Page 39: of Maritime Logistics Professional Magazine (Q2 2016)

38 40

Famous and Mundane Breaches and Attacks … at a Glance

What could happen? Oh, what a computer virus, hacking for hire or $30 jammer could do: • In 2008, the DOD banned the use of removable storage devices in an effort to halt the spread of a computer virus wending its way through the DOD network. Though the ban was later relaxed to allow government-procured and owned devices, civilian ? ash drives remain verboten by the U.S. Navy and the U.S. Coast Guard because it is impossible to track how they are being used, and there is no way to know whether they are infected – a recipe for impending disaster. • In 2010, malware overwhelms underway off-shore drilling rig in

Asia, forcing a prolonged shutdown. Reportedly the lack of cyber security ex-

A little less accidental, pertise onboard is the main reason it took a week to identify the cause and ? x.

investigators looking into a shipping accident in the • In 2011, pirates hack into ship servers to identify vulnerable ship-

U.K. discovered the crew ments, later boarding it with bar code readers to ? nd the targeted cargo.

had disconnected the • In 2012, a foreign military compromises “multiple systems” on- ship’s black box and used board commercial ship contracted by U.S. TRANSCOM.

it to download a movie be- fore reattaching the device.

• In 2012, over 120 ships, including major Asian Coast Guard vessels, experience malicious jamming of GPS signals.

• Nation-state cyber attacks are not uncommon; though so far tend to target land-based systems. These include: A computer virus that in 2012 targeted Iranian oil companies, forcing much of the oil infrastructure of? ine, including Iran’s Kharg Island oil terminal, which handles 80% of its oil exports; a believed-to-be retaliatory 2012 virus attack, said to be the largest ever, on Saudi Aramco, Saudi Arabia’s national oil company, which supplies 10% of the world’s oil, wiping out or destroying the hard drives of at least 35,000 PCs, and costing the company months of work and barrels of money before it could get its delivery tracking and billing system back on line; and Stuxnet, the U.S./Israeli-created virus used to destroy centrifuges in an Iranian nuclear facility in 2010. On an ongoing basis, the North Korean government routinely jams critical GPS signals from at least a 50-mile radius and may be pushing it to 100.

• In 2013, European authorities announce drug smugglers hacked cargo tracking systems in the Port of Antwerp to locate and retrieve their illegal goods. The two-year operation hired hackers to in? ltrate com-

Cyber con artists are puters controlling the movement and location of containers. Malicious soft- ? eecing shipping com- ware and key-logging devices were used in the plot. No one noticed until containers started to vanish.

panies with realistic scam billings after hacking into • In 2014, a seven-hour GPS signal disruption took a key U.S. ? nancial systems. Once the port of? ine, shutting down multiple ship-to-shore cranes for several hours.

bill is paid, they disappear, forcing the company to eat • Typical of how insiders can inadvertently muck up the works, a mate on a vessel heading out to sea, plugged his low-on-battery smart phone into the loss and ante up again a UBS port on the bridge. The resulting malware infection erased or - to the real supplier.

corrupted all the charts on the ECDIS system of the ship’s systems, costing an additional two days in port waiting for a ? x.

Sources: USCG’s Cyber Strategy white paper.

www.maritimeprofessional.com Maritime Professional 39| | 34-49 Q2 MP2016.indd 39 5/19/2016 11:36:38 AM