Maersk is one of the giants of maritime transport. It has an annual turnover of more than $9.6 billion, and employs almost 80,000 staff. A company of these dimensions tends to suffer many business-related incidents every year, but this case was something no one was expecting.

Suddenly, some members of the technical department saw a message on their computer screens: “repairing file system on C:”. Some of the computers then began to restart by themselves. Many employees’ screens also began to fade to black and stayed that way even after the computers were restarted.  More and more screens began to fade to black. The next thing they knew, a message appeared explaining that their files were being encrypted. The message was accompanied with a request for a $300 ransom to regain access to them.

A 255 million euro cyberattack_

The company’s worst fears were confirmed: they had just fallen victim to a cyberattack. In fact, it may have been the largest global cyberattack in history. The malware behind all of this was NotPetya, the ransomware that had followed in the footsteps of WannaCry in summer 2017, paralyzing the activity of a litany of large enterprises and public institutions.

As a result of this cyberattack, Maersk’s booking system was frozen, its container tracking was slowed down, and the 80 ports that it operates all over the world were in limbo, unable to do a thing, for at least three days. Eventually, it came time to evaluate the damage: the attack cost the company around €255 million.

Attacks on shipping companies, oil rigs, ports…

Maersk may have been hit by the worst cyberattack in the sector, but it far from the only company to have suffered. In August 2011, the Iranian state shipping line, Irisl, experienced a cyberattack on its servers. This attack led to internal tracking data being altered, and lost containers and misdelivered cargo.

There have been several examples of what could happen if the IT systems of maritime infrastructure were interfered with. In 2013, cybersecurity researchers managed to make the yacht White Rose of Drax turn sharply while, on its radar, it seemed to be sailing in a straight line. The researchers did this by gradually replacing the legitimate GPS signal with a spoofed signal.

Also in 2013, Europol confirmed that the port of Antwerp, Belgium, had suffered attacks by cybercriminals hired by drug traffickers in order to facilitate their trade. According to the European police force, this is something that occurs relatively frequently in both Belgium and the Netherlands.

 Cybersecurity for the maritime sector_

All of these incidents lead us to an inevitable conclusion: cybersecurity isn’t just the concern of financial or purely technological enterprises; it also has a direct impact on other sectors that, in theory, may seem less susceptible. The maritime industry is no exception, so must also make every effort to protect its IT security.

To respond to this necessity, the British government recently published a set of guidelines to help large maritime transport companies to protect their cybersecurity and avoid these kinds of threats. The full guide, published by the Department for Transport (DfT), includes a long list of tips, among which it is worth highlighting some of the more vital ones:

1.- Data security and protection. Sensitive data and private information must be stored with the maximum possible security. This is why it is recommended to store it separately (not mixing financial data with client information, for example), and, if possible, with permissions limited only to higher ranking employees. In cases where an attack cannot be avoided, solutions such as Cytomic Data Watch ensure that no sensitive information can be stolen or leaked.

2.- Access control. The system and any access points must be protected and monitored. The system must also be controlled to ensure that no unauthorized changes are made, and to make sure that unidentified persons do not get in. In this sense, Cytomic EPDR prevents, detects and responds to any kind malware, both known and unknown, fileless and malwareless attacks to stop malware from running on computers, servers, virtual environments and mobile devices.

3.- Full availability of technology. The maritime sector relies heavily on technology. This means that, even if an organization in the sector suffers an intrusion, this technology must still be available and protected in order to allow companies to keep operating normally and not suffer accidents.

4.- Resilience. No matter how sophisticated an enterprise’s cybersecurity plan is, it must be revised and updated constantly. This is the only way to stay safe from new ransomware or other kinds of attack.

In the end, the most serious potential danger isn’t caused by data breaches, the cessation of operations, or even the impact on the whole maritime sector; rather, it is the damage done to the world economy in general, which is increasingly globalized, and where trade is a fundamental axis. This is why cybersecurity is becoming increasingly strategic, going beyond the traditional protection of an organization’s assets. The organization’s approach, measures and solutions must be holistic, strategic and preventive.