Head of Israeli maritime security firm Naval Dome says the “maritime sector is being targeted by highly motivated cyber criminals.”
The head of an Israel-based maritime security firm said Thursday that “the maritime sector is being targeted by highly motivated cyber criminals and the shipping industry should be on the highest alert for a cyberattack.”
Itai Sela, the chief executive officer of the security firm Naval Dome, made his comment at the Singapore Maritime Technology Conference 2019.
“Somebody somewhere is targeting the maritime sector,” he said. “The shipping industry should be on red alert.
“The maritime industry is just not prepared,” Sela said. “Shipping is a $4 trillion global industry responsible for transporting 80 percent of the world’s energy, commodities and goods, so any activity that disrupts global trade will have far-reaching consequences.”
Sela is just the latest voice in a growing chorus warning about cyber threats to maritime commerce.
A 2014 report by the insurance brokerage Marsh said the International Maritime Organization identified as early as 2004 that the publication of data generated by automated identification systems (AIS) on the internet and elsewhere “could compromise the safety and security of ships and port facilities.”
Just last month the cyber security company CyberKeel was acquired by the Danish cyber security firm Improsec ApS after several years of collaboration between the two.
CyberKeel said it was was created in 2014, when “the maritime industry mainly did not recognize cyber security as a risk,” and that it was one of the first providers of feedback for the first version of the BIMCO cyber security guidelines in 2016 that were later adopted as IMO guidelines.
Last year Allianz said in the 2018 edition of its Safety and Shipping Review that “the NotPetya cyberattack of June 2017 affected some 2,000 organizations across 65 countries, causing estimated economic losses of $2.5 billion to $3 billion and exposing vulnerabilities in the marine supply chain. The virus led shipping group Maersk to suspend operations as it was forced to reinstall 4,000 servers, 45,000 computers and 2,500 applications, causing congestion at a number of ports worldwide and resulting in business losses in excess of $300 million. The attack also disrupted operations at logistics company FedEx, resulting in $300 million in lost business and cleanup costs.”
The Brookings Institution held a seminar last month on Securing Maritime Commerce at which Coast Guard Vice Admiral Daniel B. Abel said, “Cyber is a great enabler, but cyber is also a great threat” to the maritime industry.
“Shoreside facilities have to have a security plan, vessels have to have a security plan,” he said, and “if something is not going well you’ve got to tell us.
“Just like all other sectors of society, we’ve become digitally dependent — I mean digitally addicted. And all it takes is wondering what’s in that container when you have 12,000 showing up on the vessel and you have significantly bogged down that port,” Abel said.
“As it stands now, we do get reports from shippers and ships that say, ‘I’ve had a cyber breach and I’m inbound to your port.’ We quickly work with that. Our intel center can tell us how many fellow ships from that particular shipping line are due into U.S. ports. We work with the company about what vulnerability is there,” he said.
Jennifer Carpenter, executive vice president of the American Waterways Operators, the major trade association for the tug and barge industry, said at the same Brookings event that “the maritime industry is all about risk management. And cyber is a risk that has to be managed and it has to be managed really no matter what part of the system you are operating in and no matter the size of your company.
“Any company is vulnerable to a cyber incident, whether that is extortion, whether that is a security incident. And so it’s extremely important that all companies be looking at that.”
Naval Dome’s Sela said, “Shipping is now in the crosshair of the cyber criminal or activist. But the maritime industry still believes it is enough to have a Level 1 solution to protect against a Level 4 threat.
“A Level 4 attack is extremely sophisticated and intended to cause the most amount of disruption for either political, social or financial gain. It is the Level 4-type attack criminals are using to penetrate the shipping industry,” Sela said, referring to an incident in which the navigational equipment aboard a fleet of 15 tankers was simultaneously hacked.
The easiest way for hackers to penetrate ship systems is to attack systems at the ship manager or original equipment manufacturer’s head office, said Sela. “All a hacker has to do is infiltrate these systems and wait until some someone sends an infected email to someone onboard ship — the attack is delivered. It spreads. It’s autonomous.
“For a few thousand dollars sophisticated ‘viruses’ can be easily bought on the dark web, so it is quite easy to implement a Level 4 attack now. Level 4 cyber protection results in a system or equipment that even those with enough time, money and motivation will be unable to penetrate. Every shipboard PC-based system has to be protected individually,” Sela said.
Naval Dome said current regulations consider improving interactions between the operator and machine as the optimum way of combating maritime cyber crime.
“However, Naval Dome believes the best solution is based on technology that removes the human element altogether,” the company said. Naval Dome’s website said that its leadership is composed of Israeli ex-navy officers and cyber defense experts.
Speaking in Singapore, Sela suggested that a ship can be used as a very effective weapon to “create chaos and destruction” at the port.
“A ship whose systems are under the control of the cyber criminal could result in pollution, cause collisions or groundings or be used as an incendiary device. The result could be catastrophic if a vessel is not secured to the highest level. Over the last three years we have developed a type-approved Level 4 solution certified to prevent shipboard systems from being hacked.”
He suggested a country like Singapore must have the ability to monitor all the ships that enter its waters in order to verify whether it’s infected or cyber clean.
“I strongly recommend that all port authorities have the ability to control the cyber threat that each and every vessel entering their waters brings with them. This will protect assets and avoid potential disaster,” he said.