Coast Guard Warns Shipping Firms of Maritime Cyberattacks

A commercial vessel suffered a significant malware attack in February, prompting the US Coast Guard to issues an advisory to all shipping companies: Here be malware.

In February 2019, a large ship bound for New York City radioed the US Coast Guard warning that the vessel was experiencing a significant cyber incident impacting their shipboard network.
The Coast Guard led an incident-response team to investigate the issue and found that malware had infected the ships systems and significantly degraded functionality. Fortunately, essential systems for the control of the vessel were unimpeded.
On July 8, the military branch issued an alert to commercial vessels strongly recommending that they improve their cybersecurity in the wake of the incident, including segmenting shipboard networks, enforcing per-user passwords and roles, installing basic security protections, and patching regularly.
It is unknown whether this vessel is representative of the current state of cybersecurity aboard deep-draft vessels, the Coast Guards alert stated. However, with engines that are controlled by mouse clicks, and growing reliance on electronic charting and navigation systems, protecting these systems with proper cybersecurity measures is as essential as controlling physical access to the ship or performing routine maintenance on traditional machinery.
The focus on the security and safety of maritime networks is not new. Following the Stuxnet attack in 2009, which decimated the ability of Iran to enrich uranium ore and demonstrated the ability of cyber operations to impact physical infrastructure,
government and industry began to look to their own defenses
. Among those scrutinized sectors were maritime and shipping.
The European Network and Information Security Agency, now known as the European Union Agency for Cybersecurity, analyzed the state of maritime cybersecurity in 2011,
releasing a report late that year
. The report found that cybersecurity awareness in the maritime sector was low to non-existent and the focus of nearly all security measures were on physical systems.
Six years later, the industry had woken up to the threats but still moved at a slow pace, says Markus Schmitz, managing director of
SOFTimpact, a Cyprus-based IT solutions provider to the maritime industry
. In 2017, however, the NotPetya ransomware attack hit computers at shipping firm AP Moller-Maersk, requiring the firm to reinstall 4,000 servers, 45,000 workstations, and 2,500 applications in less than two weeks,
costing the firm between $250 million and $300 million
.
The incident spurred the industry to greater efforts, focusing on cybersecurity issues, including establishing industry groups and vetting initiatives. Yet companies in the sector are still not ready, says Schmitz.
Incidents like NotPetya are bound to happen and such random incidents will happen to other shipping companies as well as companies of any other industry, Schmitz says. In this regard, the shipping industry is neither more nor less vulnerable than any other globally operating business.
Yet more than 90% of the worlds trade is carried by shipping,
according to the United Nations International Maritime Organization
, and that puts the industry in the crosshairs of potential targeted attackers. Because the shipboard systems mix IT and operational technology (OT), companies are vulnerable to losing control of ships due to a cyberattack.
In addition, the business model of global shipping makes the vessels even more vulnerable, SOFTimpacts Schmitz says. Crew tend to be temporary — independent contractors on voyage contracts — an arrangement that makes them hard to train and usually unfamiliar with a specific companys information security policy. In fact, most ships are operated with crew contracted through multiple levels of outsourcing, making assigning responsibility for information systems — and incidents to those systems — nearly impossible. Good luck telling the captain or a port pilot that they cannot use a USB stick, he says.
The role of the in-house IT must be extended to include the OT systems, Schmitz says. The in-house IT must be trained on OT systems, must spend time onboard, must be included in purchasing processes, and must take responsibility.
The issues apparently plagued the commercial ship mentioned in the US Coast Guard alert. The ships crew knew, but did not care, that the entire system was insecure.
Prior to the incident, the security risk presented by the shipboard network was well known among the crew,
the alert stated
. Although most crew members didnt use onboard computers to check personal email, make online purchases or check their bank accounts, the same shipboard network was used for official business — to update electronic charts, manage cargo data and communicate with shore-side facilities, pilots, agents, and the Coast Guard.
The US Coast Guard recommends that owners of vessels and the shipping firms that use the vessels require regular cybersecurity assessments. Other recommendations can be found on the
Coast Guards cybersecurity page
.
For the most part, shipboard networks do not pose a great risk until they are specifically targeted by attackers who aim to compromise the operational networks. While those attacks are not common, they will come, says SOFTimpacts Schmitz.
There is no reason to panic, but there is a problem and in many shipping companies, it has not been dealt with in an adequate (or organized) manner, he says.
Related Content
Russia Regularly Spoofs Regional GPS
Inmarsat Disputes IOActive Reports of Critical Flaws in Ship SATCOM
Golden Galleon Raids Maritime Shipping Firms
Sea Craft Voyage Data Systems Vulnerable to Tampering, Spying
First EU-Report on Maritime Cyber Security

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the
conference
and
to register.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Coast Guard Warns Shipping Firms of Maritime Cyberattacks