Maritime Cyberthreats: A Growing Risk to Global Trade

The world’s shipping industry is increasingly digitized and becoming more vulnerable to damaging cyberattacks. As evidence, we unveiled a realistic cyberattack conducted in a leading maritime security lab. Researchers revealed how relatively simple attacks, manipulating onboard systems, can lead to a major incident and disrupt the supply chain and global trade.

I recently discussed legitimate maritime cyberattack scenarios, their impact, and the challenges of maritime cybersecurity with Dr. Rory Hopcraft of the Cyber-SHIP Lab at the University of Plymouth and Dryad Global CEO Corey Ranslem, whose organization focuses on addressing cyber risks the maritime industry faces right now.

Watch the webinar, Cyberattack at Sea: Unveiling a Cyberattack Scenario in the Red Sea, or keep reading for an excerpt of our conversation. 

Maritime Cyberattack Disrupts Global Supply Chain

Dr. Rory Hopcraft lectures on cybersecurity at sea and runs the Cyber-SHIP Lab at the University of Plymouth. His lab creates realistic ship network environments to test vulnerabilities.

In one recent scenario he ran, attackers used a phishing email to install malware on a container ship entering the New York harbor. The malware waited for GPS coordinates indicating the ship's location, then flooded command systems to override the bridge and send the engines to full power. Within just 2.5 minutes, the massive vessel drifted off course and ran aground, blocking the critical shipping channel into New York for days. This single-ship incident would disrupt more than $1.6 billion in trade, and the impact would be felt throughout the supply chain.

“In this particular instance, the crew received an email from their onshore support team saying, you need to do a chart update,” says Dr. Hopcraft. “We've tested lots of different attack vectors in the lab — from engineers taking on devices themselves, doing software firmware updates, having ship pilots plug in their own devices to crew e-cigarettes being plugged in on the ship's bridge. Malicious software will get on the ship at some point in time.”

Watch the video below to see Dr. Hopcraft talk through this attack scenario as it plays out:

While no publicly reported attacks have yet matched this scenario’s severity, similar incidents show the risks are growing. The 2017 NotPetya attack hit international shipping giant Maersk. The ransomware attack disrupted part of the company's operations and nearly all of its communications costing it an estimated $300 million.

More recently, yacht management company MarineMax disclosed a cyberattack. And Marine giant Brunswick Corporation announced a material impact of $85 million after a cyberattack disrupted operations for nine days. Threat researchers also uncovered a Chinese threat actor targeting the European cargo shipping industry.

The maritime industry is quickly becoming a target on all fronts as cyber threat actors realize it is a lucrative target. And shipping giants face a heightened risk. Ships are integrating more systems and connecting to shoreside networks, which is expanding their attack surfaces. The lab's research validates that the threats discussed are technically possible given existing vulnerabilities.

A ship’s operational technology lacks security capabilities like strong authentication found in IT systems. Attackers only need to flood networks with legitimate-looking commands. Detection is also difficult, as crews may not notice issues for minutes, during which momentum carries vessels off course.

Threat Intelligence and Maritime Cyberattacks

This growing risk is why my threat research team here at BlackBerry and the team at Dryad Global are trying to share as much as we can with the industry about potential attacks. Dryad Global CEO Corey Ranslem explained the reasoning during our conversation.

“One thing our teams have been very keen on, is looking at the potential of a cyberattack on a particular vessel in a particular port or in a particular region — or maybe because of specific ownership or management. Regardless of whether it's a cruise line, a cargo ship, or a large yacht, we think that the attacks are going to become more directed to the maritime industry in the future.” 
 
And he adds, "One of the reasons that we like our partnership with BlackBerry and Plymouth University is to be able to test these attack scenarios to see what is the potential for this to take place right now. We need to learn what those attack surfaces look like as quickly as possible and help protect the industry.”

Actionable intel is also the goal of the BlackBerry Global Threat Intelligence Report that we publish each quarter. It highlights what our team sees around the world based on the telemetry from our sensors deployed across our customers in all the regions of the world.

Increasing Maritime Cybersecurity Practices  

“I feel that the maritime industry is probably 10 or 15 years behind the rest of the world when it comes to just recognizing the problem of cybersecurity, and recognizing that there is the potential for attacks,” says Ranslem. “Even though if you do a quick search, you’ll read about attacks happening around the world.” 

Adding to this challenge, reliable connectivity can be tough to come by while at sea or in remote parts of the world, and this greatly decreases the efficacy of most cybersecurity tools (but not all). Too many are cloud dependent to work well if offline. An additional hurdle to security at sea, and in ports, is the long lifespan of the systems in use, typically 10-30 years.

Ranslem says regulators in many parts of the world are starting to take notice of these challenges and regulations appear to be on the way in many geographies to establish cybersecurity requirements. 

To bolster maritime defenses, here are some ideas we discussed:

• Implement robust logging solutions to help identify intrusions. 
• Contingency plans must be in place and regularly tested to ensure crews can respond effectively if systems are compromised.
• Strong control of supplier relationships and oversight of onboard infrastructure are critical to maintaining visibility of networks.
• Employ zero trust like strategies including network and data-centric segmentation, continuous access control and security validation.
• Deploy regular software updates in a controlled fashion to mitigate the risk of software supply chain attacks. 
• Conduct employee training.
• Find a source of maritime threat intelligence.
  
• Implement an endpoint protection platform that maintains its level of protection in a disconnected environment.

The Future of Maritime Cyberthreats

What’s next for the future of cyberthreats in the maritime industry? During our conversation, someone asked that very question. Dryad Global’s Ranslem responded, “Would we expect more nation-state threat actors, or non-state actors like pirates, to use cyberattacks on shipping in the coming years? And my answer to that would be...absolutely, yes.” The threats are coming from all sides. “I totally agree,” says Plymouth University’s Dr. Hopcraft. “We've already seen pirates using AI to track high-target, high-value bounty at sea, so cyberattacks will be a natural progression.”

This is just an excerpt of our discussion on this important topic. For more, I invite you to watch Cyberattack at Sea: Unveiling a Cyberattack Scenario in the Red Sea, now available on-demand.

Related Reading

• Threat Group FIN7 Targets the U.S. Automotive Industry
• CylanceENDPOINT Proven as the Most Effective and Efficient EPP, Again
• Webinar: Digital Hijacking at Sea

For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.