• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Cyber Pirates Prowling Ship Controls Threaten Another Big Shock

Cyber Pirates Prowling Ship Controls Threaten Another Big Shock

Port Klang
A container ship travels towards Port Klang in Selangor, Malaysia. Photo: Bloomberg.
July 11, 2022
Bloomberg

In February 2019, a large container ship sailing for New York identified a cyber intrusion on board that startled the U.S. Coast Guard. Though the malware attack never controlled the vessel’s movement, authorities concluded that weak defenses exposed critical functions to “significant vulnerabilities.”

A maritime disaster didn’t happen that day, but a warning flare rose over an emerging threat to global trade: cyber piracy able to penetrate on-board technology that’s replacing old ways of steering, propulsion, navigation and other key operations. Such leaps in hacking capabilities could do enormous economic damage, particularly now, when supply chains are already stressed from the pandemic and the war in Ukraine, experts including a top Coast Guard official said.

“We’ve been lucky so far,” said Rick Tiene, vice president with Mission Secure Inc., a cybersecurity firm in Charlottesville, Virginia. “More and more incidents are happening, and the hackers are getting a better understanding of what they can do once they’ve taken over an operational technology system. In the case of maritime — whether it be the ports or the vessels themselves — there is a tremendous amount that could be done to harm both the network and physical operations.”

Rear Admiral Wayne Arguin, the Coast Guard’s assistant commandant for prevention policy, said shipping faces cyber risks similar to those in other industries — it’s just that the stakes are so much higher given that almost 80% of global trade moves on the sea. While Arguin declined to put a number on the frequency of attempted break-ins, he said “I feel very confident that every day networks are being tested, which really reinforces the need to have a plan.” 

Stress System

“A potential intentional attack could really stress the system and we’re certainly thinking about how to shore that up,” Arguin said in an interview. “When you couple that with the sensitivity of supply chain disruptions, it does have the potential to be devastating to the marine transportation system.”

That universe includes not just ship operators but port terminals and the thousands of logistics links in global supply chains that are increasingly interconnected.

BlueVoyant, a New York-based cyber-defense platform that recently analyzed 20 well-known shipping companies, said some strides have been made since 2021, but “there are more cyber-defense actions the industry can take to make things more secure.” A wider survey into third-party cyber risks showed 93% of respondents acknowledged suffering direct breaches tied to supply chain weaknesses, with the average number of intrusions rising to 3.7 last year from 2.7 in 2020, according to Lorri Janssen-Anessi, BlueVoyant’s director of external cyber assessments.

Hackers have hit major logistics operations several times already this year. Jawaharlal Nehru Port Trust, India’s busiest container port, suffered a ransomware attack in February. A targeted attack on Expeditors International of Washington Inc., a large freight-forwarding company, crippled its systems for about three weeks and led to $60 million in expenses. Blume Global Inc., a supply chain tech company based in Pleasanton, California, said in early May that a cyber incident temporarily made its asset-management platform inaccessible.

‘Vulnerable Areas’

“You’ve picked on an industry that has a lot of vulnerable areas,” said Jennifer Bisceglie, the CEO of Arlington, Virginia-based Interos, a supply chain risk-management company.

The ocean shipping industry is the backbone of global goods trade but when it comes to cyber vulnerabilities, its broad reach is an Achilles heel. The biggest companies are playing catch-up and, after years of struggling to make money, now have the resources to invest in upgraded ship-to-shore technology.

Hapag-Lloyd AG, Germany’s largest shipping line, announced in April that it’ll become the first carrier to equip its entire fleet of containers with real-time tracking devices. Most of the large container lines use remote sensors for functions like monitoring engine performance, maintaining cooling systems or opening a pump valve. Electronic charts and collision-avoidance mapping can be updated on shore and shared remotely. Many new ships ordered during this period of peak profitability will be fitted with more online connectivity to land-based operations.

Such advances add visibility and efficiency but they also potentially make the jobs of hackers easier, experts said.

“Ships were quickly connected to the internet using satellite communications, but without all the other security controls needed to be safe and secure at sea,”said Ken Munro, a security specialist at Pen Test Partners, a cybersecurity company with clients in the maritime industry. “So now shipping operators are frantically trying to build these controls back in, but are struggling with decades-old equipment on board that can be really hard to secure.”

