Page 19: of Maritime Reporter Magazine (October 2017)

By Captain Drew Tucci, USCG, Dr Joe DiRenzo III and Professor Scott Blough

Over the past two months the world so, this has some troubling implications way that NotPetya employed those the in? ltration of the automatic MeDoc has been rocked by three major hacking for the marine industry and other aspects techniques that moves it into a danger- software updates. According to Talos in- events that have garnered international of critical infrastructure. ous arena. NotPetya used automation telligence, a forged digital signature for notice. These included the EQIFAX Why should the Maritime Industry to move throughout an organization’s the MeDoc software update contained event in which 140 million individu- Worry About the NotPetya ransomware? network, compromising endpoints and the initial payload (Fox-Brewster, 2017). als were reported to be possibly com- NotPetya employed many common rendering the organization operation- Since software updates typically have promised, the WannaCry attack and the exploit techniques; however, it is the ally defunct. Another concerning issue is admin access, it gives attackers an easy

NotPeyta event. In the past two years the emphasis on the cyber security of the

Marine Transportation System, a vital economic cog to the world has come un- der increasing scrutiny.

In August, trade journals and major in- ternational publications such as the UK’s

Register newspaper highlighted the Not-

Petya ransomware which resulted in reported impacts across many elements of the Marine Transportation System, in- cluding the shipping giant Maersk. The attack shut down operations completely at some facility locations for short peri- ods, and disrupted normal operations for two weeks. Company statements indi- cated losses in excess of $200 million.

If a nine-? gure bill isn’t enough to get your attention, consider that the marine industry can expect more of this in the future. It has certainly gotten the atten- tion of the insurance ? eld as cyber ex- perts look for ways to address the spiral development of this issue. Increasing automation including the Internet of

Things increases our vulnerability, and we have every reason to believe that the threat, be they state actors, terror- ists, criminal organizations, or insiders, will grow. An analysis of this event and some emerging cyber security gover- nance systems for the marine industry can help us understand and prepare for the next event.

At ? rst glance, NotPetya appears to have been a fairly standard ransomware attack – a form of cyber attack where the perpetrator gains access to and locks the owner out of their own ? les, demanding a ransom (typically paid in bitcoin) for the return of the ? les.

A ransomware attack on a home com- puter is, at the least, a signi? cant incon- venience, but not necessarily a disaster.

For any suf? ciently complex business or organization, a ransomware event can halt nearly all operations – even if

IT, rather than OT, systems are impact- ed. The marine industry – international, mobile, dispersed, contractor dependent, and with status updates demanded 24/7 by global customers – has all the right ingredients for high vulnerability and high consequences to this type of attack.

While ransomware attacks have be- come increasingly common, the NotPe- tya attack had some unusual aspects that suggest disruption, rather than the ran- som itself, may have been the motive. If www.marinelink.com 19

MR #10 (18-25).indd 19 MR #10 (18-25).indd 19 10/4/2017 3:12:10 PM10/4/2017 3:12:10 PM