Welcome
Summary
Course
Exam
Certificate
Library
News
Verify
Support
My Account

Profiled Partners

  • Navarino
    The Maritime Industry's Most Advanced Communications & Connectivity Company
  • CSO Alliance
    The World's First Global Members Alliance of Maritime Company Security Officers (CSO)
  • Be Cyber Aware At Sea
    A Global Maritime & Offshore Initiative.
  • Be Cyber Aware at Sea
    Start the Course now!
 

 
 

US Coastguard warns of hacking

Maritime Executive, June 2019 
June 18th 2019
Maritime Executive, June 2019
We all know hacking is a threat, but sometimes we need to hear it from an authority we trust to heed the call - this month the U.S. Coast Guard made public their concerns about hackers - we should pay attention. Read the article online here.  

The U.S. Coast Guard warns that unidentified hackers have recently attempted to gain access to ship electronic systems in order to steal sensitive business information and disrupt shipboard computer systems. 

According to the Coast Guard, cyber adversaries are attempting to gain sensitive information from shipboard systems, including the contents of an official Notice of Arrival, using email addresses that pose as an official Port State Control authority (for example, port @ pscgov.org). These so-called "phishing" attacks have been documented before in the maritime sector, especially in business-to-business transactions between shoreside stakeholders. The Coast Guards urges vessel operators to verify the validity of the email sender prior to responding to unsolicited email messages. If there is uncertainty regarding the legitimacy of the email request, the vessel or its representatives should try contacting the PSC authority directly by using verified contact information.

Additionally, the Coast Guard has received reports of malicious software designed to disrupt shipboard computer systems. The USCG is aware of these incidents because vessel masters have reported suspicious activity to the Coast Guard National Response Center (NRC), thereby enabling federal agencies to understand and address cyber threats in the maritime sector. By federal regulation, American vessels must report cyberattacks and suspicious activity to the NRC.

Phishing attacks are a longstanding problem in the maritime sector: cyber criminals send legitimate-looking correspondence to solicit payments, defrauding the ship operator or other stakeholder by getting them to wire money to the wrong account. In 2014, marine insurer Skuld drew attention to a case in which a scammer pretended to be the Suez Canal Authority and emailed vessels to ask for detailed and confidential information. The scammer would then ask for the settlement of fake invoices, defrauding the vessel operator. 

Skuld warned that the risks from this form of cyberattack could extend well beyond monetary losses. If a malicious actor obtained sensitive information about a vessel's itinerary, schedule and operations, it could compromise the vessel's security and make it more vulnerable to a physical attack like armed robbery or hijacking.