Cyber Security Article

C y b e r S e c u r i t y

The COVID-19 pandemic accelerated the digitisation ofthe world, whichwas already taking place, making it mandatory for people to work from home via the internet. But are we safe from cyber attacks and what about the maritime industry?

reports…

The world economy is heavily dependent on maritime transpor t, as most of the international trade is carried by sea

As we have seen two years ago with the blockage of the Suez Canal, delays in shipping can result in severe financial loss, especially further down the logictical chain and distribution channels. Therefore, you may not think of ships and fleets closely related to technolog y, but ships are constantly connected to the internet

This heavy dependency on the internet makes the shipping industr y an attractive target for cyber criminals And here lies the real problem - some of these systems and computers on these ships often use incredibly complicated and old systems This makes it much more difficult to protect them from cyberattacks. The systems these ships use are so intertwined that there are many blind spots that are vir tually undetectable

Since ships are increasingly dependent on digitisation, integration and automation systems, cyber risk management onboard ships has top priority As technology advances, the convergence of information technolog y (IT) and operational technology (OT) onboard ships and their connection to the internet creates a larger target that needs to be addressed

But it is not only ships that use the internet, ports and terminals alike can be compromised by cyber-attacks. Therefore , cybersecurity should be in place to address the security issues and risks posed by new technologies

At the end of July 2023, the executive director of the Por t of Los Angeles provided a remarkable detail about the threat posed to American infrastructure by cyber-criminals and other enemies

“In the month of June alone , we stopped more than 60 million cyber intrusion attempts here , ” said Gene Seroka at a news briefing. “It’s one of the biggest issues that we work on ever y day. We now average 54 million cyber-intrusion attempts per month and we ’ ve stopped all of them ”

This is in stark contrast compared to the por t of Nagoya, Japan, which was victimised by a repor ted Russian ransomware attack in early July 2023 Infiltrators blocked access to files and operations and then demanded a payoff. It’s not clear what happened in Nagoya exactly, but several terminals at the por t were shut down for two days

In June 2023, Pro-Russian hackers targeted the websites of several Dutch por ts, including Groningen, Amsterdam, Rotterdam, and Den Helder, with cyber attacks. The DDoS attacks knocked the ports’ websites offline for several hours and in some cases even days In a DDoS cyberattack, a website or ser ver is flooded with requests until it crashes

NoName057(16) claimed the attacks were in response to the Netherlands’ intention to buy tanks for Ukraine Although NoName057(16) often targets the banking sector, private companies that supply the Defence industr y, and logistics companies in NATO member states, the attacks on Dutch por ts’ websites was unusual. In a telegram, NoName057(16) wrote: “The Netherlands want to buy Leopard 1s to deliver to the Ukraine

By the way, according to the Ministr y of Defence of the Russian Federation, eight Leopard 1 tanks have already been destroyed. Bring the next one!”

In April 2023, the same Pro-Russian hackers NoName057(16) also attacked three of Canada’s primar y eastern seapor ts websites

On Wednesday, 12 April, the por ts of Halifax, Montreal, and Quebec all announced that their websites had been targeted and crashed after they became overloaded in the “denial of ser vice” attack. The attacks were limited to a “denial of service” aimed at their websites and none of their operations or internal systems were impacted by the ongoing incident.

On 25 December 2022, the Por t of Lisbon, Por tugal, was attacked with ransomware , which took down the por t’s website and internal computer systems Lots of confidential information was stolen, including budgets, contracts, cargo information, ship logs and port documentation Some of the information was published Luckily, the por t’s operations were not compromised. Cyber analysts repor ted that the attack was staged using a widespread malicious software programme called LockBit

The perpetrators posted statements to the “dark web” demanding a ransom of USD1 5 million and setting a deadline of 18 Januar y 2023 for payment LockBit is one of the most widespread and problematic ransomware gangs of 2022. By some estimates, they have been behind a third of all the claims of cyberattacks posted in 2022 hitting over 1,200 organisations worldwide

It is therefore clear that por ts are key targets for cyberattacks There are many different companies and actors who could be targeted with attacks Por ts’ complex networks of public and private actors also make securing the por ts a challenge . Actors include storage providers for oil and goods, terminal operators and logistics firms It is a big challenge to ensure all of these actors maintain good security, in order to prevent attacks and limit successful breaches

In order to solve this challenge and improve the cyber security of critical industries, the European Union approved new cybersecurity regulations which obligate critical infrastructure companies to become more secure. Regulations include technical measures such as encryption, cyber risk assessments and due diligence too

Hundreds of firms which operate out of Europe’s largest por ts will need to use these basic security measures and repor t attacks to authorities from 2024 Non-adherence will result in fines of up to 10 million euros or two percent of revenue , whichever is higher.

