Cyber attacks on shipping and logistics groups are on the rise. Reuters suggests that already £400 million is lost annually within the UK gas and oil industry alone due to cyber theft. As the European Union has adopted the Network and Information Security Directive (NIS) for the marine industry, companies must ensure that their cyber strategies are up to scratch.
Hackers will target any sector where there is an opportunity, and shipping has become a focus. As Oisín Fouere, UK managing director of cybersecurity at K2 Intelligence, explains: “High threat sectors such as banking and defense have long been aware of hacking risks and therefore have invested heavily, whereas mid-risk organizations, such as those in shipping or logistics, have historically been less of a target, but are now seeing an increase in activity.”
Motivation and Attacks
The motivation for attack varies greatly, as do the types of attack. So it is important for companies to understand where the vulnerabilities may lie.
Competition is a key driver, both on a national level—when consignments of arms or oil provoke state interception—and within rival industries. Industrial espionage can lead to supply-line disruption, and Fouere suggests that industries such as car manufacturers that have huge reliance on third-party logistics could be particularly vulnerable: “For example, rivals intent on malicious activity could hack into competitors’ shipments to delay the delivery and launch of a new model, causing reputational damage and loss of sales.”
Re-routing cargo enables trafficking and theft; opportunists can compromise unsecured cargo routing systems at a port, re-routing containers to non-bonded areas and bypassing customs. In these less secure areas of a port, criminals can enter at night, open containers, and remove goods. The U.S. Government Accountability Office’s report highlights an incident in 2013 where criminals allegedly hacked into IT systems at the Belgian port of Antwerp and smuggled drugs into the country.
There has also been research commissioned which demonstrates the ease of compromising on-board navigation systems, which could potentially lead to sabotage or misdirection of shipping. These are rarely reported because companies do not wish to be viewed as easy targets; however, hackers can threaten to divert a ship’s course, or even run the ship aground. The Iranian supply line IRISL suffered a highly disruptive cyber attack in 2011, which damaged data, caused huge financial losses, and resulted in large amounts of lost cargo.
Key Signs of Potential Cyber Attacks
- Irregularities in the way systems are behaving.
- Unusual human behavior—for example, people already in possession of high-level knowledge asking questions about the way particular systems work.
- Breaches of physical security monitoring systems coinciding with unusual network activity.
- Unusual behavior on the ground—for example, a system issues an unusual or different routing instruction. Don’t just assume it’s a manual error.
What makes this sector particularly vulnerable, says Fouere, is that the software and systems being used were not designed around security, and risk management exercises are rarely carried out on the software. A 2013 study of six U.S. ports by the Brookings Institution found that only one had assessed how vulnerable it was to a cyber attack, and none had developed any plan in response to such an attack.
The structure of these sectors’ physical networks is also a disadvantage: networks between ports don’t always have secure connections, which makes it easier to break into consignments and divert or delay these in customs, allowing criminals to intercept them. With many third parties involved, it is often easier to compromise security. Finally, the human factor offers many opportunities for compromised security: insider information, ex-employees with confidential knowledge and human error all have potential to lead to breaches.
Tackling the Problems
Implementing a cyber defense strategy will ensure that an organization is in the best possible position should an attack take place. “A baseline cyber strategy essentially provides a coat of armor for your organization and deflects 90 percent of opportunistic attacks,” says Fouere.
“Additionally we provide a cyber intelligence service, whereby we conduct due diligence on third parties, monitor a range of sources to provide information about when an attack is imminent, and examine whether underground groups are attempting to attack clients’ infrastructures. If an attack has already taken place, K2 Intelligence’s incident response service will provide specialist advice on damage limitation and remediation measures.”
Considerations for Improving Organizational Security
- Do you have a dedicated sign off, someone with ultimate responsibility for cyber risk in your business?
- Do you have a cybersecurity specialist function which deals with incidents and proactively minimizes cyber risks?
- Do have a testing regime in place? If not, nobody will be in control of the risk and your company is vulnerable to attack.