Three years ago a major cyber attack took place. Cyber-criminals attacked IoT devices, while several attacks affected many websites. Amazon, Twitter, Reddit, Spotify and PayPal, were all affected by this attack.
This means two things. Firstly, that the world is vulnerable to cyber-attacks at the moment, and secondly that IoT has entered for good in our lives, and plays a much bigger role than we may have imagined.
Of course, shipping forms a part of this web as well. In fact, IoT sensors are integrated into almost everything in the shipping era, which means they collect everything.
However, what exactly is IoT and how the world can be protected from its potential challenges?
1. What is IoT?
While there are several definitions about IoT, the technology generally refers to 'smart devices'. These are equipped with electronics, software, sensors and network connectivity, in order to be able to be connected to the internet.
2. Where is the problem?
The problem is simple, as anything that is connected to the internet can pose a risk. In fact, the aforementioned attack was largely made possible due to the vast number of internet connected devices that were unsecured.
This gave a window of opportunity to the attackers to affect thousands of them. The way that the attackers worked was not sophisticated, but the number of the attacks was the key. As many of them were launched, the swamped the targeted servers.
The shipping industry is somewhat used this kind of cyber-attacks. Just two years ago, in June 2017, A.P. Moller - Maersk fell victim to a major cyber-attack caused by the NotPetya malware, which also affected many organisations globally. As a result, Maersk’s operations in transport and logistics businesses were disrupted, leading to unwarranted impact.
The attack reportedly created huge problems to the world’s biggest carrier of seaborne freight which transports about 15 per cent of global trade by containers. In particular, Maersk’s container ships stood still at sea and its 76 port terminals around the world ground to a halt. The recovery was fast, but within a brief period the organisation suffered financial losses up to USD300m covering, among other things, loss of revenue, IT restoration costs and extraordinary costs related to operations.
3. How did the attacks take place?
It may sound naive, but changing the default password on electronic devices is crucial. If the password remains the same, then the device that is connected to the internet may be infected.
The fact is that cyber-attackers know many of the default passwords that are attributed to IoT devices and they use them to affect them. Leaving the default password unchanged is common. As a recent ESET research has shown, at least 15% of home routers are unsecured, which is translated to around 105 million routers.
In the Maersk case, all began when an employee in Ukraine responded to an email which featuring the NotPetya Malware. The system affected and therefore operations practically had to be on hold until system’s restoration.
The attack successfully occurred regardless the measures that Maersk had in place for such events. In its Annual Report 2016, the organization had clearly stated the following: “A.P. Moller - Maersk is involved in complex and wide-ranging global services and engaged in increased digitization of its businesses, making it highly dependent on well-functioning IT systems. The risk is managed through close monitoring and enhancements of cyber resilience and focus on business continuity management in the event that IT systems, despite their efforts, are affected”.
4. Are IoT devices actually necessary?
Despite having received critisism for having penetrated to almost every aspect of our lives, IoT devices are certainly helping us. From sensors in smartphones and smartwatches that provide real information about our health, to “blackbox” telematics in cars which tell how safe our driving is, these devices can really improve safety.
In shipping, by leveraging IoT solutions you have the kind of information that help you:
- Understand much more about your organization;
- Deliver new frictionless experiences;
- Understand workflows;
- Have better resource management;
- Obtain operational excellence with the insights gained from the data.
5. Are we talking about a new kind of problem?
Since the launch of internet itself, the risk of exploitation has been there. Of course, the world does not just realize that IoT devices can be affected too, but we did not how vulnerable we are to these attacks, until these serious cases three and two years ago respectively.
Once again, there are things to do, with changing the default password being a must, but we will further analyze ways to be protected from cyber attacks below.
6. How far in the past does the technology goes?
IoT can actually be traced back to the 1980s, but of course not in the way we know it nowadays. Although not that far from today, researchers at Carnegie Mellon University managed to create a Coke vending machine that could connect to the internet in 1982.
