Risk Focus - Considering Cyber threats in the maritime supply chain



(www.MaritimeCyprus.com) BSI and TT Club have authored this report to demonstrate their shared goal of educating the transportation and manufacturing sectors about the dynamic cargo theft risks present across the globe. With the enhanced awareness of cargo crime trends across the globe, industry will be able to engage in a proactive approach in preventing cargo crime and also minimizing the financial loss and brand reputation damage that results from cargo crime.

On 27 June 2017 the shipping giant A.P. Moller Maersk fell victim to a global malware attack known as ‘NotPetya’ also referred to as ‘ExPetr’. Online cargo booking was consequently impacted, forcing staff to use personal email accounts to respond to critical emails.

As key processes relied predominantly on IT systems, personnel were forced to resort to manual processes. It took almost one week for all services to resume and for the shipping firm to regain total control of its systems.

Maersk has since revealed the attack caused congestion in as many as 80 ports operated by APM Terminals and cost the company as much as USD 300 million.

Estimates suggest the global ransomware attack resulted in losses of at least USD 850 million, with predictions of future attacks to be in the billions as economies increasingly rely on IT infrastructure.

This untargeted incident highlights the shipping and logistics industry’s vulnerability and perhaps more importantly, the need to adopt appropriate response protocols.

In early 2017, SeaIntel revealed 44% of the top 50 carriers have weak or inadequate cyber security policies and processes, including weak passwords, delayed installation of security patches and the use of unencrypted web browsers. Given this current state and increasing automation in the maritime and logistics industry, it is inevitable companies will require a robust information security management system.

The move towards automation

The shipping and logistics industry has increasingly moved towards better integrated and automated systems. The International Maritime Organization’s (IMO) e-navigation concept, first introduced in 2006 to enhance navigation safety, is one example of the demand for more integrated systems to improve efficiency and reduce risk.

E-navigation essentially collects, integrates and analyses data from ships at sea and at shore using electronic systems. The main motivation behind this move has been to mitigate the rising number of marine accidents, the majority of which are caused as a direct result of human error. With the expansion of digitalised systems, training and staff/crew awareness are crucial.

In a survey conducted by BIMCO and Fairplay in 2016, 21% of respondents from the maritime sector admitted to being victims of a cyber attack. However, the actual number of victims is likely to be higher for two reasons. Firstly, not all victims are likely to admit to the security breach particularly to avoid potential reputational damage. Secondly, it is highly likely that more victims are being targeted but effective security measures already in place are either mitigating the impact of the attack or preventing successful breaches. With approximately 90% of world trade transported by sea, the maritime sector is an attractive and lucrative target to perpetrators of cyber crime.

As a direct result of greater interconnectivity and digitisation, particularly relating to the ship bridge, a cyber attack at sea or at the ship/port interface has become a question of when rather than if it will occur.

To view more details, click on below image to download full report:

For more cyber-security related Guides and circulars, click here.

Source: TT Club



[Total: 0]