Hackers have been peppering cyberattacks against cargo ships

• Last year, the NotPetya ransomware’s damage to Merck, the largest shipping company in the world, shook the shipping industry.
• Any system connected to an internet network, no matter the location or time, could be a potential target for those with malicious intent.

Amidst the vast waters of the world’s oceans, one might think that he/she is far away from any kind of criminal threat. However, that assumption is incorrect, as even cargo ships now fall prey to cyberattacks.

Any system connected to an internet network, no matter the location or time, could be a potential target for those with malicious intent. Multiple attacks targeting ships, featuring malware, ransomware, and worms have been witnessed in the past and continue to pose a threat to shipping operations worldwide.

The international shipping industry understands this threat and has recently published the latest guidelines for bolstering cybersecurity on ships. A conglomerate of 21 international shipping associations and industry groups has published the third edition of its document on this matter - “Guidelines on Cyber Security onboard Ships”.

The existence of such a document indicates the significance of this issue. A series of attacks over the past few years has pushed the shipping industry to enhance its cybersecurity efforts. Let us look at some of these past incidents which are not widely known by the public.

Learning from the past

Nowadays, many modern ships are designed to operate in a paperless way, using the Electronic Chart Display and Information System (ECDIS). However, if this system fails, it could cause a major hindrance in the ship’s operations and result in a large financial loss for the operating company as well. This is exactly what happened in an incident detailed in the document.

“A new-build dry bulk ship was delayed from sailing for several days because its ECDIS was infected by a virus. The ship was designed for paperless navigation and was not carrying paper charts. The failure of the ECDIS appeared to be a technical disruption and was not recognized as a cyber issue by the ship’s master and officers.

“A producer technician was required to visit the ship and, after spending a significant time in troubleshooting, discovered that both ECDIS networks were infected with a virus. The virus was quarantined and the ECDIS computers were restored. The source and means of infection in this case are unknown. The delay in sailing and costs in repairs totalled in the hundreds of thousands of dollars (US).”

The people aboard the ships can also become a part of the threat vector in some cases. The attackers can use infected USB drives and malicious email attachments to deliver malware, which can end up infecting the software systems aboard the ship. The document notes that in one such incident, a shipowner reported that the company’s business networks were infected with ransomware, delivered via an email attachment.

The guideline covers many such incidents and provides recommendations relevant to each of them. It also covers the various aspects of cyber risk management approach.

As modern ships add more and more systems online, the frequency of such attacks is expected to increase. Though some systems are designed with security features in mind, many often lack appropriate security measures.

Just like in the case of network routers and servers, which are often left with their default login credentials unchanged, many ship systems also end up exposed in the same way. Moreover, they sometimes contain built-in backdoor accounts which risk exposure for the ship, cargo, and the passengers onboard.

Last year, the NotPetya ransomware cost Merck a whopping $300 million and the damage didn’t end there. 4,000 company servers and 45,000 PCs also had to be reset to ensure security in the company’s operations.

This incident was a major wake-up call for the shipping industry which is reflected in the latest cybersecurity guidelines.