web statisticswebsite tracking software
bradskelton.com theshippingbloke.com

Friday 2 October 2020

Shipping Industry Cyber Attacks

The Big Four shipping lines and high profile logistics companies have been hit hard, left, right and centre by the "cyber pirates" and now the IMO has been added to the hit list. 


The Maritime, Supply Chain, and Logistics Industry is proven to be no more or less vulnerable than other industries. Where do we go from here? 

In the space of 3 days the Maritime Industry was shaken up by the news of various cyber attacks. CMA CGM has been hit by a ransomware attack, which forced the French shipping giant to concede data was breached and compromised due to the ongoing IT fallout. And just this morning, the International Maritime Organisation (IMO), a branch of the United Nations, admitted it had also suffered a cyber-attack when its website went down yesterday. 

Ironically, IMO was in the middle of preparing their new cybersecurity guidelines "IMO Cybersecurity 2021" which requires shipping lines and ship owners to develop comprehensive cyber risk management programs focusing on five major areas or concern: identifying risk, detecting risk, protecting assets, responding to risk and recovering from attacks.

Was it a random attack or a targeted message directed to the maritime industry?

All of the Big Four maritime shipping companies now have suffered cyber attacks one after the other, starting from APM-Maersk was hit by the NotPetya ransomware in 2017, COSCO was taken down in July 2018, MSC was stung by malware at the start of this year, and now CMA CGM. We are also still hearing continuous ongoing analysis and evaluations of the impact of the ransomware-attack that hit Toll Group earlier this year. 


CMA CGM is not the only carrier to have suffered data breaches. These are quite disturbing as these ships carry all manner of goods and some controlled goods requiring high security. The shipping lines must adopt the highest possible security urgently.

Locally in Australia shippers have not been able to take delivery of containers as the clearance process requires freight forwarders and customs brokers to transact via some shipping lines websites. ANL is part of CMA CGM so they have been impacted and storage charges on the waterfront are adding up.

While all these incidents unrelated, the target is clear: the maritime shipping and supply chain industry.

According to the World Shipping Council, liner shipping terminals trade more than $4 trillion worth of goods destined to the U.S. alone and terminals are increasingly dependent of digital systems. Even a small cyber-attack can disastrously damage the world's economy.

It clearly shows that most businesses are concerned about cyberattacks, yet fewer than half have plans in place to prevent or respond to an attack. Crisis management plan to respond to the risk and strategies to recover from attacks are still being overlooked and even dismissed. 

This is not the first attack, nor the last. It is only going to get a lot worse.

In Australia alone, a cyber crime is reported, on average, every ten minutes. While ship-based attacks make the major headlines, it is the Industry's shore-based system that must now be the main focus and priority.

The cyber pirates are now targeting the shore-based systems that sit in the offices, business offices, and data centres. Cyber-based organised pirates that are targeting ship manifests and routes, container ID details and data that can lead to serious implications such as ship-based attacks that involve boarding and taking over the ships to steal high valuable cargo stored in the containers.

Internet-accessible systems need to be vigilantly and routinely maintained by keeping them updated and locked down as much as functionally possible to help reduce the threat surface and risks. 

While hiring IT professionals with maritime expertise and experience protecting ships manifests and IPs is imperative, but the maritime industry should develop their "Plan B's", corporate crisis management protocol to respond and counter the attack and strategies to recover from the attack. Let us face it, preventions may not be an effective strategy, but automated detection and response is the key.

All for now,

Brad Skelton