Cybersecurity in the maritime industry, are our ports secure?

Maritime industry heavily depends on technology, a cyber attack against its infrastructure and systems could have dramatic consequences on our society.

In a recent post, I talked about attacks targeting SCADA systems will increase, and our ports are among critical infrastructure that makes large use of such systems.

Let’s consider that “almost 90% of the world’s goods are shipped on boats”, and I am sure that not everyone realizes that. These boats bring us our clothes, our electronics, food, etc., etc.

Ports have a crucial role and related activities in our society.

A newsletter provided by the maritime cybersecurity consulting firm CyberKeel includes some scaring statists, 37% of maritime companies using windows web servers that aren’t patched, leaving one-third vulnerable to denial of service attacks and unauthorized remote access.

Do you remember Heartbleed, the announced in 2014? This vulnerability considered by many as “the worst vulnerability ever discovered”, counting that maritime company don’t patch their systems like they should do remaining them vulnerable to several attacks, including the popular Heartbleed that could expose customer data, the goods physical location and much more.

Even if one of the companies in the maritime industry falls victim of a cyber attack, unfortunately, there is no interest in disclosing them since it will generate bad publicity.

“The potential consequences of even a minimal disruption of the flow of goods in U.S. ports would be high. … [S]helves at grocery stores and gas tanks at service stations would run empty.” was reported in report titled “maritime cybersecurity from Brookings explained” published in a 2013.

CyberKeel co-founder Lars Jensen explained that “The thing that started to scare us a little bit was that some of things … where we said, ‘This is clearly Hollywood-scenario stuff’ had already happened.”

But the public didn’t know about these incidents… but there is more, in 2014 a U.S port ( it wasn’t disclosed which) had a seven-hour disruption in their GPS signal, affecting their operations.

GPS is used in port cranes to define the crane’s position and to know to where the containers should move, without the GPS for seven hours, works were crippled. But the scariest part is that the GPS is used in navigation, so if someone is jamming the GPS signals, making the boat lost, they can perhaps ask for a ransom to unblock the GPS signals.

Another worrying incident occurred in 2012 when a malware was deployed in about three-quarters of Saudi Aramco’s files “across tens of thousands of PCs”.

The attacked showed an American flag in the infects machine’s screen. The company was able to mitigate the attack but since we are talking about an Oil company, this means that if the impact was bigger, it would affect the maritime shipping, affecting hugely the company.

“The threat is very real,”, “These intrusions and attacks are taking place every minute and every second of every day.” said Rear Adm. Marshall Lytle, the assistant commandant responsible for U.S. Coast Guard Cyber Command.

Vice Adm. Charles Michel, talked about some of the Coast Guard’s plans for cybersecurity:

“Probably the most important part of the Coast Guard’s Cyber Strategy is in its key organizing principle: The strategy is all about embracing a policy framework that will allow our enterprise to begin to tackle these challenges.”

Cyber-security must be a pillar of every sector in today society, we must consider seriously warning like the ones provided in these post to avoid major problems in the future.

About the Authors

Pierluigi Paganini

(Security Affairs – maritime industry, cyber security)