The Coast Guard released a marine safety information bulletin yesterday to inform the maritime industry of recent email phishing and malware intrusion attempts that targeted commercial vessels. Cyber adversaries are attempting to gain sensitive information including the content of an official Notice of Arrival (NOA) using email addresses that pose as an official Port State Control (PSC) authority such as: firstname.lastname@example.org. The Coast Guard has also received reports of malicious software designed to disrupt shipboard computer systems. Vessel masters have diligently reported suspicious activity to the Coast Guard National Response Center (NRC), which enables the Coast Guard and other federal agencies to counter cyberthreats across the global maritime network. As a reminder, suspicious activity and breaches of security must be reported to the NRC at (800) 424- 8802.
The United States joined by its counterparts in the UK, Australia, Canada, and New Zealand, warned on Wednesday of “stealthy and targeted malicious activity,” focused on a broad range of computer networks including the maritime and transportation industries coming from a state-sponsored actor based in China. Microsoft said that it had detected the activity saying they believe it could disrupt critical communications infrastructure between the United States and the Asia region in the future. News of this cybersecurity incident comes as the number of attacks from various sources increases on the maritime sector. The U.S. Coast Guard issued a separate alert yesterday warning of ongoing email phishing and malware intrusion attempts that targeted commercial vessels. It reported that cyber adversaries are attempting to gain sensitive information including the content of an official Notice of Arrival (NOA) using email addresses that pose as an official Port State Control authority. The Coast Guard has also received reports of malicious software designed to disrupt shipboard computer systems.
In 2011, the International Maritime Organization (IMO) established rules for new-build vessels to reduce the amount of CO2 generated from shipping called the Energy Efficiency Design Index (EEDI). In 2023, new IMO regulations created the Energy Efficiency Existing Ship Index (EEXI) to assess the efficiency of existing vessels. In addition to the IMO regulations, in 2021 the European Commission (EC) adopted a set of proposals called Fit for 55 with the aim of reducing net greenhouse gas emissions by at least 55 percent by the year 2030. IMO 2023 and Fit for 55 are aimed at reducing greenhouse gas emissions from the shipping industry through increasing the efficiency of vessels. While these regulations are essential for environmental sustainability, they will also have significant impacts on Operational Technology (OT) cybersecurity in the maritime industry. Operational Technology (OT) systems are used to control and monitor the operation of a vessel, they can include bridge and engine room systems like radars, Electronic Chart Display and Information Systems (ECDIS), Automatic Identification Systems (AIS), engine monitoring, and cargo monitoring. These systems are critical to the safe operation of vessels and need to be highly secure to prevent cyber-attacks. However, OT networks face unique cybersecurity challenges that make them more vulnerable to attacks.
The advances in navigation systems, communication networks and automated cargo management systems have truly been immense. On the white-collar side of the industry, from compliance and fleet optimisation to marine underwriting, digitalisation has been a game changer. Unfortunately, the new avenues open to sophisticated cyber criminals targeting shipping seem every bit as extensive as the potential for those trying to turn an honest buck. To make matters worse, governments — including unsavoury regimes with a direct self-interest in making sanctions implementation as difficult as they can — have joined the ranks of the wrong ’uns. Threats that simply did not exist 10 years ago now pose huge risks to the safety and security of maritime operations. These include ransomware and distributed denial of service attacks, cross-site scripting, malware, data breaches and common or garden phishing. Among the unpleasant consequences are navigation failures, loss of cargo, collisions, cargo theft, total losses and large fines where in the event of proven laxity. And all of this is before we get to reputational damage.
A study reveals the existence of groups of attackers specialized in the maritime sector and which are "led" by states. The entire maritime ecosystem is targeted. Submarine cables, telecommunications, satellite navigation... The maritime sector is not a long quiet river. It has become a preferred sector by attackers and states. The first Panorama of the maritime cyber threat, produced by France Cyber Maritime and OWN, a French expert in cyber threat intelligence, reports on the cyber threats to this sector. The attackers don't look like the exuberant Jack Sparrow, the captain of the Black Pearl from the Pirates of the Caribbean saga. In a context of heightened geopolitical crises, this unprecedented 70-page report notes that this category of cyber threats continues to grow. Nearly 90 notable and public cybersecurity incidents were detected in 2022 in the maritime and port sector globally. An increase of 21% compared to 2021, and 235% compared to 2020. Europe is currently the most impacted continent.
The maritime community continues to see a rise in cybersecurity incidents. For instance, earlier this year, DNV, a Norwegian shipping classification society, suffered a ransomware attack through its ShipManager software, forcing the organization to shut down its servers. The attack affected approximately 70 customers operating around 1,000 vessels (close to 15 percent of the total fleet using DNV’s service). The interconnected and fragile ecosystem of numerous stakeholders depending on uninterrupted logistics networks makes this industry especially attractive to cyber-attacks and ransomware attempts. Ransomware is defined as a type of malicious software designed to block access to an entity’s systems and/or networks until the entity pays a sum of money. Cybercriminals monetize their operations by extorting their victims and can further sell extracted data on the dark web. As shipping becomes increasingly digitized and dependent on internet, network and satellite transmissions, bad actors are finding new forms to infiltrate systems ashore and afloat. Common forms of maritime ransomware attacks can include phishing emails, direct hacking into vulnerable systems and networks, malicious advertisements, or compromised websites, whereby ransomware can infect a computer by clicking an advertisement or downloading a file, among other means. Ransomware can infiltrate not only local computers but entire networks, and, in some cases, interconnected systems with third-party suppliers have been compromised.