Why the shipping industry sails rough seas in cybersecurity
14 December 2018 https://techhq.com/2018/12/why-the-shipping-industry-sails-rough-seas-in...
Guidelines published by a conglomerate of shipping interests gives examples of terrible practice in the industry.
The shipping industry seems to be coming round to the notion that IT security is an issue that needs addressing. The third edition of “Guidelines on Cyber Security Onboard Ships” (PDF), published by a conglomeration of industry groups and shipping interests contains advice for shipping companies.
So far, so good. But the document also contains several examples of incidents that have taken place recently– some at sea in busy shipping lanes– which show the ease with which ingress to and compromise of onboard IT systems can be achieved.
As TechHQ has noted in the past, the IT systems of many ships are antiquated, and data concerning loading and navigation is exchanged from port to ship via plain text documents on USB sticks, deployed utilizing sneakerware. It seems that systems are only updated when the activities of ‘gremlins’ (as one ship’s captain termed the problems) become too troublesome to bear, by which time it’s often too late.
Practices of those involved in IT shipping onboard and in port, and manufacturers of ship-specific IT systems, are reportedly achieving little to ameliorate issues, but are providing the broader IT community with a seemingly endless series of handy examples of the world’s worst cybersecurity fails.
Like many industries last year, shipping had an unpleasant experience with Petya ransomware. A variant, NotPetya caused massive conglomerate Merck to have to wipe and reimage 4,000 servers and 45,000 PC clients at the cost of over $300 million.
And while the financial loss at this scale is appalling, it pales into insignificance when considering the potential losses– purely financial– that a directed incursion into shipping might produce. As this article explains, research by Pen Test Partners showed how simple retyping over data in .csv documents could cause catastrophic cargo loading patterns in container ships.