A retrospective analysis of maritime cyber security incidents

Meland, P. H.; Bernsmed, K.; Wille, E.; Rødseth, Ø. J.; Nesheim, D. A.

doi:10.12716/1001.15.03.04

Powiadomienia systemowe

Sesja wygasła!
Sesja wygasła!

Artykuł - szczegóły

Tytuł artykułu

A retrospective analysis of maritime cyber security incidents

Autorzy

Meland P. H. , Bernsmed K. , Wille E. , Rødseth Ø. J. , Nesheim D. A.

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.12716/1001.15.03.04

Warianty tytułu

Języki publikacji

Abstrakty

The maritime industry is undergoing a rapid evolution through the introduction of new technology and the digitization of existing services. At the same time, the digital attack surface is increasing, and incidents can lead to severe consequences. This study analyses and gives an overview of 46 maritime cyber security incidents from the last decade (2010-2020). We have collected information from open publications and reports, as well as anonymized data from insurance claims. Each incident is linked to a taxonomy of attack points related to onboard or off-ship systems, and the characteristics have been used to create a Top-10 list of maritime cyber threats. The results show that the maritime sector typically has incidents with low frequency and high impact, which makes them hard to predict and prepare for. We also infer that different types of attackers use a variety of attack points and techniques, hence there is no single solution to this problem.

Słowa kluczowe

cyber security retrospective analysis digital attack cyber security incidents maritime cyber threats maritime incidents

Wydawca

Faculty of Navigation, Gdynia Maritime University

Czasopismo

TransNav : International Journal on Marine Navigation and Safety of Sea Transportation

Rocznik

2021

Tom

Vol. 15 No. 3

Strony

519--530

Opis fizyczny

Bibliogr. 83 poz., rys.

Twórcy

autor

Meland P. H.

SINTEF Digital, Trondheim, Norway

autor

Bernsmed K.

SINTEF Digital, Trondheim, Norway

autor

Wille E.

SINTEF Digital, Trondheim, Norway

autor

Rødseth Ø. J.

SINTEF Ocean, Trondheim, Norway

autor

Nesheim D. A.