To help guard against the threats, the International Maritime Organization, a United Nations agency responsible for safety and security, issued guidelines that companies were supposed to adopt starting in 2021. Some analysts said those regulations haven’t had enough of the intended effect and led to a wide range of responses.

System Patchwork

“Some were very proactive and started doing the work long before the regulations,” said Captain Rahul Khanna, the global head of marine risk consulting with Allianz Global Corporate & Specialty, a unit of the Munich-based financial services company, Allianz SE. “On the other end of the spectrum, you had people who are aware and doing just the bare minimum just to get the certificate in their files.”

Even modern ships have a patchwork of systems from different manufacturers that have taken cybersecurity in varying degrees of seriousness, said Andy Jones, the former chief information security officer at A.P. Moller-Maersk A/S, the world’s No. 2 container carrier. “Some operators have taken this seriously, but with substantial fleets and ships that are probably over 30 years old, it is a very tall order.”

Jakob Larsen, a maritime security specialist with Bimco, one of the world’s biggest associations representing shipowners, defended the industry’s position on cyber protections as “relatively strong” and on par with other sectors. Though increased digitization brings “more and more of an attack surface,” he said instances where operational controls have been hacked are rare and technically difficult to pull off.

“This idea that someone can take over the control of a ship and do all sorts of things, while it might be technically possible for a really skilled hacker who has the time to do it, in reality it’s not really something that we’re seeing,” Larsen said. “Theoretically, yes in can happen and of course we have to constantly stay updated with our defenses and pay attention to new threats.” 

‘Huge Underreporting’

Khanna said there’s a “huge underreporting” when ships get attacked and “the ones who say they haven’t been, just don’t know about it.”

Across industry and government, there’s agreement that there needs to be more information sharing. “Everybody needs to be all-in in this game and understand when there are vulnerabilities — getting that information out quickly is going to be a thing that continues to help us close doors,” the Coast Guard’s Arguin said.

For some observers, a wakeup call about the stakes involved came in March 2021, when the Ever Given — one of the world’s largest container ships — ran aground and blocked traffic in the Suez Canal for almost a week. The accident, blamed partly on strong winds, cut off much of Europe’s trade with Asia and threw supply chains off kilter for several weeks.

“The Suez incident made everybody realize that global supply chains are actually quite vulnerable,” Munro said. “Not that Suez was a hack — it wasn’t — but it so easily could’ve been.”

RELATED CONTENT

RELATED VIDEOS

Logistics Global Logistics Ocean Transportation Transportation & Distribution Supply Chain Security & Risk Mgmt Supply Chains in Crisis
  • Related Articles

    When Pirates Threaten Your Supply Chain

    Somali Pirates Hijack First Commercial Ship Since 2012

    Once-Stuck Ship Gets Another Chance for Passage Through the Suez Canal

Bloomberg

Germany to Introduce Cheap Nationwide Public Transport From May

More from this author

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A PERSON HOLDS UP A TABLET COMPUTER IN A WAREHOUSE, SUPER-IMPOSED BY A GRAPHIC SHOWING A COMPLEX WEB OF SUPPLY CHAIN ELEMENTS

    Three Post-Pandemic Actions for Repairing Global Supply Chains

    Data Management (Big Data/IoT/Blockchain)
  • A MAN IN A SUIT SHAKES HANDS WITH A WOMAN IN A HARD HAT, NEXT TO A STACK OF CONTAINERS

    Three Procurement Technology Evolutions for 2023

    Sourcing/Procurement/SRM
  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage
  • The blank stare of a child's eye who is standing behind what appears to be a wooden frame

    The Alarming Continued Rise of Modern Slavery in Supply Chains: How Procurement Can Help Reverse the Trend

    Sourcing/Procurement/SRM
  • A GROUP OF WORKERS RANGED IN AN OFFICE, OF DIVERSE RACE, GENDER, AGE AND PHYSICAL ABILITY

    Podcast | The Supply Chain Workforce of the Future Is Already Here

    HR & Labor Management

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing