Maritime and port cybersecurity.

A recent security advisory from the U.S. Coast Guard provides interesting details about a cyber incident that occurred in February 2019 aboard a deep-draft vessel (no further details were provided). The vessel, which was sailing on an international route bound for the Port of New York and New Jersey, notified the Coast Guard that it was experiencing a significant cyber incident affecting its onboard IT network.

A team composed of several experts from different government agencies, led by the U.S. Coast Guard, responded to the report and conducted an analysis of the vessel’s network and its critical control systems. The team concluded that although the malware had significantly degraded the performance of onboard computers, the ship’s essential command and control systems had not been affected.

The U.S. Coast Guard (USCG) is frequently involved in initiatives related to maritime cybersecurity. They were recently seen responding to a vessel affected by a cyber incident and also reporting on the impact of the Ryuk ransomware on a U.S. maritime operator. In their security bulletins, they also regularly address cyber threats in the maritime environment.

In a new circular, available here, the U.S. Coast Guard proposes updated guidance for addressing cyber threats affecting facilities and vessels under their authority.

Today, the relatively low cost (a few tens of euros for a basic receiver), the miniaturization of hardware, and the widespread availability of GPS receivers have led many to assume that this global infrastructure will always be available. These advantages have also enabled the rapid expansion of GPS usage across many sectors where it was previously absent: healthcare, pet tracking, sports, agriculture, domestic robotics such as lawn mowers, photography, and even port cranes (see also this article). As a result, it is now difficult to estimate how many GPS receivers are currently deployed worldwide.

According to a report published by Lloyd’s of London in collaboration with CyRiM (see the video here and the full PDF report here), and relayed by the news agency Reuters, a cyberattack targeting Asian ports could result in losses of up to 110 billion dollars. This amount is roughly equivalent to half of the total economic losses caused by natural disasters in 2018.

It is worth recalling that Lloyd’s specializes in commercial risk insurance. Such risks are generally less insured in Europe and Asia than in the United States.

I have mentioned this several times before: GPS signals (and GNSS more broadly) are essential for the safe day-to-day operation of the maritime sector. We have already discussed the risks associated with spoofing or jamming of these signals, the specific risks related to autonomous maritime vehicles, as well as several real-world examples, including incidents in the Persian Gulf.

On March 10, 2020, the United States formally raised concerns with the Maritime Safety Committee of the International Maritime Organization (IMO) regarding the increasing number of disruptions affecting GPS and GNSS signals. The submission, available here, calls on the IMO to urgently address cases of jamming and spoofing that threaten the safety of ships and seafarers.

The Bordeaux-based maritime insurer Adam Assurances has published a study on cyber risks affecting the maritime sector (available here as a blog article and here in PDF format).

After recalling the digital transformation underway across the maritime industry and the growing dependency that accompanies it, the insurer reviews several cyber incidents that have already affected the sector (MSC, COSCO, Maersk, among others).

Building on the key findings of the CyRiM study (see this article from November 2019 discussing it, the report then examines the Shen Attack scenario described in that analysis. Applied to the maritime sector, the scenario estimates that a large-scale cyberattack could impact up to 15 ports in Asia.