My Account

Profiled Partners

  • Be Cyber Aware at Sea
    Start the Course now!
  • Be Cyber Aware At Sea
    A Global Maritime & Offshore Initiative.
  • CSO Alliance
    The World's First Global Members Alliance of Maritime Company Security Officers (CSO)
  • Navarino
    The Maritime Industry's Most Advanced Communications & Connectivity Company


Key takeaways from 3 recent cyber attacks in shipping

Dualog.com, June 2019 
June 10th 2019
Dualog.com, June 2019
Its more important than ever to learn from previous mistakes and to draw lessons from every incident - this great piece from  Walter Hannemann on Dualog.com picks apart a few key cyber attacks for your benefit. Read it online here.

The ransomware attack on Norwegian industry giant Norsk Hydro in March this year, which forced the company to halt production in several plants and ended up costing them around USD 50 million, was yet another wake up call for the maritime industry.

When a company with Norsk Hydro’s resources, expertise and systems is vulnerable to attack, then every company is, in every sector.

From digital infancy to a harsh new risk reality
For the maritime industry, there has been a steep climb on the digital maturity ladder, from the digital infant phase to the digital puberty phase. As key maritime players began adopting digital practices and technologies, IT was seen as an operational cost rather than as a strategic business approach.

However, as ships increasingly started using systems that rely on digitalisation, integration and automation, the associated risks and threats were not adequately factored in. Simply put, the industry wasn’t digitally mature enough yet to safely navigate the rough waters of digitalisation.

Today, more and more ships, systems and networks are connected to the Internet, making them accessible from practically anywhere on Earth. At the same time, this makes ships much more vulnerable to cyber attacks, both targeted and random ones.

Increasing digital reliance has unlocked huge efficiencies and operational benefits, but it has also opened a Pandora’s box of cyber threats – a risk reality that shipping needs to understand and navigate.


Cybercrime is no hype
Cyber risk has fast become the new normal for the maritime sector. According to the Allianz Risk Barometer 2018, cybercrime is considered one of the top five threats to the global maritime industry.

The past two years have seen a growing number of high-profile cyber attacks, making it clear that cyber attacks represent a real problem to be immediately and seriously addressed – and not just hype from vendors trying to sell cybersecurity products.

What lessons can be learned from recent cyber attacks in shipping? First, here’s a brief recap of three recent cases – the incidents involving Maersk, COSCO and Austal.

In June 2017, shipping giant Maersk was hit by a devastating cyber attack caused by the NotPetya malware, originating in Ukraine. Maersk was not targeted specifically, but was “collateral damage”. The attack resulted in significant disruptions to Maersk’s operations and terminals worldwide, costing them up to USD 300 million.

In July 2018, COSCO Shipping Lines fell victim to a cyber attack that disrupted the company’s internet connection within its offices in the Americas region. After a 5-day sprint to activate contingency plans, COSCO’s operations were back to normal. Apparently, Cosco was aware of what happened to Maersk and had taken proactive steps to minimize their risk.

In October 2018, Australia-based ferry and defense shipbuilder Austal was hit by a cyber attack that breached the company’s data management systems. The attackers, believed to be Iranian hackers, managed to steal internal data and offered some of it for sale on the dark web in an apparent extortion attempt.

Lessons learned
Whether you call it disruption or revolution, digital is here to stay. The rapid implementation of IT systems and internet communication for ships in every part of the world brings new and exciting opportunities – but also cyber threats.

As the Maersk, COSCO, Austal and other incidents clearly demonstrate, cybercrime is a growing threat to shipping companies. Unauthorised access or malicious attacks to ships’ systems and networks may have severe repercussions. As a consequence, maintaining the operational safety of these systems is number one priority.

In fact, as modern ships are becoming ever more automated and increasingly dependent on software-based control systems, cybersecurity management becomes as business-critical as maintaining hull and machinery safety.

You would never leave port with a malfunctioning generator, the operational risk being obvious. Likewise, malfunctioning or inoperative OT systems, for instance an ECDIS infected with a virus, may result in a complete system failure potentially compromising safety of navigation, and thus personnel safety.

These are 4 key takeaways from recent cyber attacks in shipping
1. Good IT hygiene is key to fighting cybercrime, but mindset is a big obstacle. There must be a shift in people’s attitude towards IT security. IT is not something that is on the side; it is as important as the main office or the ship itself, if not more. Because if IT collapses, many parts of the business collapses.

2. Every shipping manager needs to approach cybersecurity as an integral part of the overall safety management. If disruptive cyber attacks can happen to some of the biggest players globally, it may well happen to you. This means you need to have an effective cybersecurity management plan in place to manage all possible threats. Response and recovery plans should be tested and updated frequently.

3. There is NO zero cyber risk environment today. You will never mitigate all risk, as new cyber threats and vulnerabilities are constantly emerging. But you can minimise it – by continually assessing risk exposure, understanding the impact, and then working to implement safeguards that will counter risk and help you steer clear of cyber attacks.

4. Despite all precautions, vulnerabilities still remain in your systems and networks – attackers are constantly finding new targets and refining the tools they use to break through cyberdefenses. So perhaps the most important takeaway from cyber attacks in the maritime sector is this:

Establish appropriate contingency plans for cyber incidents, including the loss of critical systems and the need to use alternative modes of operation. In the event of the worst happening, you can still operate.

Bimco’s Guidelines on Cyber Security onboard Ships recommends that contingency plans and related information should be available in a non-electronic form, as some types of cyber incidents can include the deletion of data and shutdown of communication links. Both Maersk and Norsk Hydro had to revert to manual systems and solutions while reinstalling.

 Don’t be naive!
Fighting cybercrime and building resilience is a never-ending battle. As Maersk chairman Jim Hagemann Snabe observes in the wake of the NotPetya attack:

“It is time to stop being naive when it comes to cybersecurity. Even size doesn’t help you. It’s very important that you’re not just reactive, but proactive.”