatory postures, strategy and planning, cyber awareness and executive training, incident response capabilities, supply chain risk management, ongoing threat intelligence, regulatory alerts and briefs, and more.
Said Konfidas CEO Ram Levi: "The maritime and logistics industries have witnessed an unprecedented rise in cyber attacks in recent years.
Those attacks serve as a wake-up call for an industry, which is critical to modern trade and commerce. As we move towards heavily networked and increasingly automated systems, cybersecurity must be a top priority.
Thus far, hacks have cost money, fouling commercial arrangements, but if hackers managed to interfere with shipboard electronic chart display and information systems (ECDIS), cyber crime could well cost lives and cost billions. |
