Maritime and port cybersecurity.

Even a brief and high-level risk analysis makes it possible to identify several major risk scenarios that could affect the maritime sector. The list below is not exhaustive, but it provides an overview of some of the most relevant concerns.

For vessels, these scenarios may include:

• attempts to spoof or jam positioning or communication systems, either directly targeting the vessel or affecting its surrounding environment
• malfunctions or loss of availability of ECDIS navigation systems, even though these systems are often deployed with redundancy
• the transmission of false safety information to vessels (GMDSS alerts, AIS data, weather information, etc.)
• intrusions targeting onboard industrial control systems, including propulsion, navigation, or cargo management systems
• the remote takeover of a vessel or part of its systems
• the partial or complete encryption of onboard information systems through ransomware attacks

Ports are also exposed to similar risks, including:

In an article published yesterday, the company Pen Test Partners, known for its blog posts on maritime cybersecurity, released a new, somewhat alarming article on the topic.

Apparently, we are no longer supposed to adopt an alarming tone, so let us try to analyze it calmly.

The company, which operates in the United Kingdom and the United States, conducts penetration tests at the request of its clients on different types of ships. In their article, they explain that each time they perform such work, they manage to identify information systems that few — sometimes none — of the crew members know about, or whose purpose they do not understand. This may seem surprising. However, there can be explanations (which the article does not highlight, preferring — somewhat excessively in my view — the buzz). Here are a few possible explanations:

This has always surprised me, but relatively few people are actually familiar with the field of submarine cables. I am not only referring to the technology itself, but it is quite surprising to realize that some people are not even aware of their existence. It must be said that, lying deep on the ocean floor, it is tempting to forget about them. Yet they handle 98% of intercontinental telephone communications and data transfers every day. Without them, our daily lives and our economy would be profoundly disrupted.

As mentioned last year, the Port of Singapore authorities inaugurated their Maritime Security Operations Center (MSOC) on May 16, 2019. Singapore is a major global transshipment hub, particularly for container traffic.

“It is therefore important that we protect our maritime and port infrastructure to prevent any major disruption to port operations and the delivery of services,”
said Niam Chiang Meng, Chairman of the Maritime and Port Authority of Singapore.

According to the Wall Street Journal, cyberattacks attributed to Chinese actors have targeted at least 27 universities in Canada, Southeast Asia, and the United States since at least April 2017, including institutions such as MIT, the University of Hawaii, and the University of Washington.

The objective? The attackers reportedly sought to obtain sensitive information related to military technologies in the maritime domain. The attack vector appears to have been relatively conventional: a spear-phishing campaign.

Following a first alarming article published last week, a Wall Street Journal article dated March 12, 2019 confirms growing concerns regarding the U.S. military maritime sector.

Referring to a 57-page internal report submitted to then-Secretary of the Navy Richard Spencer, the newspaper states that the U.S. Navy and its industrial partners are effectively under “cyber siege.” Once again, China is explicitly identified as the main actor, accused of having stolen sensitive military information over recent years, potentially threatening the United States’ position as the world’s leading military power.