Cyber attacks reach three year high in Maritime Industry

7 min read

With new IMO regulations now in effect, vessel owners must act without delay to ensure cyber resilience in the maritime industry is incorporated in their ISM Safety Management Systems, writes Jamie Jones, Operations Director at GTMaritime.

IMO’s requirement for cyber risk to be addressed in vessel Safety Management Systems entered into force on 1 January. The ruling was originally adopted by IMO in June 2017, so ship owners have had more than three years to prepare for the deadline.

During that period, it is fair to say that attitudes towards cyber resilience in the maritime industry have shifted markedly. While initially greeted with a degree of indifference, a succession of incidents across the maritime supply chain have proved beyond all reasonable doubt that cyber-risk is not a ‘hypothetical’ concern – but one grounded in our daily reality.

This reality is corroborated in BIMCO/Safety At Sea’s most recent cross-sectoral survey on the subject. The results, published in 2020, show security breaches reaching their highest in three years. Just under a third of respondents stated that their organisations faced a cyber incident in the previous 12 months compared to 24% and 22% in 2019 and 2018, respectively. 

The increasing number of stakeholders acknowledging that cyber threats to ships risk business continuity has been sufficient to prompt most ship owners into action in time for entry into force of the IMO2021 regulations.

The IMO guidelines on maritime cyber risk management provide the basis for a safer, more secure and resilient cyberspace for shipping operations. They offer a framework to identify and mitigate current and potential vulnerabilities and advise all ship owners and operators to develop rigorous hardware, software and crew training defences against the influx of cyberattacks targeting ships at sea.

The guidelines also highlight that compliance is not simply a tick box exercise, and instead needs to be proactively managed and continuously monitored as technology and threats become more sophisticated. They emphasise how “risk management is fundamental to safe and secure shipping operations. Risk management has traditionally focused on operations in the physical domain, but greater reliance on digitalisation, integration, automation and network-based systems has created an increasing need for cyber risk management in the shipping industry.” IMO recommends that cyber resilience in the maritime environment management should form part of an organisation’s existing risk management processes and be incorporated into their ISM Safety Management Systems.

BIMCO’s 2020 survey offered little by way of surprise when it came to the most frequent source of cyberattacks. Around two thirds of respondents had experienced phishing, while nearly two in five reported having been prey to its targeted and more dangerous variant, spear phishing. One third of incidents were triggered by malware.

Regardless of industry sector, phishing remains one of the most common forms of cyberattack, owing to the relative ease with which it exploits security gaps and its high levels of success in causing data breaches. Many have learned to recognise and ignore more obvious examples. However, the rise of spear-phishing is troubling. Written in industry lingo from legitimate-sounding sources, such messages are more convincing and less easy to spot – particularly by seafarers juggling multiple tasks in the frantic hours before arriving in port.

Email was one of the first infection pathways for cyber contagions and even today remains a primary point of entry, particularly as ships become more dependent on electronic communication in their day-to-day operations.

Technical solutions are available to stop the vast majority of these attacks in their tracks. GTMailPlus from GTMaritime, for example, can protect vulnerabilities by sifting incoming message traffic using the latest anti-phishing and virus detection technologies to prevent damaging or fraudulent messages ever reaching a vessel’s mail server. Last month the GTMailPlus Advanced Threat Protection feature blocked a staggering 29,406 unknown malware attacks, which equates to one in every 510 emails.

Such solutions are doubly important because ships often have PCs running older operating systems which haven’t had the latest updates applied, where simply displaying a message containing a dangerous payload can be enough to activate certain kinds of malware. The UK’s National Cyber Security Centre highlights the awareness of hackers to these vulnerabilities and how continuing to use out-of-date software dramatically increases the likelihood of a serious cyber incident. The absence of the latest protection can also make breaches harder to detect.

In fact, a single piece of out-of-date or obsolete software can create an entry point. One way to address this is to have processes in place to ensure all software is automatically updated and redundant software removed from systems. In doing so, the attack surface and number of entry points available to hackers can be significantly reduced.

For this scenario, GTMaritime has developed GTDeploy specifically to meet the demands of satellite connectivity. Managed through a dashboard, GTDeploy enables ship owners and operators to update and patch systems easily, to fix and remove bugs, and to add new features automatically across all vessels and computers on-board. Running in the background, it allows companies to prioritise and control updates remotely, protecting systems integrity, minimising risk and ensuring business continuity. 

However, the ability to stay one step ahead of detection and opportunism are two enduring characteristics of the cybercriminal. Soon after the first coronavirus lockdowns came into effect in 2020, a report from the British Ports Association and consultancy Astaara estimated that the number of cyber-attacks in the maritime sector had increased by a factor of four.

Today, we know how malevolent payloads reach inboxes and understand the behavioural cues that are likely to drive users’ reaction to them. If keeping ship system software up to date and reviewing its status regularly is therefore increasingly vital due to the interdependencies of systems within systems, so is crew vigilance.

After all, with more IT hardware and infrastructure on-board, and greater connectivity than ever before, vessels are becoming complex cyber ecosystems that are increasingly within striking distance in real time.