Page 26: of Maritime Reporter Magazine (September 2017)
U.S. Navy Quarterly
Read this page in Pdf, Flash or Html5 edition of September 2017 Maritime Reporter Magazine
Maritime Security
The maritime industry must redouble its efforts to secure IT systems and data.
BY WILLIAM P. DOYLE
In June, Maersk Line A/S’s informa- the following suggestions, all of which out violating the Shipping Act. More to Exchange. The OOCL brand, headquar- tion systems were severely disrupted by involve simple common sense and are the point, Maersk was able to provide ters and management structure is not ex- the so-called Petya virus. FMC provid- easy to implement: service to its customers on the same pected to signi? cantly change. Finally, ed Maersk with relief to help them get commercial terms as it would have had all OOCL employees will be kept on through the dif? cult situation. In Mid- • Do not use default password(s) it been able to conclude and ? le contacts board for at least two years.
July, a researcher penetrated a ship’s (change them immediately after in- and amendments. internet system through its very small stallation); These two cyber incidents can serve as FMC Updates its Controlled aperture system (VSAT). The ship was • Do not expose on the Internet the teachable moments for the entire mari- Carrier List operating in the South America trade. VSAT administration panel (keep it time and logistics transportation chain. On July 19, 2017, the Commission internal only); We all need to redouble our efforts and updated its list of “Controlled Carri-
VSAT Vulnerability • Keep software up to date; secure the best available IT system pro- ers,” or, those ocean common carriers
An internet security researcher identi- • Have this tested by a cybersecurity tections and practices. that are majority owned or controlled by ? ed as “x0rz” discovered that many ship- ? rm (audit / penetration testing). foreign governments. The Commission board VSAT systems can be penetrated Sometimes it is easy to think “it’s M&A Update is charged with monitoring foreign gov- through the public internet, making the now secure” when in fact there are In July, China Ocean Shipping Compa- ernment control of ocean shipping lines. ? ndings live in real time on Twitter. ways to bypass security mecha- ny (COSCO) and Overseas Orient Inter- The FMC maintains a list of these com-
Thus, ships can be tracked and identi? ed nisms. national Ltd. (OOIL) announced plans to panies which is periodically updated as through services like Shodan. Shodan is merge. China-owned COSCO’s move to circumstances warrant. a search engine that allows users to ? nd Maersk Infected by the Petya Virus absorb Hong Kong-based OOIL would Over the past couple of years, the FMC electronic devices and computer systems FMC issued an order on July 19, 2017 create the world’s third largest container has demonstrated regulatory ? exibility connected to the internet, i.e., power granting Maersk Line‘s petition for a carrier. OOIL is controlled by the Tung in addressing the burdens for shippers plants, traf? c signals and even ships. temporary exemption of service con- family, which founded Orient Overseas who do business with controlled carri- x0rz found that some ships’ systems are tract ? lings as a result of the so-called Container Line (OOCL) in 1969. The ers. For instance, in 2015, United Arab not securely con? gured thus allowing a Petya virus. The cyber attack interrupt- Tung family has a long history in the Shipping Company (UASC) was granted remote attacker to gain access using de- ed Maersk’s ability to determine which shipping industry predating modern day the ability to lower tariff rates without fault credentials. shippers to contact in order to extend OOCL. In addition, the Tung family’s waiting the requisite 30 days. However,
According to TNW News, x0rz said or renegotiate certain service contract Tung Chee-hwa was the ? rst Chief Ex- if UASC wanted to raise rates then they “no ships were harmed during [his] ex- rates. Further, even if Maersk were able ecutive of Hong Kong. Tung Chee-hwa would still be required to wait 30 days periments.” The system x0rz obtained to identify which contracts needed atten- was elected in 1996 by the 400-member prior to implementation. access to allow a review of the call his- tion, the Petya virus prevented the com- Selection Committee prior to the transfer Recent consolidation in the container tory from the VSAT phone, ability to pany from electronically ? ling docu- of sovereignty over Hong Kong from the shipping industry has resulted in four no- change the system settings, and even ments with the Commission. United Kingdom to China. table changes among Controlled Carriers upload new ? rmware. The researcher By granting the petition, the FMC al- I had the opportunity to meet with as listed below: logged the username “admin” then the lowed Maersk some regulatory relief. the leadership of COSCO in Washing- password “1234” thereby gaining access For instance, Maersk would not require ton, D.C. in early August. According • China Shipping Container Line was to the ship’s communication system. customers to pay the higher tariff rates to COSCO executives, the parties have integrated into COSCO Container
I contacted x0rz through email con- to shipments tendered during the period begun discussions with the U.S Depart- Lines Company, Limited, which nected to its Twitter account and asked of relief. Rather, FMC’s order permitted ment of Justice on the potential merger. then changed its name to COSCO for some tips and steps that shipping Maersk to apply service contract rates The price tag for the deal is valued at SHIPPING Lines Co, Ltd.
companies can take to make them more to shipments that were agreed upon and $6.3 billion. COSCO intends to keep in • Singapore’s American President secure from cyberattacks. x0rz provided ? led after the date of cargo receipt with- place OOCL’s listing on the Hong Kong Lines, Ltd. and APL Co., Pte. is be- 26 Maritime Reporter & Engineering News • SEPTEMBER 2017
MR #9 (26-33).indd 26 MR #9 (26-33).indd 26 9/6/2017 2:11:22 PM9/6/2017 2:11:22 PM