We are all well aware of online piracy, but now, it seems even pirates at sea are getting involved. A recent report by Verizon highlighted an incident involving vessels attacked by pirates who seemed to know exactly which containers held high value items. They had hacked into the shipper’s content management system (CMS) and accessed their bills of lading. This is not the first case of pirates exploiting cyber weaknesses in shipping companies. It’s easy for the following reasons:
- Out of date security systems: A report released by KPMG in 2014 warned us that cyber security systems within vessels and ports were between 10 to 20 years behind the curve compared with office based computer systems, leaving them wide open to hackers.
- Pirates can practice their hacking skills: The Verizon report indicated that the pirates were not actually good at hacking. Mistakes they made allowed Verizon’s cyber security team to track their activities and prevent this kind of infiltration in future. This highlights how out-dated the systems are, as well as how simple it was for people with little knowledge to perform a successful hack.
- It makes it quick and easy: Knowing the location of the container means you can board the vessel, find the exact crates by bar code, steal the contents and leave the vessel quickly, hopefully without a trace.
The more pirates use online hacking, the more efficiently they can target specific vessels, and the more money they make, which can be used to fund terrorism or the illegal drugs trade. Shipping companies need to take the initiative in upping their security game. Here are my essential tips for shippers to help reduce vulnerability to cyber-attacks:
- Make sure your security systems are up to date: make frequent checks to ensure that your web servers and systems are up to date with firewalls, antivirus protection, and ensure passwords are changed regularly. Especially with new electronic communications systems coming to the fray, such as VERMAS (see my previous blog on SOLAS), security systems need to be as tight as possible.
- Train your workforce: You need to go a step beyond the latest firewalls and anti-virus software. Train your staff against vulnerability from email phishing scams; social engineering and exploiting employee error.
- Monitor your workforce: A PWC Global Crime Report published last year showed that more than half of stolen data came from employee insiders. Implement monitoring systems to ensure that bills of lading, or any other confidential data, do not get out in the open.
The cost of installing these systems and procedures will pale in comparison to the cost incurred from a cyber-attack and help prevent losses at sea.
==========
My name is Neil Atkinson. I’m a Regional Marine Underwriting Manager at CNA Hardy and have specialised in the Marine Cargo sector for over fifteen years. Follow CNA Hardy’s blog series on LinkedIn.