Written by Walter Hannemann | 10 May 2019
27 June, 2017. This date should be etched on the mind of every maritime operator, shipowner and crew member.
Why? Because this was the day when the largest transport and logistics company in the world – Maersk – fell victim to a major cyber attack caused by the NotPetya malware.
The malware attack, described by Wired Magazine as the worst cyber attack in history, represented a “watershed moment” in the shipping community. The wake-up call was loud and clear: Maritime cybersecurity is no longer optional – it’s business-critical.
NotPetya was a stark warning to everyone in the maritime transportation and logistics chain that maritime cyber risk needs critical attention, and that all major global companies need to take protective measures to deal with malware and all other possible threats.
In the two years that have passed since the Maersk cyber attack, malware – software with malicious intent – has been a persistent threat to the maritime industry. The threat landscape is continuously evolving, and cybercriminals are getting more sneaky by the minute, constantly shifting their tools, tactics and procedures to improve their infection rates.
Malware can enter through any number of points like end-user devices, email attachments, web pages, cloud services, user actions, and removable media.
So what exactly do you need do to protect against malware threats?
Various organisations in the maritime industry (BIMCO, IMO, DNV GL) have issued cybersecurity guidelines and recommendations that all put forth one key message:
There is no single solution to managing cyber threats like malware. Technology plays a crucial role, but it must be part of a wider approach. Focusing on cybersecurity technology alone to deal with malware is not enough.Protecting your fleet from malware requires a holistic approach involving risk assessment, awareness and training, and multi-layered cybersecurity services.
The crucial first strategic step to safeguarding your ships from malware and all other current and emerging cyber threats and vulnerabilities is to plan and perform a thorough cyber risk assessment.
What potential threats may you be facing?
You need to understand the external cybersecurity threats to the ship, as well as the internal cybersecurity threat posed by inappropriate use and lack of awareness.
Are your onboard systems and procedures robust enough to handle the current level of threat?
By continually assessing risk exposure and then working to implement protection and detection measures, you can minimise cyber risks onboard your ships. Use the following questions as a basis for a proper risk assessment:
Cybersecurity starts with people – this includes focus on knowledge, behaviour and mindset. The important first step in tackling malware in the maritime sector is to raise awareness, provide training, and communicate the risks at all levels of your organisation.
Your people are your crucial line of defence. You can have the best technical solutions, policies and procedures in place, but if people aren't trained properly and don't understand what good cyber hygiene looks like (and the risks of getting it wrong), then all the above measures may be futile.
Assessing risk exposure and raising cybersecurity awareness is essential, but it only takes you so far. In an ever-changing threat landscape, how can you safely allow for Internet services across your fleet without compromising security?
Safeguarding your fleet from current and emerging threats and vulnerabilities, particularly those that do not require any user action, calls for advanced cybersecurity services that provide multiple layers of detection and protection measures.
According to a Cisco Security Research paper, 91.3% of malware uses DNS in attacks. For this reason, adding some sort of security measure at a global level is an essential part of a robust cybersecurity approach onboard your vessels.
By setting up an extra layer of defence to your IT ecosystem, you drastically reduce the risk of malware attacks compromising your operations.
Modern-day malware is designed to avoid traditional defenses. Preventing malicious software from attacking your onboard systems, devices and data involves a holistic strategic approach to cybersecurity. An effective cyber risk management plan should start at senior management level, instead of being delegated to the ship security officer or the head of the IT department.
Address cyber risk management, focus on knowledge, behaviour and mindset, and implement multi-layered protection solutions that help you create a more cyber-resilient environment on board your vessels.
Walter Hannemann started his career in a computer factory product development laboratory in 1983, while taking his education in Electronics and Information Systems. Since then, his jobs have involved software architecture and development, infrastructure design and overall IT management, in both large enterprises and startups. With a passion for “making things work”, shipping applications and all digital things onboard ships became his interest after joining Maersk in 2008. Managing IT in large companies like Maersk Tankers and Torm has given him insider’s knowledge in the shipping industry and enticed his entrepreneurship to help moving the industry into the digital future. Based in Copenhagen as Product Manager for Dualog, Walter enjoys finding solutions for big (and small) problems while keeping the overview and a forward-looking approach, with deep dives in technical subjects when necessary – or possible.