With offices locked down to cope with the relentless Covid-19 pandemic and employees forced to work on computers at home or in other remote — and sometimes poorly secured — locations, the risks of cyberattacks increased appreciably this year within the vulnerable maritime community.
Information technology (IT) experts say glitches in many remote communication and teleconference technologies, in combination with advancing digitalization and connectivity, are elevating the risks of companies’ networks being inflicted with malicious malware, ransomware and email phishing. The maritime sector has been cited as an especially easy mark for cyber criminals, as it largely has been ill-prepared to head off bad actors, according to Justin Getzinger, sales consultant for Lafayette, La.-based IT managed service provider Global Data Systems (GDS). “Before this pandemic came to the doorstep of the maritime and offshore sectors, a basic survey of maritime companies showed that 70% were unprepared for a cyberattack,” he said in July. “They either lacked a business continuity plan or lacked the resources just to be able to identify when an attack was happening, detect where the attack was happening, and mitigate it in an organized fashion.”
The pandemic has left both the maritime and offshore energy industries more vulnerable than ever, according to global maritime cybersecurity specialist Naval Dome. To that point, the Israeli company said that between February and June the global maritime industry encountered a 400% increase in attempted cyber hacks, as pandemic restrictions broadened the use of technology and working remotely.
A particular Achilles heel can be found in the comparatively infantile operational technology (OT) networks employed within the maritime sector, said Ian Bramson, global head of cybersecurity for the ABS Group of Companies. An OT network is dedicated for operating specific functions, and typically lacks the multiple layers of security to resist connectivity threats designed into the more mature computer IT systems, as a result standard OT networks particularly susceptible to cyberattacks. “Many OT networks are flat, meaning attackers can more easily move within them once there is a breach,” Bramson said. “Also, the systems can be run on obsolete software, or software that has been sunsetted (no more patching or updating), which can make them more vulnerable than their IT counterparts.”
No organization is immune. In September, the U.S. Coast Guard issued a Marine Safety Information Bulletin to announce the growing use of sophisticated spoofing techniques to impersonate the service’s email addresses and communications regarding Area Maritime Security Committee activities.
“All of this serves to emphasize the importance of remaining vigilant and ensuring employees are aware of the ways in which malicious actors are trying to create and exploit vulnerabilities in networks and systems,” Caitlyn Stewart, senior director of regulatory affairs of the American Waterways Operators (AWO), adding that as of November no AWO member companies have reported any specific network disruptions.
Bramson said gathering data on specific attacks is difficult as companies are mostly “unwilling to openly discuss breaches” within their respective networks. He notes, however, that ABS has detected cyber- attackers gravitating away from the more heavily protected IT networks toward the more easily encroached OT systems, where they can physically alter the operation of everything from navigation to onboard cranes.
“Maritime is starting to see more OT cyberactivity,” Bramson said in October. “Visibility into OT networks and reporting are notoriously immature in maritime, but the indications are that attackers are starting to test, learn, and adapt to the environment. The complexity and veracity of the latest iterations of ransom ware are much more advanced than even a few months ago.”
“Attacks on IT focus on exploiting business networks, and often concentrate on stealing or manipulating corporate data,” he continued. “Attacks on OT, however, focus on disrupting or destroying the devices, machines, and networks critical to operations. Often referred to as industrial cyber, OT cyber impacts safety and operational risk. Put another way, attackers aren’t just targeting data, they are trying to directly change how machines and devices physically operate.”
In keeping with the atypical times, the ABS has been working with clients to engineer specialized remote cybersecurity monitoring and managed services aboard a vessel or offshore structure, Dennis Hackney, head of Cyber Solutions Development, said in an August webcast on Maritime TV. The aim, he said, is to identify and possibly prevent a cyber threat from occurring in critical OT networks, including communication and control systems. Hackney’s presentation was the 16th in a two-year maritime cybersecurity series ABS has sponsored in conjunction with the Washington D.C.-based maritime network.
The ABS has joined DNV GL in remotely assessing the cyber fitness of offshore assets. Owing to travel restrictions imposed as Covid-19 began a tenacious sweep across the US, the cross-industry risk management, quality assurance and classification enterprise in March carried out its first remote cyber assessment and penetration tests aboard a Gulf of Mexico asset. During more conventional times, a certified ethical hacker would have been installed aboard the platform or other offshore structure to simulate a cybersecurity breach and evaluate the company's vulnerabilities to a major attack. With travel off the table, the DNV Maritime Advisory and Digital Solutions groups conducted the tests remotely between client personnel and DNV GL offices across three countries.
“Maritime OT is a big target. It has low maturity, high real-world impacts, and offers a digital ocean of possibilities for attackers,” said ABS's Bramson. “Threat actors (cyberattackers) are aware of this and are learning how to take advantage. They are taking lessons learned from adjacent industries and starting to apply them to maritime. They are adapting faster than we are evolving.”