• ARI Media

Hack-Proofing Your Business

With cyber crimes becoming ever more frequent on a global scale, the maritime industry faces new challenges in order to ensure security of its data.

As a result, players across the maritime supply chain are under pressure to find the ways of responding properly to cyber threats in the industry and implement counter strategies.

On November 13-14, 2017, Ohio’s Tiffin University hosted the Maritime Risk Symposium, which discussed vulnerabilities, threats, and challenges affecting cyber security and the marine transportation system.

World Maritime News spoke with Scott Blough, Executive Director of Center for Cyber Defense & Forensics, Tiffin University, and James Dean, President of TrueCourse Advisory Services, a management consulting firm specializing in banking, insurance, maritime and shipping industries to find out more on the topic.

There are four main types of threats in the maritime industry, Blough and Dean explained.

1. Cyber crime

2. Facilitating piracy

3. Cyber fraud

4. AIS, GPS, and ECDIS spoofing and jamming

Cyber criminals typically resort to activities such as ransomware, data exfiltration or manipulation, and cyber fraud. Each of these activities usually involves a network or data breach.

Facilitating piracy is another endeavor that is typically reserved for the cyber criminals (although in this case, they are actual pirates). A report by Verizon (2015), “Pirates on the high-seas”, noted that pirates had obtained access to a shipping company’s data and were using that data to target specific ships.

Cyber fraud is also typically reserved for cyber criminals. World Fuel Services was the victim of a USD 18 million fraud in which cyber criminals sent a fake fuel supply email invoice that was accepted and paid, our interviewees added.

Automatic Identification System, Global Positioning System, and the Electronic Chart Display and Information System are also vulnerable to cyber attacks. They can be targeted by cyber criminals, nation-states, terrorists and other threat actors, depending upon the desired outcome. The main threat for these systems, which are used for navigation, involves spoofing.

Spoofing means sending false data that is accepted by the targeted system as real data. This is problematic in the maritime industry because of the interconnected nature of the navigation and port traffic control systems, our speakers pointed out.

“A terrorist organization or nation-state could potentially close or seriously impact a port’s ability to receive cargo, creating a significant economic impact.”