“What could have motivated these attacks?” asks Dr Will Perez, Director of Cybersecurity Solutions at Moran Cyber. “Was it a random occurrence or a targeted message to the international maritime industry?”
gCaptain first noticed the trouble early yesterday morning while following up on our recent article about the organization, which is a branch of the United Nations, questioning the reports of journalists. A few hours later the IMO tweeted this message:
IMO public website is currently undergoing some technical issues, our team is working to fix it and hopefully we will be back and running shortly. Thank you for your understanding.
Today the IMO tweeted a new statement admitting it was hacked. “The interruption of service was caused by a cyberattack against our IT systems,” says the tweet. “IMO is working with United Nations IT and security experts to restore systems as soon as possible, identify the source of the attack, and further enhance security systems to prevent a recurrence.”
An IMO spokesperson then told Reuters that internal and external emails continued to work normally and that the organization was working to restore access to public documents.
Journalists too have cried numerous times for help (literally cried in the case of this author). “When the Pope has to intervene in your industry, you know you’re in trouble.” wrote Forbes contributor and BBC veteran Nishan Degnarain. “How many more signals does the IMO need to see to believe that global shipping is an industry in meltdown?” he continued in a follow-up article this week.
“It is unacceptable for a poor third-world government only to receive tens of millions of dollars in compensation for a clean-up that will cost hundreds of millions of dollars to undertake,” argued David Osler of Lloyds List. “Even if that is legally right, it is morally wrong.”
“The IMO has fossilized; it needs something to wake it up.” said Andrew Craig-Bennett in Splash24/7 last week. “A change of scenery (To Singapore) might do that.”
This week the French shipping giant CMA CGM said that its back-offices are gradually being reconnected to the network, after a major attack the costs of which are still unknown.
And these are just the major headlines. Thousands more small or unsuccessful attacks happen against the maritime industry computers, systems, and people every day.
What Happened Today?
Via the use of basic open-source intelligence (OSINT) tools it appears that the IMO website was using an older version of Microsoft SharePoint that may be been exploited and compromised.
“Until further details are revealed in the coming days it is uncertain if indeed the attack was sophisticated or trivial,” says Dr. Perez of Moran Cyber. “In any event, the takeaway from this incident is that the maritime industry has been operationally and reputationally impacted this year with cyber-attacks.”
According to Perez, to protect against this type of attack, Internet-accessible systems need to be vigilantly maintained by keeping them updated and locked down as much as functionally possible to help reduce the threat surface and risks but many maritime companies are adopting the use of cloud-based collaboration platforms such as Microsoft Office365 for email and document sharing to improve the resiliency, operational efficiency, and security in place of their traditional on-premise IT systems.
Further embarrassing the subject the IMO was preparing to new cybersecurity guidelines that require shipping to beef up digital security measures by the end of this year.
In a series of resolutions, the industry has nicknamed “IMO2021” requires that by December 31st ship owns must develop comprehensive cyber risk management programs based around five major areas of concern: identifying risk, detecting risk, protecting assets, responding to risk and recovering from attacks.
Shipping companies will not only need to harden assets ashore but also aboard their ships. Each ship will be required to undergo a cyber risk analysis that assesses threats and vulnerability, as well as the impact of hackers on all digital systems critical for the safe operation of ships.
The IMO considers these new rules essential because the fallout from a coordinated attack on shipping would have disastrous results not just for ships but the world economy itself. . According to the World Shipping Council, liner shipping terminals trade more than $4 trillion worth of goods destined to the U.S. alone and terminals are increasingly dependant of digital systems.
A cyber attack at sea could be much worse. According to a study by Allianze insurance, a worst-case scenario involving the collision and grounding of two large vessels in an environmentally-sensitive location could result in significant loss of life, untold environmental damage, and financial losses “as big as $4bn when the cost of disruption, salvage, wreck removal, and environmental claims are considered.” That’s the potential damage if just one ship’s navigational computers get hacked.
If hackers were able to hack into the autopilot systems of an entire global fleet of vessels the damage would be unimaginable.
Companies like Moran Cyber can assist maritime companies to reduce the risks of these attacks but, as is usually the case in this industry, some shipping companies are waiting until the current IMO2021 grace period to expire before fully securing their systems and with the number of active attacks happening now specialized security teams might not have the bandwidth this December to take on new clients.
It’s going to get a lot worse.
Cybersecurity experts have been warning the IMO about this problem for many years and most cyber experts say that the IMO 2021 requirements are not nearly enough.
The question we are thinking is: Will these problems be enough to finally wake up the IMO?
Will they begin to take real and immediate action or continue to push soft regulations (e.g. IMO 2021).
The Biden Administration has announced the appointment of Lucinda Lessley to serve as the new Deputy Administrator for the U.S. Maritime Administration. Lessley was among dozens of key Department of...
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.