Cyber-attacks on maritime installations soar during pandemic
Operators of ships, oil rigs and seaports are facing a huge rise in cyber-attacks during the coronavirus pandemic, as employees working from home expose installations to outside penetration, computer security experts say.
While cyber-attacks in all sectors have increased during the pandemic — a June survey by cybersecurity company McAfee indicated that remote attacks on cloud services have risen 630 per cent, while the US Federal Bureau of Investigation said it had received as many cyber-attack reports by the second week of June as it had in all of 2019 — the shipping and logistics businesses are especially vulnerable.
Most vessels lack any inbuilt encryption or authentication codes for the critical systems used for navigation. “Shipping could be seen as a soft target,” a recent industry survey by Marsh & McLennan noted.
A July report issued by Allianz Global Corporate & Specialty, an insurer, said there had been 400 per cent increase in attempted cyber-attacks on the maritime sector since the coronavirus outbreak.
“Consequences of coronavirus and a sustained economic downturn could threaten long-term safety improvement and trigger an uptick in losses from cost-cutting measures, fatigued crew, idle vessels and weakened emergency response,” said Baptiste Ossena, Allianz’s head of hull insurance.
Robert Rizika, head of North America operations at Naval Dome, a marine cybersecurity consultancy, said the global maritime industry expected more than 500 “major cybersecurity breaches” to be reported this year, compared with 310 last year and 120 in 2018.
“The fact that people can’t travel and are not getting together physically, has forced them to connect … remotely, opening more of these systems to cyber attack [and] attacks are on the rise,” he said.
Mr Rizika said quarantine requirements for technicians — 14 days before boarding a ship or oil rig and potentially another 14 days when returning — was “too long to address problems with critical infrastructure”. Accommodation charges meant a visit from a technician now costs 14-28 times the pre-pandemic price.
“In addition, personnel working from home use their own PCs and own home networks that are not properly protected, causing vulnerabilities,” he said. “Often other family members, with no cyber knowledge use the same computer and network enabling more vulnerabilities.”
So far this year, a US gas pipeline operator and Swiss-Italian shipping company MSC have been hit by malware. US-based cargo facilities, including New Orleans, have been subjected to ransomware attacks, while hackers have targeted ports in Iran and Israel. In June, systems at Shahid Rajaee port in Bandar Abbas were hacked, restricting movements and creating a miles-long backlog of ships.