The Malware Threat to the Maritime Industry: Protecting Ports, Vessels, and Logistics

The Critical Importance of the Maritime Transportation System

The United States is a maritime nation, with an integrated network of 25,000 miles of coastal and inland waterways, 361 ports, 124 shipyards, over 3,500 maritime facilities, 20,000 bridges, 50,000 federal aids to navigation, and 95,000 miles of shoreline. This expansive Maritime Transportation System (MTS) is a critical component of the nation’s economic prosperity, national defense, and global connectivity.

The MTS contributes to one quarter of the United States’ gross domestic product, approximately $5.4 trillion. Maritime operators leverage an increasing array of information technology (IT) and operational technology (OT) systems to maximize the reliability and efficiency of maritime commerce. These systems assist with vessel navigation, communications, shipboard engineering management, cargo management, safety, security, and more.

However, the proliferation of IT and OT across the maritime sector is introducing previously unknown cybersecurity risks. As evidenced by the devastating 2017 NotPetya cyber-attack that crippled the global maritime industry for days, malicious actors are actively targeting this critical infrastructure. The maritime industry’s reliance on technology has created vulnerabilities that threat actors can exploit, potentially causing catastrophic disruptions to national security and economic prosperity.

Understanding the Cybersecurity Landscape in Maritime

The maritime industry is a diverse sector, with businesses of all sizes leveraging interconnected IT and OT systems. Users across the maritime domain access key data and management systems daily, making secure access control and user monitoring a significant challenge. Furthermore, different public and private entities often own and operate these interconnected systems, limiting the ability of individual operators to control the security of critical systems.

While cybersecurity standards and frameworks are widely available, such as NIST’s Cybersecurity Framework, businesses in the maritime industry often lack the resources or expertise to implement them effectively. This leaves many maritime organizations vulnerable to cybersecurity disruptions, especially small and medium-sized enterprises that may not have the budget for robust security measures.

Adding to the complexity, the maritime industry lacks cohesive and practical uniform cybersecurity standards across public and private sectors. Ports, vessels, and other maritime facilities may have situational, ad-hoc security practices driven by profit margins and efficiency rather than comprehensive risk mitigation. Unless private sector entities have a clear understanding of current and future maritime cybersecurity threats and a financial incentive to invest in security, some may not align with their partners or allies to bolster the industry’s overall resilience.

The Evolving Threat Landscape

The maritime domain is an attractive target for a wide range of malicious actors, including state-sponsored groups, non-state proxies, and cybercriminals. These adversaries are increasingly leveraging the cyber domain to gain a strategic advantage, disrupt operations, and generate financial gains.

State-Sponsored Cyber Threats:
– The People’s Republic of China is a persistent cyber espionage threat, using cyber operations to strengthen its national and international standing in sectors like transportation and military modernization.
– The Russian Federation has demonstrated its willingness to conduct destructive cyber-attacks against critical infrastructure, as evidenced by the NotPetya malware that caused over $10 billion in damages and disrupted global shipping.
– Iran sponsors non-state proxies who conduct sophisticated cyber-attacks against critical infrastructure, including attempts to breach U.S. Navy unclassified networks.
– North Korea has shown a capability and willingness to target maritime activities, including manipulating automatic identification systems to evade sanctions.

Cybercriminal Activities:
– Cybercrime activities, such as ransomware attacks, industrial espionage, and data manipulation to support smuggling operations, are on the rise in the maritime industry.
– In 2020, a ransomware attack on a shipping company affected protected supply shipments from Australia, highlighting the potential for disruption.
– Adversaries frequently interfere with shipboard navigation systems by targeting positioning, navigation, and timing (PNT) signals through spoofing or jamming, potentially causing vessels to collide or run aground.

The combination of state-sponsored and criminal cyber threats poses a significant risk to the maritime industry. As technology continues to advance and proliferate, more actors will compete in the cyber domain to gain a strategic advantage, resulting in an increased frequency and magnitude of malicious activities targeting the MTS.

Securing the Maritime Transportation System

To address the growing cybersecurity threats to the maritime industry, the U.S. government has developed the National Maritime Cybersecurity Plan. This comprehensive strategy outlines priority actions to close maritime cybersecurity gaps and vulnerabilities over the next five years.

Deconflicting Roles and Responsibilities

One of the key priorities is to deconflict the roles and responsibilities of the more than 20 federal government organizations currently involved in maritime security. The plan aims to establish consistent maritime cybersecurity standards across all maritime industry stakeholders, enabling greater coordination to address gaps and vulnerabilities in IT and OT systems.

