The COVID-19 crisis has been testing the foundations of our lives, societies and economies posing huge challenges for the future. Organisations across industries are rightly focusing on their employees’ well-being, whilst making sure that their operations continue undisrupted and at the same time, adapting to the new ways of operating. Inevitably, secondary aspects of day-to-day operations such as cyber security may fall by the wayside, potentially increasing the risk of cyber security attacks. Cyber criminals are cognisant of the change in priorities, making the pandemic an attractive opportunity for them to make their way into corporate networks to steal data, money or cause disruption.
How has this affected the shipping industry?
The shipping industry has already suffered from cyber attacks and some recent examples that have been made public include:
- E-mail scams attempting to deliver malware or phishing links to compromise vessels and/or companies. Some of them impersonate the World Health Organisation whilst others use real vessel names and/or COVID-19 to impersonate actual ships and warn of infected crew and vessels through attachments infected with malware.
- Mediterranean Shipping Company (MSC) reportedly experiencing a network outage due to a malware attack affecting their primary website and customer portal, which in turn affected online bookings for a number of days (agencies were still functional). Although the incident was not explicitly attributed to an opportunistic attack due to the pandemic, it happened at a time when several other incidents were affecting the industry.
- The Danish pump maker DESMI being hit by ransomware with the organisation deciding against paying any ransom to make the compromised data available again. To respond to the attack, the organisation shut down some of their systems including e-mail, affecting their operations for a number of days.
So, what should the shipping sector do to maintain the security of their data and infrastructure?
The pandemic came at a time when shipping organisations have been investing to implement IMO’s “Guidelines on maritime cyber risk management”, in order to be better prepared against cyber security threats both on- and off-shore before 2021. Priorities have had to change in response to the COVID-19 outbreak, but the new reality with its extensive use of technology can still be seen as an opportunity for making sure that parts of the guidelines are implemented in an accelerated manner. Three key actions should be prioritised for shipping organisations to mitigate emerging risks due to the pandemic:
- Secure newly implemented remote working practices
Shipping organisations had previously invested in remote working solutions primarily for IT professionals supporting vessels. Therefore, many shipping companies have had to rapidly introduce new remote working tools (e.g. video conferencing, laptops, etc.) that may lack certain security controls or policies resulting either in security gaps or inconsistent application of security protocols. Such solutions will likely be relied upon to a much greater extent as organisations return to business as usual, thus making them more susceptible to cyber attacks due to unpatched or insecurely configured new systems that could affect data confidentiality and integrity. Operations may also be disrupted if these solutions are not resilient to a potential Distributed Denial of Service (DDoS) attack.
Organisations should consider:
- Risk assessing existing and new remote access systems to ensure critical security patches have been applied, secure configurations have been used and the solutions are resilient. Particular attention should be paid to systems used for remotely administering and monitoring IT and OT vessel systems. Where possible, these systems should be segregated from the network used by the crew;
- Configuring remote access solutions, e-mail and identity management systems to log all authentication events especially those on vessels that were typically not logged in the past. Preserve logs and analyse for anomalous activity;
- Reviewing any systems deployed to allow employees to work remotely, and ensure that key security controls are applied (e.g. web filtering, encryption, antimalware protection, data loss prevention, backup solutions and detection and response tooling).
- Ensure the continuity of critical security functions
With the majority of employees having to work remotely, including employees responsible for the security functions, productivity is, to some extent, hindered. This is especially true for the monitoring functions that most shipping organisations have outsourced to a third party. Prior to the pandemic, multiple dashboards were used for continuously monitoring on- and off-shore activities, presented on large screens located in dedicated rooms, allowing close collaboration and escalation. Now, employees are limited to small screens for home-use and collaboration is less immediate.
Considerations in this respect include:
- (Where outsourced) Ensuring that the third party has enabled their business continuity plan and has sufficient capacity and capability to achieve the agreed SLA;
- (Where in-house) Ensuring that monitoring teams have the people, processes and technology necessary to monitor and respond to alerts affecting on-shore and vessel systems. Consider augmenting the teams with additional third-party resources;
- Performing continuous vulnerability scanning to confirm patching processes are functioning and all critical vulnerabilities have been patched or mitigated. Make sure this is consistent for on-shore and vessel infrastructure;
- Updating incident response plans and continuity playbooks to ensure they function during periods when relevant employees are primarily working remotely. Ensure they are not overly dependent on key members of staff.
- Counter opportunistic threats that may be looking to take advantage of the situation
In light of the previously mentioned examples of cyber attacks affecting the shipping industry, organisations should:
- Provide specific guidance to vessel crews to be extra vigilant when it comes to email communications relating to COVID-19 infections on specific vessels;
- Provide specific guidance to finance teams to ensure they do not respond to email solicitations for personal or financial information, or requests to transfer funds, highlighting increased risks of business email compromise attacks;
- Target additional awareness campaigns to both on-shore employees and vessel crews, leveraging phishing campaigns using COVID-19 lures or attempts to exploit different or new ways of working;
- Where not already implemented, consider procuring web filtering technology that allows enforcement of web filtering rules on remote infrastructure including on vessels and laptops at home.
It is evident that the pandemic has brought new challenges for shipping organisations. Uncertainty, unprecedented situations, and rapid IT and organisational changes have shifted the nature of cyber threats, making the need for consistency in both on- and off-shore implemented protective and detective measures a ‘must’. We are yet to see how the industry will adapt to the “next day of normality”, but one thing is certain – the cyber security risk landscape has changed and the industry needs to remain vigilant and respond to the situation accordingly and with speed.
See also PwC’s article “Keeping the lights on with a response strategy plan” on what organisations in the shipping sector should do to ensure their continuity of operations.
About The Author
Sarantos Kefalas, Senior Manager, Cyber Security SME, Assurance,