Monday, July 20, 2020

As Maritime Cyber-Attacks Proliferate International Ports Warned They Are Particularly Vulnerable

Human Viruses are Not the Only Potential Killers Out There
Shipping News Feature

WORLDWIDE – Although at first horrifying, the statistic revealed during a recent online forum by Robert Rizika, Boston-based Head of North American Operations at security specialist Naval Dome that cyber-attacks on maritime stakeholders had increased by over 900%in three years should not be that surprising.

Just about anybody with an internet connection and an email address will know how phishing scams and their ilk have blossomed in that time. Not only that but many are becoming ever more sophisticated, using the correct logos a key to successful entry. So Rizika’s revelation that in 2017 there were 50 significant operational technology (OT) hacks reported on maritime associated companies, increasing to 120 in 2018 and more than 310 last year, with an estimate that 2020 will see over 500 is no real surprise.

The targets however, and presumably the potential for damage, and therefore presumably the rewards in terms of blackmail are huge. The NotPetya attack on Maersk cost the company $300 million plus and a lot of favours in terms of acquiring the vast quantity of new computers and servers needed immediately, reputedly the fact that one server in Africa had been off at the time was the only thing that rescued the company from complete meltdown and total loss of data.

Of course if faced with such a situation the obvious thing would be, as with any ransom situation, to simply pay up, which is what the thieves aspire to and at Christmas management at Albany International Airport decided it was safer to pay the Bitcoin ransom rather than stop all flights. Some attacks of course are simply malicious but all can have a real, and extremely damaging effect on people’s lives. The Maersk attack was followed by other strikes, Clarkson, Svitzer and COSCO all spring to mind.

Speaking this month during the 2020 Port Security Seminar & Expo, a week-long virtual conference organised by the American Association of Port Authorities, Rizika said that since NotPetya attacks had increased at ‘an alarming rate’. Recalling recent attacks, he told delegates that in 2018 the first ports were affected, with Barcelona, then San Diego falling under attack. Australian shipbuilder Austal was hit and that attack on COSCO took down half of the ship owner’s US network.

When another major container line, MSC, saw its Geneva HQ ‘hit’ during lockdown in April it was able to close down selected IT systems for five days verifying that no data had been lost, enabling the company to minimise disruption and continue to operate with all global offices and terminals unaffected. This was unlike the attack on Toll in February which saw the logistics group have to suspend multiple operations across its network as the ransomware, a Mailto variant, was flushed from the systems.

Mailto is also known as Netwalker and seems to have appeared only late in 2019 in a curious parallel with Covid-19. The MSC case, which occurred at Easter and attacked the company’s digital tools via its IT system, shows the benefit of intense staff cyber-security training in order to avoid infection spreading.

Recently a US-based cargo facility’s operating systems were infected with the Ryuk ransomware, and last month the OT systems at Iran’s Shahid Rajee port were hacked, restricting all infrastructure movements, creating a massive back log. Reports of this attack have gone some way in raising public awareness of the potential wider impact of cyber threats on ports around the world. Intelligence from Iran, along with digital satellite imagery, showed the Iranian port in a state of flux for several days. Dozens of cargo ships and oil tankers left waiting to offload, while long queues of trucks formed at the entrance to the port stretching for miles, according to Naval Dome.

Emphasising the economic impact and ripple effect of a cyber-attack on port infrastructures, Rizika revealed that a report published by Lloyd’s of London indicated that if 15 Asian ports were hacked financial losses would be more than US$110 billion, a significant amount of which would not be recovered through insurance policies, as OT system hacks are not covered. Going on to explain which parts of the OT system, the network connecting RTGs, STS cranes, traffic control and vessel berthing systems, cargo handling and safety and security systems, etc. are under threat, Rizika simply said:

”All of them. Unlike the IT infrastructure, there is no ‘dashboard’ for the OT network allowing operators to see the health of all connected systems. Operators rarely know if an attack has taken place, invariably writing up any anomaly as a system error, system failure, or requiring restart. They don’t know how to describe something unfamiliar to them. Systems are being attacked but they are not logged as such and, subsequently, the IT network gets infected.”

“What is interesting is that many operators believe they have this protected with traditional cyber security, but the fire walls and software protecting the IT side, do not protect individual systems on the OT network.”

An example would be the installation of an antivirus system on a vessel bridge navigation system (ECDIS) or, alternatively, a positioning system in a floating rig DP (Dynamic Positioning), or on one of the dock cranes on the quayside of the port. He continued:

“The antivirus system would very quickly turn out to be non-essential, impairing and inhibiting system performance. Antivirus systems are simply irrelevant in places where the attacker is anonymous and discreet. Operational networks, in contrast to information networks, are measured by their performance level. Their operation cannot be disconnected and stopped. An emergency state in these systems can usually only be identified following a strike and they will be irreparable and irreversible.”

Where OT networks are thought to be protected, Rizika said this is often inadequate and based on industrial computerised systems, operating in a permanent state of disconnection from the network or, alternatively, connected to port systems and the equipment manufacturer’s offices overseas via RF radio communication (Wi-Fi) or a cellular network (via SIM). Additionally as the maritime industry moves towards greater digitalisation and increases the use of networked, autonomous systems, moving more equipment and technologies online, more vulnerabilities, more loopholes, will be created.

”Hackers can access the cranes, they can access the storage systems, they can penetrate the core operational systems either through cellular connections, Wi-Fi, and USB sticks. They can penetrate these systems directly. There will be a whole series of new cyber security openings through which people can attack if systems are not properly protected. If just one piece of this meticulously-managed operation goes down it will create unprecedented backlog and impact global trade, disrupting operations and infrastructure for weeks if not months, costing tens of millions of dollars in lost revenues.”

”One area we see becoming a major issue is cyber-induced environmental pollution. Think about it, you have all these ships in ports, hackers can easily over-ride systems and valves to initiate leaks and dump hazardous materials, ballast water, fuel oil, etc. There is a disconnect between IT and OT security. There is no real segregation between the networks. People can come in on the OT side and penetrate the IT side. We are actually seeing this now. Successful IT network hacks have their origins in initial penetration of the OT system.”

It would seem that to ensure any company or group is as protected as it is possible to be requires a full understanding of both the IT and OT systems it operates and ensuring it has the most effective protocols in place to fend off specific attacks. There is simply no absolute protection against this type of crime, however it is how a cyber-attack is reacted to which can make the difference between a hiccup, and a disaster.

Now that such attacks have penetrated the sectors of the shipping industry that physically deal with the logistics involved there is a real danger to lives. Damaging a company’s accounts computer may hurt, but causing cranes and their cargo handling systems to malfunction, or affecting the steering of a 20,000 TEU container vessel has the potential for untold costs in human and environmental terms, and the penalties should be commensurate to the crimes.