Page 53: of Maritime Reporter Magazine (June 2020)

Ransomware: The IT Danger on the Horizon

By Brendan Saunders, Technical Director & Maritime Lead, NCC Group

Two decades into the 21st century, level, and many are collaborating on we’re seeing a growing and pernicious defense strategies. The frst pan-U.S. threat to global information security: Maritime Cybersecurity Conference, ransomware. Even non-technical folk focusing on port and vessel security, have loosely heard of it, but the broader took place in Walnut Creek last Decem- implications haven’t yet penetrated ber, and brought together experts from the public consciousness. In different across the industry spectrum to enhance industries, that general lack of aware- knowledge of these threats.

ness could be a big problem—and the Here’s the takeaway at this point: Ran- maritime sector is a good example. somware attacks are inevitable, and port

Ransomware hits at the confuence of or vessel operators need to plan accord- © arrow/AdobeStock two critical trends in modern technolo- ingly. Building defenses is important, could cause safety-critical failures are gy: the ever-increasing integration of IT but it’s also vital to have a robust and theoretically possible—in fact, NCC systems into daily life, and the intercon- rehearsed response and recovery plan

Group has modelled such attacks with nectedness of those IT systems. In its that can help to alleviate the damage.

customers. However, the cascade of 2019 report “Evasive Threats, Pervasive For ransomware prevention, ef- physical and technical failures required

Effects,” Trend Micro recorded a 77% forts must always begin with people. for this contingency remain highly uptick in ransomware attacks between Ransomware typically relies on user unlikely. This kind of damage requires the second half of 2018 and the frst half mistakes to gain access; business users malware that is system-specifc and of 2019, and it’s clear that this threat must be trained to identify malicious broad enough to override manual will only get worse. emails or spoofed websites and there- safety checks. The only two confrmed

So how does this affect the maritime fore prevent ransomware from taking instances of such attacks in the wild industry? And how should a global busi- control of the network. Robust mail- are Stuxnet and ‘Crash Override,’ both ness network struggling with technology fltering systems add another line of de- highly targeted, and nation-state-level integration across the board deal with fense. Helping users and administrators attacks.

this aggressive mode of attack? identify signs of compromise in their

The real risk is disruption: The attacks

Over the last 10 years, the integration systems, and advising them on the best on the Port of San Diego, COSCO and of operational technology (OT) and responses is also key to avoiding the

Maersk underline how heavy reliance information technology (IT) systems in widescale spread of ransomware across on IT systems coupled with huge outage the maritime environment has accelerat- networks.

costs make this a serious concern for ed dramatically. Onboard ships, modern Strong network segmentation with the industry. Different maritime facili- network technologies allow for greater robust incident response processes offer ties were put on high alert after news control and monitoring of engineering the best protection against catastrophic broke of a ransomware attack during the and mechanical systems, leading to outages, and make restoration from

Christmas break. A virus labelled ‘Ryuk’ increased reliability and effciency for well-managed backup processes more apparently penetrated the MTSA facility vessel operators. For ports and other effective. Again, the maritime sector through an email phishing attack, then infrastructure hubs, many key industrial faces the same threats as most other potentially allowed access to important systems now have physical connectivity sectors. The reliance on IT systems for network fles and disrupted the port’s with the outside world through inte- critical operations, and the integration of facility operations for over 30 hours.

gration with internal IT-based control IT systems into the operational technol-

Ports across the country and the world systems. Autonomous cranes and driver- ogy stack, has massively increased in a are learning from this new breed of at- less fatbed vehicles are now crucial very short space of time: Even 10 years tacks, where the targets can be random elements in the world’s largest ports. ago, most ships had no internet access. rather than intentional. For most of

Yet the threats that get the greatest Today, many are effectively foating the world’s port operators, protection attention are not always those that pose branch offces, and they need to ramp up from cyberattacks, and ransomware in the most imminent threat. Attacks that the level of protection just as fast. particular, is a top concern at the board www.marinelink.com 53