The shipping supply chain is stressed from Covid. That makes it ripe for hackers
The global supply chain, where goods are shipped all over
the world, is already stretched thin thanks to a year and a half of operating
during a pandemic. It really doesn’t need hackers mucking things up further.
But experts warn that the $100 billion shipping industry —
especially the heavily computerized ports that receive cargo ships, as well as
the actual crafts — are ripe targets for ransomware attacks. And the U.S.
shipping industry is already backed up, as the coronavirus pandemic has caused
a backlog with Americans ordering more goods to their home than ever before.
Ransomware can hamper practically any organization that’s
connected to the internet: Schools, hospitals, manufacturers, city governments
and police departments are all frequent targets. But the shipping industry,
more than most, relies heavily on the interaction between a number of different
digital systems, from ports and cities to individual ships and the companies
that own them.
That makes shipping particularly susceptible to cyberattack,
said Rear Admiral John Mauger, the Coast Guard’s assistant commandant for
prevention policy.
“This is an industry that relies on free flow of
information,” Mauger said. “And as such, they are vulnerable to disruptions
because of ransomware attacks.”
Ransomware, a criminal enterprise where a hacker or hacker
group will encrypt a victim’s computers and demand a payment to restore them,
has surged in recent years. But only in June, with the hack of a major U.S. oil
pipeline, did the worry that ransomware could interrupt critical infrastructure
take hold.
The White House has expressed particular concern about
ransomware attacks on critical infrastructure, issuing an executive order
mandating such companies adopt some basic cybersecurity standards and asking
President Vladimir Putin to rein in hackers in Russia, where many ransomware
operators live.
But so far, at least some hackers don’t appear to have
gotten the message. At least five U.S. health care facilities — which, like the
shipping industry, are among the country’s 16 categories of critical
infrastructure — have been hit with ransomware since June.
In recent decades, shipping ports have become significantly
more reliant on robotic operations and digitized inventory rather than human
labor. That, coupled with the enormous value of goods that go through ports,
makes them ripe targets for ransomware, said Nina Kollars, associate professor
of strategic and operational research at the U.S. Naval War College.
“It keeps me up at night,” Kollars said. “Most of those
systems weren’t designed with the notion that somebody was going to try to mess
with them. Wasn’t part of the calculus.”
Knocking a port offline can slow its normally extremely
efficient operations to a crawl, she said.
“If I had to use a paper manifest — if I had to walk over to
a crane operator who wasn’t assisted by a computer in some way, if it wasn’t
all being tracked by barcodes and scanners — it would take excruciatingly long
to load those ships,” she said.
Ransomware attacks on ports are already happening. Ports in
San Diego and Barcelona, Spain, were hit with minor ones in 2018. In July,
hackers locked up Transnet, a South Africa-owned company that oversees
operations for the country’s major seaports. A ransomware attack halted
operations at four of the eight ports. While many of the company’s computer
networks were quickly restored, it led to rolling delays that pushed back some
shipments by weeks.
In one case, the effects were devastating to the industry.
In the summer of 2017, hackers later traced to Russian military intelligence
unleashed a malicious program called NotPetya, believed by many experts to be
the most destructive cyberattack of all time. It locked up files, spread to as
many computers as it could and demanded a payment, but the hackers didn’t
actually build in a way for victims to recover their files.
NotPetya was targeted to disrupt Ukraine as it prepared to
celebrate Constitution Day, a national holiday, but it quickly spread around
the world, infecting the Danish shipping giant Maersk. Several Maersk ports
were infected, too, including one in Elizabeth, New Jersey, which was paralyzed
for several days.
Ultimately, the attack cost Maersk an estimated $300
million, and the company took two weeks to resume operations at full speed.
For most ransomware hackers, their criminal enterprise is
akin to a business. A leaked manual for one major group, for instance, detailed
that the first step in any operation is to Google for a potential victim’s
revenue and to adjust their financial demand accordingly. Some make a
deliberate attempt to target businesses that need to get back online
immediately, like hospitals.
That’s why a potential ransomware attack on a ship at sea,
which can each carry a billion dollars’ worth of food, retail goods or fuel,
can be such a tempting target for criminals, said Dave Burke, the chief engineer
at Fathom 5, a cybersecurity company that specializes in the maritime industry.
“My concern has been those with valuable enough cargos for
people to start to look at,” Burke said. “They’re definitely a high-value
target.”
To date, most ransomware attacks on infrastructure companies
have only hit their business networks, rather than the networks that are used
to actually run machinery. But if a hacker were to make that jump, they could
find themselves with enormous power to disrupt or even halt a cargo ship at
sea, Burke said.
“If you get down to the internals at the industrial
controllers — steering, or the generators, targeted propulsion — there really
is no security,” he said.
“They were designed in a lot of cases with the assumption
they were separate from the rest of the network on board the ship,” he said.
“But we are continually seeing systems that are cross-connected,” he said.
Historically, there’s been little standardized guidance
forcing cargo ships to protect themselves from hackers. In March, the Coast
Guard issued updated cybersecurity guidance for commercial ships entering or
leaving U.S. ports, with the goal of reducing the risk of such an attack.
But still, enforcing cybersecurity standards for
multinational ships coming from around the world is an enormous task, Kollars
said.
“I can’t imagine that international companies are going to
be in a real hurry to comply,” she said.
Comments
Post a Comment