Page 11: of Maritime Logistics Professional Magazine (Jul/Aug 2017)
PORTS & INFRASTRUCTURE
Read this page in Pdf, Flash or Html5 edition of Jul/Aug 2017 Maritime Logistics Professional Magazine
n June, Maersk Line A/S’s information systems were se- password “1234” thereby gaining access to the ship’s com- verely disrupted by the so-called Petya virus. FMC provid- munication system.
Ied Maersk with relief to help them get through the diffcult I contacted x0rz through email connected to its Twitter ac- situation. In Mid-July, a researcher penetrated a ship’s internet count and asked for some tips and steps that shipping compa- system through its very small aperture system (VSAT). The nies can take to make them more secure from cyberattacks. ship was operating in the South America trade. x0rz provided the following suggestions, all of which involve simple common sense and are easy to implement:
VSAT Vulnerability
An internet security researcher identifed as “x0rz” discov- » Do not use default password(s) (change them ered that many shipboard VSAT systems can be penetrated immediately after installation); through the public internet, making the fndings live in real » Do not expose on the Internet the VSAT time on Twitter. Thus, ships can be tracked and identifed administration panel (keep it internal only); through services like Shodan. Shodan is a search engine that » Keep software up to date; allows users to fnd electronic devices and computer systems » Have this tested by a cybersecurity frm (audit / connected to the internet, i.e., power plants, traffc signals and penetration testing). Sometimes it is easy to think even ships. x0rz found that some ships’ systems are not se- “it’ s now secure” when in fact there are ways to curely confgured thus allowing a remote attacker to gain ac- bypass security mechanisms.
cess using default credentials.
According to TNW News, x0rz said “no ships were harmed Maersk Infected by the Petya Virus: during [his] experiments.” The system x0rz obtained access to FMC issued an order on July 19, 2017 granting Maersk Line‘s allow a review of the call history from the VSAT phone, abil- petition for a temporary exemption of service contract flings ity to change the system settings, and even upload new frm- as a result of the so-called Petya virus. The cyber attack inter- ware. The researcher logged the username “admin” then the rupted Maersk’s ability to determine which shippers to contact
Earlier this month, Commissioner Doyle and Captain John Murray, CEO of Port Canaveral, toured the port and discussed, among other things, the advent of LNG as a fuel.
www.maritimelogisticsprofessional.com 11I