Special report: maritime faces growing cyber ‘piracy’ threat

Maritime piracy has a long history and now modern day Blackbeards are operating in cyberspace and, in some cases, taking over ships remotely, industry leaders were told at an event in Liverpool. Tony McDonough reports

Pirates
Pirates at the Mersey River Festival… real-life pirates now operate in cyberspace. Picture by Tony McDonough

 

Maritime and its shipping routes provide the ‘cardiovascular system’ of global trade and they face a growing cybersecurity threat.

That was the message delivered by cybersecurity experts at the latest Mersey Maritime Face-2-Face networking event in Liverpool.

Hosted by national law firm Weightmans, Mersey Maritime members heard a panel of experts illustrate the specific dangers posed by digital ‘pirates’ and offered advice on how to best protect your systems and data.

Both criminal enterprises and nation states such as Russia and China were engaged in digital espionage, the audience was told. In some cases these digital pirates had been able to take control of vessels remotely.

Sasha Henry, a senior management consultant with CyXcel, which is a cybersecurity division within Weightmans, opened the session offering a brief history of piracy.

She covered periods from the Eastern Mediterranean around 1300 BC to the Vikings, Carribean pirates such as Blackbeard, through to 20th century pirates the South China Sea and the Houthi rebels targeting the Red Sea from Yemen.

But cyber piracy, she added, has taken the threat onto a new level of complexity and sophistication. It utilises the main tool in our society which is technology.

Using the Russia-Ukraine war as an example, she explained: “There has been an operation going on with grain smuggling in the Black Sea. The Russians are manipulating AIS (vessel tracking) data to spoof locations.

“They are able to steal grain ships and take grain back to Russia and defy the sanctions… As vessels become more digitally connected the threats are becoming ever more sophisticated.”

Following her introduction Sasha joined a wider panel discussion. Joining her were CyXcel colleagues Sean Crotty, who is a partner at the firm, and another consultant and cybersecurity expert Francis Annandale.

Also on the panel was Andrew Melton, the regional representative in the North and Midlands for the British International Freight Association (BIFA), himself an experienced freight forwarder.

“At the moment what we are seeing is a lot of espionage. There is a big uptake of Chinese state actors building back doors into networks,” said Francis. “US Government is very concerned about cranes being put into ports that are built by the Chinese.

“There are suspicions of back doors and the vulnerability of the data that is going through these cranes.

“Security experts at Google have identified a Chinese group known as ‘Double Dragon’ that is building back doors into systems of companies, which sit dormant for two to three years and harvest data.”

 

Mersey Maritime
Speakers at the Mersey Maritime Face-2-Face event. Picture by Tony McDonough

 

Sasha said industries such as financial services had made cybersecurity a priority for some time but added sectors such transport, logistics, manufacturing and maritime were now having to play catch-up.

She added: “Old legacy asset and technology have had to move into the digital age. We view risk management traditionally as technology, people, process, health and safety and site specific.

“But now I view it as technology above all of that. Where a lot of these risks are coming from is not just the technology itself but the governance processes as it relates to the digital age.”

All the panel agreed there needed to be a shift in mindset. Traditionally some companies see themselves as digital or non-digital but now everyone needs to see themselves as a digital business. Sean said: “Every business is a tech business whether they like it or not.”

It was also agreed that people remain the weak link in the chain. Spoof AI phone calls had become a growing problem alongside the well-established issue of people clicking on links in phishing emails.

Andrew said some businesses had carried out tests, hiring a cybersecurity company to send out spoof emails to employees. He added: “It’s amazing how many people fell for them.”

Crew members on ships were also identified as an area of focus. While on shore leave they may leave their mobile devices in public areas such as bars. If those devices are connected to the vessels there was the risk of systems being compromised.

Sean pointed out that it was important to consider the “trans-border” element of maritime where vessels are moving in and out of different jurisdictions. Legal representatives needed to be across different legal systems, he added.

BIFA has more than 1,700 members and many of them, according to Andrew, were playing “catch-up” when it comes to cybersecurity. This was particularly true of smaller businesses who often didn’t have access to the resources or appropriate expertise.

“Cargo has been seen for many years by governments as an entry point for physical threats such as dirty bombs but the cyber side of it is now becoming more important,” he said.

“I am aware of two of our members who have seen their whole networks brought down and have been held to ransom. There is an increasing awareness but I think there is still a long way to go because everyone thinks it won’t happen to them.

“Some people are still not taking this seriously enough. That is more true of small firms but they are part of a bigger supply chain and so an issue that affects them can affect the overall chain in a big way.

“This is one of the reasons that BIFA is using its channels of communication to emphasise the risks posed by cyber crime to our members and outline some of the best practice security measures they can adopt to avoid becoming a victim.”

 

Container ships
Commercial shipping faces threats from modern-day pirates. Picture by Tony McDonough

 

While ransomware (where criminals paralyse systems and demand a ransom) was still common, Francis said data disruption was becoming more prevalent.

“Look at the recent Crowdstrike outage (which affected IT systems across the world)  and how much that cost. People clicking on links is still the most common way of falling victim to ransomware.”

Sasha added that within organisations IT is often seen as a silo. She explained: “IT is not a subset. It needs full organisational accountability and responsibility… with new digital resilience regulations there is going to be more stringency around that.”

READ MORE: HyNet hydrogen & CCS… everything you need to know

READ MORE: Mersey boat builder wins orders for military fast response craft

Francis stressed to those at the event, that the issue was “not all doom and gloom” and there were many things companies could do to minimise the risk.

Testing, said Sasha, was a really good way to raise awareness among employees and offers “quick wins” when it comes to improving the culture. She added: “It translates into pro-active and meaningful pre-breach work.

“Rather than getting overwhelmed with how many security controls you need to invest in just view it ‘well what is the priority – where will be the biggest impact if we are hit’. Going through that exercise of where the costs would hit will help inform you better.”

You might also like More from author

Leave A Reply

Your email address will not be published.

Username field is empty.