These regulations are needed not only to avoid criminal networks making money out of cyberattacks but also the impact it has on companies that are being attacked and to a cer tain degree the (global) economy Hence , government officials around the world are working hard to combat cyberattacks

In recent news, European crime officials together with the FBI and UK National Crime Agency (NC A) removed a network of malicious software from thousands of infected computers.

The Qakbot software - a piece of code that lurked unseen in the majority of the computers it had secretly installed itself on - was used as part of online crimes, including ransomware attacks, for more than 15 years The criminal network behind it made around USD58 million from victims between October 2021 and April 2023

“Nearly ever y sector of the US economy has been victimised by Qakbot,” said Mar tin Estrada, Los Angeles US attorney

In an operation dubbed “Duck Hunt”, the FBI along with Europol and crime and justice officials in France , Germany, the Netherlands, Romania and Latvia, seized more than 50 Qakbot ser vers and identified more than 700,000 infected computers worldwide By doing this, criminals were effectively cut off from their source The FBI then used the seized Qakbot infrastructure to remotely dispatch updates that deleted the malware from thousands of infected computers

In the UK, the National Crime Agency ensured the criminal network's UK ser vers were taken offline at the same time as Qakbot's other infrastructure elsewhere

“This investigation has taken out a prolific malware that caused significant damage to victims in the UK and around the world Qakbot was a key enabler within the cyber crime ecosystem, facilitating ransomware attacks and other serious threats,” said Will Lyne, Head of Cyber Intelligence at the NCA.

Researchers said they believed the cybercriminals were in Russia or other former Soviet states, but this was not confirmed.

First appearing in 2008, Qakbot gives criminal hackers initial access to violated computers via phishing email infections Criminals could then install additional ransomware , and once infected, the computers became par t of a botnet - a network of computers infected by malware and under the control of a single attacking par ty

Qakbot affected one in 10 corporate networks and accounted for about 30% of global attacks

So what about por ts and terminals?

Both play a significant role in maintaining smooth global trade and they will need to act to prevent any cyberattacks Therefore , expect (future) co-operation between por ts, sharing information and learning from other por ts how to tackle cyber security will be high on the agenda

At the beginning of August 2023, Greece’s Thessaloniki Por t entered into a new cooperation agreement with Ashdod, the national por t of Israel. The co-operation focuses on innovation, with par ticular emphasis on the areas of cyber security and operational efficiency

At the same time , both por t companies will under take joint initiatives, aiming to respond to issues related to sustainability, which concern the broader por t and maritime transpor t sector In addition, the agreement provides for the joint implementation of networking activities, the par ticipation in international projects and the exchange of knowledge and best practices enabling Thessaloniki to test innovative technologies and ideas through Ashdod por t’s maritime technolog y hub So you will see more of these kind of agreements in the (near) future .

On another note , earlier this year, we highlighted the proposed Por t Crane Security and Inspection Act of 2023 by Congressman Carlos A Gimenez from Florida and Republican John Garamendi from California, aiming to address the growing concerns regarding China’s influence on por t infrastructure , specifically container cranes

The act proposes several measures to mitigate the risks associated with the use of foreign container cranes from countries considered adversaries of the US, such as China The bill included restrictions on the use of such cranes, requiring the Cybersecurity and Infrastructure Security Agency (CISA) to conduct inspections of foreign cranes for potential security vulnerabilities before they are put into operation

Fur thermore , the act mandated that CISA provides the Congress with reports on critical and high-risk security vulnerabilities posed by foreign cranes in US por ts

In response to the proposed legislation, Chris Connor, out-going President and CEO of the American Association of Port Authorities (AAPA), strongly countered the “sensationalised” claims about the equipment’s security, pointing out the lack of any suppor ting evidence

“At best, that’s a misleading statement,” Connor remarked in a released statement addressing the issue

He clarified that the cranes acquired by por ts in the US are chosen based on cost considerations and are equipped with separate software obtained from allied nations Additionally, these cranes undergo stringent security inspections in collaboration with federal government partners to effectively mitigate cyber threats

Connor emphasised that the primary concern for por ts lies in the inability to manufacture such hardware within the US He suggested that instead of focusing solely on the equipment’s security, lawmakers in Washington DC, should also inquire why domestic production of this hardware is not feasible