Bracing for the rising tide of cyber threats against the maritime industry
Accelerated digitalisation in the shipping industry is opening it to a sharp rise in cyber threats, Teo Xiang Zheng, Head of Consulting, Ensign InfoSecurity, examines the situation and the defensive actions companies can take.
The infamous grounding of cargo ship Ever Given at the Suez Canal last year caused disruption to as much as S$10 billion worth of global trade per day due to the congestion of the critical trade route. It is a reminder of the importance of maritime transport in the flow of goods and services that underpin the interconnected global economy.
Maritime transport helps facilitate worldwide trade, where an estimated 90% of traded goods are transported by sea and is depended on by many different industries. Being the backbone of global trade and supply chain, any disruption can lead to grave consequences – daily necessities may not reach store shelves and connected industries could suffer significant losses from an unpredictable supply chain and the inability to produce essential goods.
The maritime industry has been under immense pressure from the Covid-19 pandemic and the Russia-Ukraine conflict. The other element straining the system is the ever-escalating wave of cyber threats globally. They include threat actors collaborating to carry out malicious attacks, structural challenges such as a high volume of vulnerabilities affecting operational technology (OT) and firmware, weakness in patching management, and the lack of OT cybersecurity talent and matured practices for cyber defence.
According to the Ensign Cyber Threat Landscape 2022 report, the maritime sector is one of the top targeted sectors in Singapore when it comes to Ransomware cyber-attacks. Whether it is the critical infrastructure, or the shipbuilding and logistics subsectors, Singapore’s maritime industry is facing increasing interest from cyber adversaries due to its critical role as a maritime hub port.
For example, the Death Kitty ransomware disrupted TransNet’s container and trucking operations in July 2021. Other impacts detected by Ensign throughout 2021 include the theft of data that could be sold by threat actors, as well as serious disruptions to companies involved in logistics and supply chains.
The rising tide of cyber threats against the maritime sector
The maritime industry has gone through accelerated digitalisation, making technology vital to the operation and management of the safety and security of ships, port operations and logistics. Gone are the days when OT and IT systems could function separately in silos. The need for greater connectivity between technologies such as IT, OT and IoT as well as vendors have propelled the maritime industry to new heights of fleet efficiency, route optimisation, and profit margins.
However, the increased interconnectivity has also heightened cyber threat exposures and corresponding risks for organisations. The ramifications of a cyber-attack can be wide-ranging. Ship collisions, for example, could occur because of e-navigation and other systems being hacked, resulting in physical loss or damage to ships, bodily injury to personnel, cargo loss, pollution, and business interruption. It is also possible that the port’s operations may be disrupted, resulting in significant losses due to business disruption for the port and other dependent businesses operations.
In addition to losses sustained because of physical asset damage or destruction, significant expenditures may be incurred when responding to an adverse cyber incident. If the personal data of employees or customers are compromised, for example, large legal expenditures may be required to respond to the breach, pay the penalties, notify the data protection regulator and data subjects, as well as to defend potential legal proceedings.
Shoring up the maritime cyber defence
While it is impossible to keep out all cyber-attacks, maritime organisations should strengthen their defences to manage the growing threats they now face.
Here are six cyber defensive actions maritime organisations can take to strengthen their cyber defences:
- Maritime organisations should leverage the cybersecurity community for cyber threat information and foster greater intelligence sharing to build early warning systems and protocols.
- They should bolster their cybersecurity hygiene. This includes establishing security baselines and implementing system and application architectures for rapid patching and virtual patching to reduce mean time to mitigation.
- To defend against new or unknown threats, organisations should establish continuous monitoring across the ecosystem through reviews, cyber monitoring, threat hunting, behavioural analytics, and horizon scanning.
- Maritime companies can mitigate the impact of disruptive cyber-attacks, such as Ransomware, by reviewing and revising incident and crisis management plans and playbooks. They can also run exercises to validate the organisation’s confidence in business recovery.
- To manage cyber risk exposure from their vendor and partner ecosystem, maritime organisations need to mandate incident reporting from vendors. This includes allowing access to audit cybersecurity controls, and monitoring vendors for dynamic cyber risk context.
- Lastly, cyber security awareness and training is important. Maritime organisations should invest in upgrading their cybersecurity teams’ skills and prioritise engineers and technicians to learn about cybersecurity and defensive actions.
Cybersecurity is an ongoing operation, and organisations need to maintain cyber hygiene and vigilance regardless of the increasing intensity of conflict, incidents, or crisis. With Singapore being a key international transportation and logistics hub, maritime organisations’ efforts in protecting their operations from cyber threats will go a long way to reducing the risk of disruption to a global supply chain that is already under considerable stress.