SINTEF Ocean, Trondheim, Norway

Bibliografia

1. Agius, M.: TM mum on whether cyber-attack affected ship, air registries, https://newsbook.com.mt/en/tm-mum-on-whether-cyber-attack-affected-ship-air-registries/, last accessed 2021/04/25.
2. Alcaide, J.I., Llave, R.G.: Critical infrastructures cybersecurity and the maritime sector. Transportation Research Procedia. 45, 547–554 (2020). https://doi.org/10.1016/j.trpro.2020.03.058.
3. ASCStaff: Cyberattack on Clarkson’s shipbroker reaffirms industry’s vulnerability, https://www.logisticsmiddleeast.com/article-13696-cyberattack-on-clarksons-shipbroker-reaffirms-industrys-vulnerability, last accessed 2020/08/11.
4. Asplem, A.: Norwegian Maritime Cyber Resilience Centre (NORMA Cyber), (2021).
5. Athens Group: Cybersecurity – There Is No Silver Bullet, https://athensgroup.com/cybersecurity-there-is-no-silver-bullet/, last accessed 2020/08/11.
6. Aven, T.: On the meaning of a black swan in a risk context. Safety Science. 57, 44–51 (2013). https://doi.org/10.1016/j.ssci.2013.01.016.
7. Azzopardi, K.: Transport Malta cyber attack investigation has not yet determined whether data was stolen, http://www.maltatoday.com.mt/news/national/105593/watch_transport_malta_cyber_attack_investigation_has_not_yet_determined_whether_data_was_stolen, last accessed 2021/04/25.
8. Bartlett, P.: Cyber security – more focus required, says expert, https://www.seatrade-maritime.com/technology/cyber-security-more-focus-required-says-expert, last accessed 2021/04/25.
9. BBC: Red Funnel ferry firm’s IT system hit by “malicious attack,” https://www.bbc.com/news/uk-england-hampshire-54368110, (2020).
10. Bøe, E., Jordheim, H.: Politiet etterforsker dataangrepet mot Hurtigruten, https://e24.no/i/7KPeEK, last accessed 2021/04/25.
11. Boyes, H., Isbell, R.: Code of Practice: Cyber Security for Ships. IET Standard, Department for Transport (UK) (2017).
12. Buurma, C., Sebenius, A.: Ransomware Shuts U.S. Natural Gas Compressor Facility for Two Days, https://www.carriermanagement.com/news/2020/02/20/203485.htm, last accessed 2021/04/25.
13. Caprolu, M., Pietro, R.D., Raponi, S., Sciancalepore, S., Tedeschi, P.: Vessels Cybersecurity: Issues, Challenges, and the Road Ahead. IEEE Communications Magazine. 58, 6, 90–96 (2020). https://doi.org/10.1109/MCOM.001.1900632.
14. Cary, A.: Update: Hacker demands $200K ransom from Tri-Cities port to unlock computer data, https://www.tri-cityherald.com/news/local/crime/article247251569.html, last accessed 2021/04/25.
15. Cimpanu, C.: Ransomware Infection Cripples Shipping Giant COSCO’s American Network, https://www.bleepingcomputer.com/news/security/ransomware-infection-cripples-shipping-giant-coscos-american-network/, last accessed 2021/04/25.
16. Cimpanu, C.: Shipping Firm Avoids Customer Data Dump in Last Year’s Hack & Ransom Incident, https://www.bleepingcomputer.com/news/security/shipping-firm-avoids-customer-data-dump-in-last-years-hack-and-ransom-incident/, last accessed 2021/04/25.
17. Cimpanu, C.: US Coast Guard discloses Ryuk ransomware infection at maritime facility, https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/, last accessed 2021/04/25.
18. Cimpean, D., Meire, J., Bouckaert, V., Casteele, S.V., Pelle, A., Hellebooge, L.: Analysis of Cyber Security Aspects in the Maritime Sector. (2011).
19. Coble, S.: Ransomware Attack on Shipping Giant, https://www.infosecurity-magazine.com:443/news/ransomware-attack-on-shipping-giant/, last accessed 2021/04/25.
20. CyberKeel: Maritime Cyber-Risks, https://maritimecyprus.files.wordpress.com/2015/06/maritime-cyber-risks.pdf, last accessed 2021/04/25.
21. Dragos, Inc.: Assessment of Ransomware Event at U.S. Pipeline Operator | Dragos, https://www.dragos.com/blog/industry-news/assessment-of-ransomware-event-at-u-s-pipeline-operator/, last accessed 2020/08/14.
22. Drougkas, A., Sarri, A., Kyranoudi, P., Zisi, A.: Port Cybersecurity: Good practices for cybersecurity in the maritime sector. (2019).
