A shocking 99 per cent of cyber attacks target people rather than IT infrastructure. This is a key message from a new film that a consortium of cyber risk aware shipowners and maritime organisations, including Teekay Shipping and Samskip, has developed.
The video, Be Cyber Aware at Sea, provides shipping companies and seafarers free advice on methods of improving cyber risk management on vessels. It highlights that people are the weakest link from any cyber-based attack. The film uses real-life case studies to demonstrate how easy it is for cyber criminals to target individual employees.
One of these involves an officer disabling ECDIS on a ship by plugging in his mobile phone. Another real-life case involved a senior port manager being blackmailed into providing computer access to cyber criminals.
Oil Companies International Marine Forum (OCIMF), along with Teekay Shipping, insurer The Standard Club and satellite communications provider NSSLGlobal supported film-maker Fidra Films in this project.
The film “tackles the most vulnerable element of cyber protection, the human element,” OCIMF director Andrew Cassels explained. He added: “Educating our mariners is the first line of defence. They all work in social media with ease but need to understand how innocent actions can cause harm to wider networks and systems.”
The video was filmed with seafarers in a maritime environment to create the greatest level of realism, said Teekay Shipping director of IT Carmen Plesch. “The film is fast paced and packed with practical information,” she said. “By shooting it in the environment our seafarers work and live for weeks at a time, the film resonates deeply with this audience and it emphasises the critical role everybody on ships and ashore has to play in protecting our informational assets and keep all of us safe.”
Be Cyber Aware at Sea features multiple tips to help employees avoid being an easy target for cyber criminals. It demonstrates, what was described in depth at Riviera Maritime Media’s European Maritime Cyber Risk Management Summit in June, that many marine people still fail to identify the signs of emails that are linked to harmful malware; that people can accidentally give away personal and company information to hackers via email or social media postings.
Another key cyber risk is the wide use of memory sticks plugged into bridge systems. The film highlights that charging a smartphone through the USB socket on an ECDIS terminal could allow hackers to gain access to a vessel’s IT network, potentially affecting the its ability to safely navigate.
Other backers of Be Cyber Aware at Sea that helped develop the content included the City of Glasgow College and JWC International. The film’s publication comes as the shipping industry is still learning the lessons from the Petya ransomware cyber attack that brought down Maersk’s IT networks, closed APM Terminals port facilities and halted electronic booking of container ship capacity.
NSSLGlobal chief executive Sally-Anne Ray said Petya caused “one of the biggest ever disruptions to global shipping”. She added: “No-one is immune from the cyber threat”. She said the film “is an important initiative to not only raise awareness of the risks, but to help protect the industry from attack”.
In reaction to the Maersk cyber incident in June, The Standard Club director of loss prevention Capt Yves Vandenborn stressed the importance of increasing awareness of the risks to seafarers. He commented: “Given the potential catastrophic consequences, we cannot stress enough the importance for shipowners and operators to take adequate measures to prevent cyber attacks.”
The vulnerability of satellite communications equipment on ships to hacking was exposed earlier this month when a hacker gain access to the ship’s IT system through a terminal. The hacking researcher used search engine Shodan to find vulnerable maritime targets. Then he used default administration usernames and passwords to gain access to the satellite communications equipment.
For more information about maritime cyber risk management click here. The video is available here: https://youtu.be/DfEiMj7wAi4