Cyber-Criminals Set Sights on the Maritime Sector

TLP: WHITE

Summary

The NJCCIC assesses with high confidence that the maritime sector, to include ports, vessels, and shipping companies across the globe, will remain an attractive target for a range of cyber-attacks designed to disrupt daily operations, steal sensitive data, instill fear in the community, and hold critical operational data for ransom.

US maritime ports and associated marine transportation systems (MTS) are vital components of the nation’s critical infrastructure, national security, and economy. The US Coast Guard, in combined efforts with the International Maritime Organization, is working to bring more awareness amongst the maritime industry leaders and operators. It is critical to understand the potential impacts of a cyber-attack on the maritime sector, shipping companies, vessels, or associated industrial control systems, such as damaged equipment, exposing the environment and public to harmful pollutants, global economic consequences, and even death or serious injury. The 2018 Maritime Cybersecurity Survey conducted by Jones Walker LLC indicated that 80 percent of large US maritime industry companies surveyed reported that they were targeted by a cyber-attack within the past year. The survey results also revealed a false sense of overall cybersecurity preparedness, with 69 percent of respondents reporting the maritime industry as well prepared in cybersecurity, while only 36 percent believed their own organizations are well prepared. The misperception may stem from the relatively few disruptions within the maritime sector and no loss of life or significant damage to the environment reported. Nevertheless, extensive vulnerabilities do exist within the MTS and numerous ransomware attacks have been reported by shipping companies, with many choosing to pay the ransom to avoid impacts disruption in their operational schedules. A cyber-attack has the potential to inflict substantial disruption to port and vessel operations and, due to the sheer volume of business conducted in ports worldwide, could result in grave monetary losses. With the maritime sector’s massive economic reach and the ever-growing advances in the industry’s technologies, it is expected that profit-motivated threat actors will continue to target maritime ports, shipping companies, and vessels.

• In September 2018, two international maritime ports, Port of Barcelona, Spain and Port of San Diego, CA, suffered cyber-attacks. The Port of San Diego authorities reported a ransomware incident, later revealed to be an infection of the SamSam variant. Impacts were isolated to some of the Port Authority’s administrative functions and did not interrupt port operations or vessel movements. The Port of Barcelona did not immediately disclose the type of incident, but indicated the attack disrupted their internal IT systems, though it did not affect vessel or port operations.
• In July 2018, the Port of Long Beach, CA suffered a ransomware attack which was contained and isolated to the China Ocean Shipping Company (COSCO) port terminal. COSCO, one of the world’s largest shipping companies, indicated the attack did not adversely affect vessel movements or operations.
• In June 2017, US Maritime Alerts and Advisories indicated multiple instances of GPS interference reported by vessels operating in the Black Sea, and again in April and October 2018 in the Mediterranean Sea, specifically near Port Said, Egypt, the Suez Canal, and vicinity of the Republic of Cyprus.
• In June 2017, A. P. Moller Maersk Group, the largest shipping company in the world, suffered a devastating attack as a result of the NotPetya malware. Maersk endured a ten-day halt in operations while it recovered from the attack, which required 4,000 servers, 45,000 PCs, and 2,500 applications be reinstalled. Maersk reportedly lost approximately $300 million in revenue.

Recommendations

The NJCCIC advises maritime sector stakeholders to take proactive steps to increase their organization’s overall cyber risk management and preparedness. Cybersecurity presents major challenges in the maritime sector as there is an overall lack of expertise. Awareness is a vital step in contending with existing vulnerabilities and threats. The following resources can assist the sector in becoming more resilient to cyber-attacks: International Maritime Organization’s Guidelines on Maritime Cyber Risk Management, US DHS Enhanced Cybersecurity Services, the National Institute of Standards and Technology Cybersecurity Framework, and US Coast Guard’s related framework profiles for Bulk Liquid Transfer, Offshore Operations, and Passenger Vessels. The profiles provide common language for traditional maritime security and IT professionals to facilitate organizational awareness and incorporate cyber incident response into existing security plans.  The US Coast Guard Maritime Commons blog and US MARAD Maritime Security portal are recommended for accessing maritime cybersecurity alerts, advisories and initiatives. Maritime industry stakeholders are encouraged to continue bridging the gap in cybersecurity expertise by participating in their local Area Maritime Security Committee events and Cybersecurity Sub-committees.

Traffic Light Protocol: WHITE information may be distributed without restriction.