Cyber Security at sea – The Cosco Cyber Incident

Cyber Security at sea – The Cosco Cyber Incident

Maritime news websites reported on July 25th that Cosco Shipping Line had been subject to a cyber incident which had affected the company’s network and systems.

Reports said that officials at the Shanghia-based company’s US offices were affected by the incident, but this later appeared to spread to the company’s UK arm, with email and telephone systems affected.

The company’s Pier J Terminal at the Port of Long Beach, California, was the first to be impacted, Loadstar reported. Cosco released the following statement:

“Due to [a] local network breakdown within our America regions, local email and network telephones cannot work properly at the moment. For safety precautions, we have shut down the connections with other regions for further investigations.”

While the shipping industry has been affected by cyber attacks in the last two years, it traditionally didn’t make them public for a number of reasons. The arrival of GDPR and the NIS Directive, however, have made that much harder.

Shipping sat up and took proper notice of cyber security last year, following the NotPetya attack last year, which unfortunately hit Maersk’s systems and cost the company an estimated $200 million to mitigate. While Maersk was effectively collateral damage in a much wider attack, the incident did at least focus minds in the maritime industry and led some to question whether the steps being taken were sufficient.

Much is made in the media of the threat to vessels at sea from non-state actors and hackers hoping to make their mark. While it’s true that many ship’s systems are somewhat vulnerable to attack, there remain manual safeguards on most vessels and so far, at least, attacks against vessels on the water are incredibly rare.

Dire warnings of vessels losing control to hackers and being deliberately grounded or placed on collision course with other ships or ports remain the stuff of fantasy for the time being. And it’s reasonable to ask just why a hacker would bother to do something which not only had no financial pay off, but instantly attracted the attention of multiple law enforcement agencies.

The main threat to shipping companies remains ashore, at corporate headquarters, shipping agents and ports. That is where the money lives, and that is where hackers will always go first. As experts agree that email threats are on the rise, Business Email Compromise (BEC) remains a key threat vector for most companies and corporations; the maritime industry is no different in that regard. Phishing attempts continue to work in the corporate domain. We know of several instances where large sums of money have been transferred to criminals over the last 18 months. In one, a ship agent’s systems were breached and bank account details altered in order for thieves to receive several hundred thousand dollars. Thankfully, the agent quickly noticed the breach and the funds were recovered by the banks and police. Unfortunately, not every story has a happy ending.

Criminals do not regard the maritime domain as being off limits. To them, an office is an office and the systems inside it can be breached. Ensuring that doesn’t happen is now something that C-Suite personnel are beginning to take seriously.