At the Maritime Cyber Risk Management virtual conference, cyber security experts from AP Moller-Maersk, Inmarsat and the Danish Maritime Authority discussed the maritime cyber security outlook for 2021 and the likelihood the shipping industry will again be caught up in a state-sponsored cyber attack
Some of the advice and best practice measures discussed came directly from successful cyber attacks over the years, in particular when Notpetya ransomware struck AP Moller-Maersk’s IT infrastructure in June 2017.
Maersk Group estimated the attack cost between US$200M to US$300M in loss of revenue and recovery costs.
AP Moller-Maersk chief information security officer and cyber security team co-ordinator Andy Powell said, to mitigate risks, shipping companies should “take a risk-based approach and a smart view” to focus attention on protecting core assets. He also advised shipping companies to ensure they know how to recover their business after an attack.
“Understand the risks and threats, and that you cannot fix everything,” he said. “You need to do top-down risk assessments and invest appropriately in security,” he told shipping company attendees.
Mr Powell also encouraged shipping companies to at least implement some level of cyber security. “Around 80% of problems can be fixed by good cyber hygiene, good malware and end-point protection. Pound-for-pound it will be worth it.”
With shipping companies and organisations increasingly the victims of criminal-backed cyber attacks over the last few years, recent victims include IMO’s headquarters in London, the world’s second, third and fourth-largest container lines – Mediterranean Shipping Company (MSC), Cosco, CMA CGM and the world’s largest cruise shipping group Carnival Corporation.
Shipowners can mitigate damage and limit the extent of a cyber attack through preparedness and drills similar in nature to those used to prepare for engineroom fires, said Danish Maritime Authority special adviser and naval architect Erik Tvedt.
Mr Tvedt said shipowners need to detect cyber incidents early, work fast to limit the damage, contain malware and improve firewalls “to better combat an attack” and reduce costs.
He advised shipping companies to consider a cyber attack as similar to an onboard fire in terms of preparation, response and recovery. “The better the preparation, the better the chances of a successful outcome,” said Mr Tvedt.
He identified the main culprits for cyber attacks as the criminals and civil servants in state-sponsored attacks. But also culprits within shipping companies, noting that ensuring software on shipboard operational technology (OT) systems is up to date reduces the risk of a successful cyber breach.
“Bad software and wrong operation of digital systems are the main problems,” he said. “Do not forget the software – most problems on ships and desktops is because of bad software.”
The maritime industry is facing a rise in cyber threats and incidents due to greater levels of digitalisation in the sector, and is implementing IMO’s cyber risk management recommendations within ship safety management systems.
Cyber attacks on OT systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end, according to Inmarsat director for retail maritime Laurie Eve.
He, too, highlighted the importance of training crew and shore staff in cyber risk management to prevent successful attacks. “Do not overlook the importance of crew,” he said. “People are weak links that attackers can exploit through phishing.”
Mr Eve said shipping companies can prevent infections on board ships through better cyber security training for seafarers and shore-based managers.
“Prevention is better than a cure,” Mr Eve said.
He also recommended shipping companies invest in end-point security on vessels to harden their cyber resilience and have one person on board dedicated to improving cyber risk management and security.