Developing Risk Modeling and Frameworks

Another priority is to develop risk modeling and frameworks to inform maritime cybersecurity standards and best practices. This includes:

1. Analyzing and clarifying cybersecurity reporting guidance for maritime stakeholders to identify trends and attack vectors, thereby increasing sector-wide situational awareness and decreasing cyber risk.
2. Constructing an internationally accepted, outcome-focused, threat-informed risk framework for port OT systems, allowing maritime stakeholders to share a common risk language and develop common OT risk metrics.

Strengthening Cybersecurity in Contracts and Leases

To limit adversarial opportunities, the plan calls for the inclusion of specific cybersecurity language in contracts and leases between the U.S. government and private entities. This will help safeguard the flow of maritime commerce, protect MTS users, and ensure the economic prosperity of the nation.

Enhancing Port and Vessel Cybersecurity Assessments

The Department of Homeland Security (DHS) and the Department of Defense (DoD) will conduct maritime cybersecurity assessments to enhance the protection of port facilities, vessels, and infrastructure from malicious cyber-attacks. This includes developing a framework for port cybersecurity assessments and promoting cybersecurity grants and initiatives to protect maritime critical infrastructure.

Improving Information Sharing and Intelligence

The plan also prioritizes the exchange of government information with the maritime industry, the sharing of cybersecurity intelligence with appropriate non-government entities, and the prioritization of maritime cybersecurity intelligence collection. These efforts aim to strengthen the integrity and resilience of the MTS by fostering transparency, sharing information, and building a coalition of maritime cybersecurity advocates.

Building a Capable Maritime Cybersecurity Workforce

The maritime industry’s reliance on IT and OT systems, coupled with the increasing sophistication of cyber threats, necessitates the development of a competent and capable maritime cybersecurity workforce. The National Maritime Cybersecurity Plan outlines the following key priorities:

1. Producing Cybersecurity Specialists in Port and Vessel Systems: The Department of Homeland Security, through the U.S. Coast Guard, will develop cybersecurity career paths, incentives, and continuing education requirements to build a specialized maritime cyber workforce.

2. Collaborating with the Private Sector: The Department of Defense and DHS will pursue and encourage cybersecurity personnel exchanges with industry and national laboratories, focusing on port and vessel cybersecurity research and application.

3. Deploying a Capable Maritime Cybersecurity Workforce: The U.S. Coast Guard will field cyber protection teams to support federal maritime security coordination, aid in marine investigations, and enhance the protection of MTSA-regulated facilities.

By investing in the development of a dedicated maritime cybersecurity workforce, the government and industry can better defend the MTS against evolving cyber threats and ensure the continued security and resilience of this critical national asset.

Conclusion

The United States’ economic prosperity, national defense, and global connectivity are inextricably linked to the security and resilience of the Maritime Transportation System. As the maritime industry increasingly relies on IT and OT systems, the threat of malicious cyber-attacks continues to grow, posing a significant risk to this vital infrastructure.

To address these challenges, the National Maritime Cybersecurity Plan outlines a comprehensive strategy to deconflict roles and responsibilities, develop risk modeling and frameworks, strengthen cybersecurity in contracts and leases, enhance port and vessel assessments, and improve information sharing and intelligence. Crucially, the plan also prioritizes the creation of a capable maritime cybersecurity workforce to defend against the evolving threat landscape.

By working collaboratively across government, industry, and international partners, the maritime industry can enhance its cybersecurity posture, mitigate the impact of cyber threats, and ensure the continued prosperity and security of the nation. As an IT Fix expert, I encourage all maritime stakeholders to stay informed, implement best practices, and proactively address the malware threat to this critical sector.

Key Takeaways

• The Maritime Transportation System is a critical component of the U.S. economy and national security, contributing $5.4 trillion to GDP.
• The proliferation of IT and OT systems in the maritime industry has introduced significant cybersecurity risks, as evidenced by the devastating NotPetya cyber-attack.
• State-sponsored actors, such as China, Russia, Iran, and North Korea, as well as cybercriminals, are actively targeting the maritime industry through sophisticated cyber-attacks.
• The National Maritime Cybersecurity Plan outlines priority actions to address maritime cybersecurity gaps, including deconflicting roles, developing risk frameworks, strengthening contracts, and improving information sharing.
• Building a capable maritime cybersecurity workforce is crucial to defending against evolving cyber threats and ensuring the continued security and resilience of the MTS.