In its July issue of Phish and Ships, Be Cyber Aware at Sea comments on lessons learned after major cyber attacks the industry faced from COSCO’s attack to Maersk’s. The cyber attack Norsk Hydro experienced is a clear example that the shipping industry has a long way to go, as it forced the company to shutdown production in several plants and cost them USD 50 million.
When a company with Norsk Hydro’s resources, expertise and systems is vulnerable to attack, then every company is, in every sector.
… Be Cyber Aware at Sea commented.
In the past, prior to the rise of cyber attacks, IT used to be seen as an operational cost, rather than as a strategic business approach. Yet, as digitalization and automation emerge in the shipping industry, the risks and threats linked to the development aren’t manageable.
Beginning from COSCO’s experience in cyber attack, the company faced many challenges in July 24, 2018 as its US operations were seriously affected and its network broke down. All began when an employee in Ukraine responded to an email which featuring the NotPetya Malware. The system affected and therefore operations practically had to be on hold until system’s restoration.
Moreover, Maersk was attacked in June 2017 by the NonPetya Malware, as well, and its operations in transport and logistics businesses were disrupted, leading to unwarranted impact. Although the recovery was fast, the company saw financial losses up to USD 300 million, covering among other things loss of revenue, IT restoration costs and extraordinary costs related to operations.
In addition, Austal, an Australian company constructing vessels for the Australian Royal Navy, was hit by a cyber attack at its data management systems in Perth. The company then, informed that the attackers ‘purported to offer certain materials for sale on the internet and engage in extortion.’
In light of the above attacks, today’s ships are more and more attacked, as more and more shipping companies turn to digitalization and the Internet; Although this provides automation and makes the manage of the vessels easier, it also has many risks as vessels are vulnerable to attacks, both targeted and random ones.
Concluding, Be Cyber Aware at Sea noted that cyber risk has become the new normal for the shipping industry.
According to the Allianz Risk Barometer 2019, cyber risk is amongst the top threats to the global maritime industry.
Whether you call it disruption or revolution, digital is here to stay. The rapid implementation of IT systems and internet communication for ships in every part of the world brings new and exciting opportunities – but also cyber threats.
Therefore, Be Cyber Aware at Sea presents four lessons to be learned, following the three examples above:
- Good IT hygiene is key to fighting cybercrime, but mindset is a big obstacle. There must be a shift in people’s attitude towards IT security. IT is not something that is on the side; it is as important as the main office or the ship itself, if not more. Because if IT collapses, many parts of the business collapses.
- Every shipping manager needs to approach cybersecurity as an integral part of the overall safety management. If disruptive cyber attacks can happen to some of the biggest players globally, it may well happen to you. This means you need to have an effective cybersecurity management plan in place to manage all possible threats. Response and recovery plans should be tested and updated frequently
- There is NO zero cyber risk environment today. You will never mitigate all risk, as new cyber threats and vulnerabilities are constantly emerging. But you can minimise it – by continually assessing risk exposure, understanding the impact, and then working to implement safeguards that will counter risk and help you steer clear of cyber attacks.
- Despite all precautions, vulnerabilities still remain in your systems and networks – attackers are constantly finding new targets and refining the tools they use to break through cyberdefenses.