Light Dark
November 4, 2021 By Mike Elgan 3 min read
Incident Response
Security Services

Ports and ships — the maritime industry — are vital points in the global supply chain for food, medicine, consumer goods, fuel and many other products. Most of the world’s globally traded goods travel by sea. That’s why maritime security is key for supply chain security. Meanwhile, maritime cybersecurity faces threats at multiple places, including ports, communications systems and ships themselves.

Potential cyber attacks on maritime infrastructure are familiar types: phishing, malware, social engineering, brute force, denial of service, ransomware and others. What’s different is the unique placement of the targets.

Ships Rely on Digital Tools

Ships often rely on digital tools to function, many of which are automated. Even ship compasses are digital and depend on a mix of gyroscopes and GPS. All these systems could be at risk for a digital attack. Dependence on GPS puts shipping at risk because attackers can spoof or jam GPS signals.

More than most industries, maritime infrastructure tends to be old and complicated, further hampering marine cybersecurity.

Is There an IT Worker on the Ship?

Another risk factor people don’t talk about enough is the absence of IT people on ships. A ship is like a building packed with computer systems, servers and electronics. Yet, out at sea, the crew is on their own in managing these systems and dealing with breaches.

A digital attack could control or shut down a ship or drive it off-course, causing a crash. Some ships have dangerous cargo, such as explosive fuel, in large quantities.

Ports are also heavily dependent upon complex digital network logistics management systems. Some of these systems track every container on every ship. In the past, attackers have been able to delay, erase the knowledge of, redirect and steal actual cargo. They could abuse access to data on the location of cargo in a ransomware attack, or lock records.

The most likely risk is that digital attacks, through any number of possible attack types, delay shipping. That costs millions or billions of dollars to shipping companies, ports or shipping customers.

Maritime Cybersecurity Attacks Increasing

Attacks targeting maritime information systems are on the rise. In the first few months of the pandemic, attempted cyber attacks rose by 400%. We can expect this trend to continue, with rising attacks on ships and ports.

Attackers targeted the Port of Houston this year in a suspected nation-state attack, an event that raised the urgency level of maritime security infrastructure. The port is 25 miles long and handles a quarter of a billion tons of cargo every year.

The attack involved a password management program that contained a formerly unknown vulnerability. The attackers exploited that to install malicious code that granted access to the networks, which they used to exfiltrate log-in credentials needed to control network access. Luckily, “no operational data or systems were impacted,” according to a statement issued by Port authorities.

How To Handle Maritime Cybersecurity Risks

The need to address maritime cybersecurity is urgent. Here are some general approaches for how to address it:

  • Pinpoint specific possible threats. Understand what cyber criminals and nation-state actors might want from an attack. Pay special attention to the risk of ransomware. Consider attacks that could shut down the flow of goods, take ports offline and bring ships off course. Run red-team exercises and hire ethical hackers to help find likely attack points and methods.
  • Identify digital vulnerabilities. Inventory all systems and figure out what are unpatched, unpatchable, legacy or problematic in any way from a cybersecurity perspective. Think through the implications of existing physical security, and figure out how unauthorized people could gain access to digital systems. Consider how rogue or disgruntled employees could threaten security.
  • Initiate a maritime cybersecurity action plan. Address all vulnerabilities correctly, by patching or replacing problematic systems. Work with managers, leaders and stakeholders to develop these plans, then brief all concerned on how to use the plans in the event of an attack.
  • Install smart detection tools. For example, network detection and response tools use artificial intelligence (AI) to find odd and potentially malicious behavior on maritime networks. Have your software working 24/7 to watch for possible emerging attacks.
  • Launch new crew and employee cybersecurity training programs. Focus on phishing attacks, physical security and social engineering.
  • Establish contingency or continuity plans. For each possible attack scenario, develop a detailed plan for running your business through it, and also what the recovery processes are.

A threat to maritime information systems is a threat to global trade. Therefore, supply chain cybersecurity is one of the world’s most urgent business priorities.

 |  |  |  |  |  |  |  | 
Mike Elgan

More from Incident Response
October 6, 2023

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

September 27, 2023

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that…

August 31, 2023

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature