Maritime and aviation in cyber-criminal’s crosshairs

The already under pressure global supply chain has been warned that it faces a rising tide of cyber threats as criminals target large maritime vessels and aircraft.

While the major threat remains accessing systems and potentially taking control of assets for ransom, one leading expert said the threat to deliberately crash a vessel or aircraft could not be ruled out as the criminals look at new ways to target a section vital to the world’s trade.

It has been reported that hackers are increasingly setting their sights on some of the biggest things that humans can build. Huge container ships and large freight planes — essential in today’s global economy — can now be brought to a halt by a new generation of code warriors, according to cyber experts.

“The reality is that an aeroplane or vessel, like any digital system, can be hacked,” David Emm, a principal security researcher at cyber firm Kaspersky, told CNBC. Indeed, this was proven by the US government during a “pen-test” exercise on a Boeing aircraft in 2019.

The costs of attacks are also rising, with maritime cyber security company CyberOwl estimating that shipowners pay around $3.1 million on average per ransom attack.

However, despite an average attack costing millions the company said most shipowners still significantly under-invest in cyber security management: more than 50 per cent spend less than $100,000 per year.

Andy Norton, European cyber risk officer at Armis said: “The maritime industry is considered critical infrastructure and disruption to the invaluable service it provides could have devastating effects on the global economy. Like any connected asset, regardless of size, there is always the potential for risk from unauthorised access. And so, to manage this risk, legislation and best practises have been designed to pinpoint what appropriate and proportionate security looks like within the maritime industry.

“Ultimately, knowing what assets you have in an ever changing threat landscape is the critical prerequisite for achieving acceptable levels of security.”

When asked by Emerging Risk what he believed the major aim of such attacks would be, he warned that ransoms and financial gain were not the only objectives.

“Normally the major aim is to make money by causing disruption,” Norton explained. “However, in a situation of kinetic war, using a cyber-attack for the purposes of causing real physical damage to an asset or system cannot be ruled out.”

What asked what firms were beginning to become alive to the threats they faced he said: “Very much so. Since Not Petya in 2017, the maritime industry is well aware of the damage cyber-attacks can do.”

Norton said he had some clear advice for firms: “Adopt and comply with recommenced best practices and Cyber Assurance frameworks. All risk management frameworks follow similar paths.

“Firstly, identify the assets that comprise the critical service. Secondly, develop defence in depth capabilities to detect, protect and recover from a cyber-attack. And thirdly, continuously review the organisation’s assets and capabilities to improve, automate and evolve with an ever changing threat.”

It has been reported that hackers are increasingly setting their sights on some of the biggest things that humans can build. Huge container ships and large freight planes — essential in today’s global economy — can now be brought to a halt by a new generation of code warriors, according to cyber experts.

SHARE: