Last month, COSCO or China Ocean Shipping Company, which is known as one of the largest maritime cargo players in the market received a nasty surprise, in the form of an email attack that spread ransomware. It temporarily disabled important infrastructure in its U.S network.
In their initial press release, COSCO reported a “network breakdown,” whereas important maritime news sites such as Lloyds Loading List and Joc.com spoke specifically about a ransomware attack. Regardless, COSCO has been praised for the rapid response during the incident by notifying customers. Inevitably, this incident brings back memories of the Maersk security incident, related to a non-petya ransomware strike. Maersk reported losses between $250M-$300M. Luckily, in the case of COSCO the incident wasn't as costly. According to Lloyd’s Loading List, the main difference was that COSCO had stricter boundaries across its global networks, and each region was decentralized.
Even weeks later, issues continue to affect COSCO’s network. Websites went down in the U.K. and email systems shut down in the U.S., Canada, Panama, Uruguay, Chile and Peru. It’s interesting to analyze how the architectural difference in the setup of the network made a great difference. For IT architects, it must heighten your awareness in how to manage large, global corporate networks.
The risk in maritime security
As attacks continue to evolve technically, they also evolve in their strategy. It is important to remember we’re no longer facing pranksters in the Internet, but rather well-organized criminal networks interested in gaining our business with hacking activities. Because of this, in the last eight years we have witnessed a diversification in the scope of cyber-attacks, which of course include maritime cargo and operations.
While it is easy to overlook the cyber risks in the maritime industry, consider this. According to the Maritime Cybersecurity Center:
- 80% of the people live on the coast or near the water
- 90% of trade is by water
- 95% of internet traffic is transmitted under water
If this is not enough to show you what could happen, just bring it to a global trading level: What is the potential impact of a major cargo ship whose systems are disabled and is on the Manchester or Panama Canal? Even further, what’s the global economic and social impact if a full fleet of cargo ships transporting sensitive goods were to be hijacked?
Aside from the operational havoc and its impact in trade, cyber attacks in the maritime industry connect directly to other criminal activities. For example, in 2011, a drug trafficking operation was discovered in the port of Antwerp. It had been going on for two years and enabled by the infiltration of hackers in cargo tracking software. This type of strategy can very well enable other activities such as human trafficking, smuggling and piracy.
We live in a heavily interconnected world, and major technology corporations are effectively advocating for an even tighter interconnection of everything (literally, it’s called the Internet of Things or IoT). But are we prepared to extend the technology surface to every industry? This needs thoughtful consideration, because although technology provides a layer of operational optimization, a larger attack surface could increase vulnerabilities.
Overwatch Managed Security
As the title says, cyber threats are unseen and unpredictable. Regardless of your industry, location, or company-size, hackers are just around the corner, looking for their next opportunity. Find out how Overwatch cyber-analysts can help before your customers become the next target. Email us at: firstname.lastname@example.org or request a free consultation here.