USBs at Sea: A Major Maritime Cybersecurity Blind Spot
It’s no secret that there have been numerous cyberattacks on the shipping industry over the past few months and years. There are countless, well-publicized attacks that have brought shipping lines to a standstill for days or weeks at a time, resulting in crippling effects on global supply chains.
What is less talked about are cyberattacks on vessels themselves. It’s easy to assume that because a ship is not physically connected to anything in the same way that shore-based facilities are, they are less vulnerable to attack, but we live in a world where everything is connected.
Cybercriminals do not need a physical connection to an asset to be able to successfully infiltrate and attack. A cyber attack on a vessel can inflict major damage to the vessel, the crew, the cargo, and the environment.
Container shipping is a good example. Every time a container ship enters a port, the terminal will provide the load plan to the Chief Officer. This is, more often than not, delivered in the form of a USB drive. That drive is plugged into the vessel loading and stability software so that the load condition can be checked and the Chief Officer can ensure that the vessel is able to sail in a safe and seaworthy condition. Updated load plans are delivered to the vessel multiple times during the port call.
From a cybersecurity perspective, we do not know what protocols the terminal has in place. We do not know how many other vessels that USB drive has been used on and we don’t even know where the USB drive came from in the first place. Is it the property of the terminal, or is it a private drive that is being used by the terminal planner?
From a pure cargo data perspective, if the container information is being manipulated, then it is all too easy for the vessel to think that the vessel is safe and seaworthy when the reality is far from that. Heavy containers may be loaded in the higher tiers, hazardous cargo may not be properly segregated, and refrigerated containers may not show up on the plan and might therefore not get plugged in once loaded.
Since all the vessel’s stability calculations are based on this data, this is an extremely vulnerable link in the cyber security chain. In some of the worst-case scenarios, a vessel can lose containers overboard in heavy weather or be at a higher risk of onboard fires due to unknown hazardous cargo being loaded under deck in locations that are not permitted.
Even minor changes to the data, such as incorrect refrigerated container information, can lead to large cargo insurance claims. Given the high value of refrigerated cargo, if the load plan doesn’t show that a particular container is a live reefer, the crew won’t know how to connect it to the ship’s power supply and monitor it. A single reefer container insurance claim can easily run into millions of dollars.
Maritime organizations are taking appropriate steps to identify, analyze, assess, and communicate maritime cybersecurity risks. Contact us to learn how Cydome can help you prevent such unknown vulnerabilities with real-time anomaly detection.