7. Are internet companies able to stop such attacks?
Without a doubt internet giants have the ability to put an end to it. However, this does not mean that even these companies are completely safe. In fact, during a Black Hat security conference in 2015, security research students from University of Central Florida showcase how they could impact Google’s Nest thermostat in just 15 seconds.
As one of the team members explained, this computer has a secret backdoor, that persons with malicious intentions could leverage and stay there for as long as they like.
8. What can people do to be protected?
IoT devices are just like any computer, and they should be treated as such. When you buy a device, immediately change the default password, and check from time to time for ways to enhance security. Another important fact to consider is that we should always use the HTTPS interface when possible.
Whenever you are not using the device, it would be wise to turn it off, while if it has other connection protocols that are not being used, they should be disabled.
9. What can companies do to stop this?
Companies can defend against attacks with various ways, such as improving the network infrastructure, and ensuring complete visibility of the traffic entering or exiting their networks.
In general, firms, and this applies to shipping as well, must be cyber resilient. This can be achieved through 5 key steps:
Step 1: Prepare/Identify
Identify actions for when cyber event will occur
Resilience address preparedness as a specific emergency management business function; but more importantly, as being impacted by numerous functions across organization. These may include asset management, human resources, strategic planning, financial management, information technology, and risk management.
Step 2: Protect
Αctions to mitigate damage or make assets an unattractive target
The focus is to maintain assets’ core function and ward off harm. Organizations plan for protection against specific threats or categories of threats. Resilience approaches the issue from a standpoint of taking reasonable protective actions, but having alternative capabilities as needed or ability to withstand disruption.
Step 3: Detect
Focus on activities to rapidly identify an attack and ensure a timely response
This stage is concerned with continuing to monitor network for other attack indicators related to that attack and making sure safeguards in place were effective. A critical downside of an organization spending so much time and effort trying to protect itself from attacks is that entity often fails to prepare for what to do when an attack succeeds.
Step 4: Respond
A response plan clarifies action in case of an incident
Organizations need a response plan that clearly tells people what to do when an incident occurs. An Incident Response Team should be established, with specific roles and responsibilities identified. These roles should be assigned to competent members of organization. A team leader/manager should be appointed and assigned responsibility of declaring an incident, coordinating activities of response team, and communicating status reports to upper management.
Step 5: Recover/Review
Review systems and plans to restore any data affected
Critical to any resilient security strategy is recovery. This stage involves developing and implementing appropriate systems and plans to restore any data and services that may have been impacted during a cyber-attack. No matter the preparation and protection measures an organisation implements, it may not be able to avoid certain types of attacks. Even if the response is quickly to a cyber breach, an attack may have consequences. No matter the outcome, organizations must be able to restore their people, processes, and systems as quickly as possible. An effective recovery depends on a clear and thorough recovery plan.
10. Protection is vital
Currently, there is no agreed best practice protection method. in order to stop an IoT attack from happening.
Implementing a firewall and regulating control of the devices to authorized users is one way, while one could also allow only users with the proper security certificate to control the devices. In case a person does not have the right authentication, they will not be granted access.
Nevertheless, if you are still in doubt and do not trust any of these suggestions, you can always... unplug it.
As far as maritime is concerned, it seems that the industry feels unprepared for dealing with cyber-attacks. That was the main finding of Global Maritime Issues Monitor 2018 report, launched in conjunction with the Forum's Annual Summit in Hong Kong in October 2018. The survey shows that ‘big data’, ‘blockchain technology’ and the ‘Internet of Things’ are expected to have the most significant impact on the sector in the next ten years.
From the top three issues both in impact to seaborne trade and likelihood of occurring over the next ten years, ‘big data’ is seen as having the highest potential impact and likelihood. In perceived impact, ‘blockchain technology’ follows closely in second place, and the ‘Internet of Things’ comes third, with these two issues switching places when it comes to the likelihood of their occurrence.