Lee Kok Leong, our special correspondent, interviews Andrew Tsonchev, director of Darktrace Industrial, one of the world’s leading AI company for cyber security, to find out more about cyber threats facing the maritime industry.
The maritime industry handles 90 percent of the global trade and so, the consequences of a cyberattack can be crippling in the immediate aftermath but also importantly, there will be negative impact in the long term.
For example, short term repercussions can include criminal activity such as theft or piracy, physical harm to people, cargos, and vessels, or the loss of commercial and personal data. For the long term, if there is no effective pre-emptive measures, the reputation of the industry will suffer and it may even open the door to terrorism.
Digitalization has opened new ways of working, changing completely all aspects of how we operate, be it ship traffic control in some of the busiest straits of the world, or automated shipyard inventories. This is beneficial for the industry. However, it has also opened up new vulnerabilities.
In this digital era, operational technology (OT) and information technology (IT) networks converge, and they are found in a wide range of systems from crew and passenger internet services, to ship automation, cargo handling and navigation systems, among others.
One thing to note is that substantial security weaknesses have been reported in critical technologies used for navigation. Moreover, much of the industry continues to rely on legacy systems and aging operational technology.
All these must change, and therefore, CEOs will have to be aware of these issues, take charge and lead the adoption and implementation of appropriate measures.
Maritime Fairtrade (MF): In regards to cyber security, what is your opinion of the current state of the Asian and Middle East maritime industry?
Darktrace (DT): Against today’s threat landscape, every industry faces advanced cyber criminals and insider threats. However, an additional challenge that the maritime industry faces is the increasing convergence of OT and IT environments, such as in busy ports, or on large cargo ships. The interconnectivity of systems in these environments, particularly the multitude of often poorly-secured IoT devices, is opening up new vulnerabilities.
Asia is increasingly adopting more stringent cyber security measures and regulations. However, most of these laws focus on the protection of data and intellectual property, rather than addressing the real risk to personal safety that attacks on OT environments could pose.
Therefore, Asia, and the maritime industry in particular, needs to focus more on cybersecurity measures that will protect citizens’ safety, as well as their data.
MF: Why is it important for ship owners and port operators to be invested in cyber security?
DT: We have already seen the maritime industry hit by attacks, so evidently there is a real, tangible threat with serious consequences. June 2017 saw Danish shipping giant Maersk hit by a serious cyberattack which shut down IT systems across multiple sites. In September 2018, ports in San Diego and Barcelona were also hit by ransomware.
Port operators and ship owners have a lot to lose in the face of a cyberattack. Ships often rely on connected systems for their navigation and transportation of valuable cargo, and an attack could knock ships off course. There is also a lot of complex machinery, which could have highly serious, damaging consequences if exploited.
Cyber security measures must be implemented to avoid personal and financial risk in maritime environments.
MF: What are the dangers of cyberattacks?
DT: Gone are the days of website vandalism and straightforward data theft. Today, we experience a whole range of different attacks and their consequences.
We see insiders gone rogue, exploiting company systems for personal gain or to create reputational damage. We see ‘hacktivists’ exposing the data of authoritative figures to interfere with democratic processes; entire nation states stealing sensitive intellectual property, and we have even seen cyber criminals turning off the lights across entire cities.
Cyber threats are therefore both an existential business problem and a very real national safety concern.
MF: Given the fast pace of technological advancement, what are some of the major emerging cyber threats?
DT: We are seeing new attacks every day. The major new kinds of threats that we anticipate emerging are AI-based attacks. We are already seeing pieces of code that hint at AI-attacks, and given the advancements in other areas of AI, it seems likely that cyber criminals too will make use of new developments for cyberattacks. Fueled by AI, attacks of the future will allow criminals to execute attacks en-masse, at the click of a button.
In terms of the maritime industry, the attacks that we see against OT on systems like rigs and shipping machinery are almost always zero-day attacks. Furthermore, if attackers are trying to target a particular ship, it is more likely to be a highly specialized, tailored attack, which may be very hard to defend against.
On the other end of the spectrum, everyday IT cyberattacks are now starting to impact OT environments as well. Increased convergence has exposed control systems and critical networks to ransomware and commodity malware that spreads indiscriminately.
MF: What should ship owners and port operators do to defend themselves against cyberattacks?
DT: The reality is, no matter what the environment or the industry, everyone is vulnerable. Today’s threats will always find a way to penetrate a digital environment, whether that be through intelligent code that is able to bypass firewalls, or through insider activity. Owners and operators can only ensure that this threat is mitigated by implementing the most advanced cybersecurity systems.
Pioneering cybersecurity AI solutions which use machine learning and AI algorithms can scan digital infrastructures from the inside out, and ‘learn’ a system’s normal ‘pattern of life’, which enables the technology to detect threats with pinpoint accuracy.
Rather than try and build defenses to stop threats from getting in, this way, anomalous and threatening behavior that deviates from any given ‘normal’ pattern of life can be detected and isolated instantly.
Using autonomous response technology, any threats detected can be instantly mitigated without interrupting regular business practices. Using AI, organizations of all sizes and shapes can regain the advantage and stop threats before they escalate into a crisis.