23. Dryad Global: Maritime Cyber Security & Threats March 2020 Week Three, https://dryadglobal.com/maritime-cyber-security-threats-2-2/, last accessed 2020/08/10.
24. ENISA: COVID19, https://www.enisa.europa.eu/topics/wfh-covid19, last accessed 2020/08/17.
25. Goud, N.: Cyber Attack on James Fisher and Sons, https://www.cybersecurity-insiders.com/cyber-attack-on-james-fisher-and-sons/, last accessed 2020/08/14.
26. Goud, N.: Ransomware attack on Norwegian Ship yard results in job loss to many, https://www.cybersecurity-insiders.com/ransomware-attack-on-norwegian-ship-yard-results-in-job-loss-to-many/, last accessed 2021/03/16.
27. GREAT: The Icefog APT: A Tale of Cloak and Three Daggers, https://securelist.com/the-icefog-apt-a-tale-of-cloak-and-three-daggers/57331/, last accessed 2020/08/10.
28. Greenberg, A.: The Untold Story of NotPetya, the Most Devastating Cyberattack in History, https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/, last accessed 2020/08/10.
29. Greenberg, M.D., Chalk, P., Willis, H.H., Khilko, I., Ortiz, D.S.: Maritime Terrorism. RAND Corporation (2006).
30. Grinter, M.: Maritime cyber-attacks up 900% in three years, http://www.hongkongmaritimehub.com/maritime-cyber-attacks-up-900-in-three-years/, last accessed 2020/08/10.
31. Hoo, K.J.S.: How Much Is Enough? A Risk-Management Approach to Computer Security. CISAC, Stanford University, UK (2000).
32. INTERPOL: Cybercrime: COVID-19 IMPACT, https://www.interpol.int/en/content/download/15526/file/COVID-19%20Cybercrime%20Analysis%20Report-%20August%202020.pdf?inLanguage=eng-GB, last accessed 2021/03/16.
33. ISO/IEC 27000:2018: Information technology - Security techniques - Information security management systems - Overview and vocabulary. ISO/IEC (2018).
34. Jones, K.D., Tam, K., Papadaki, M.: Threats and Impacts in Maritime Cyber Security. Engineering & Technology Reference. 1, 1, (2016). https://doi.org/10.1049/etr.2015.0123.
35. Knox, J.: Coast Guard Commandant on Cyber in the maritime domain, https://mariners.coastguard.dodlive.mil/2015/06/15/6152015-coast-guard-commandant-on-cyber-in-the-maritime-domain/, last accessed 2020/08/11.
36. Kovacs, E.: UN Maritime Agency Hit by “Sophisticated Cyberattack,” https://www.securityweek.com/un-maritime-agency-hit-sophisticated-cyberattack, last accessed 2021/04/25.
37. Kretschmann, L., Rødseth, Ø., Tjora, Å., Fuller, B.S., Noble, H., Horahan, J.: D9.2: Qualitative assessment. (2015).
38. Kristiansen, T.: DR: Kina hackede sig ind i Søfartsstyrelsen, https://shippingwatch.dk/Rederier/article7043149.ece, last accessed 2021/04/25.
39. Kristoffersen, P.B., Hartvigsen, T., Myrvang, P., Torjusen, A.: Digitale Sårbarheter Maritim Sektor. DNV-GL, Lysneutvalget (2015).
40. Lejon, J.: Kryptera.se Ransomware lista, https://kryptera.se/assets/uploads/2020/10/Ransomware-lista.pdf, last accessed 2021/03/23.
41. Lemos, R.: Coast Guard Warns Shipping Firms of Maritime Cyberattacks, https://www.darkreading.com/vulnerabilities---threats/coast-guard-warns-shipping-firms-of-maritime-cyberattacks/d/d-id/1335198, last accessed 2020/04/10.
42. Lloyd’s List: Maritime Intelligence, https://lloydslist.maritimeintelligence.informa.com/, last accessed 2021/03/16.
43. Lubold, G., Volz, D.: Chinese Hackers Breach U.S. Navy Contractors - WSJ, https://www.wsj.com/articles/u-s-navy-is-struggling-to-fend-off-chinese-hackers-officials-say-11544783401, last accessed 2021/04/25.
44. Maritime Executive: Carnival Corporation Reports Ransomware Attack Accessed Data, https://www.maritime-executive.com/article/carnival-corporation-reports-ransomware-attack-accessed-data, last accessed 2021/04/25.
45. Maritime Executive: Hurtigruten Reports Passenger Data Exposed in Cyberattack, https://www.maritime-executive.com/article/hurtigruten-reports-passenger-data-exposed-in-cyberattack, last accessed 2021/04/25.
46. Maritime Executive: Naval Dome: Cyberattacks on OT Systems on the Rise, https://www.maritime-executive.com/article/naval-dome-cyberattacks-on-ot-systems-on-the-rise, last accessed 2021/04/25.
47. Maritime Executive: Ransomware Cripples IT Systems of Inland Port in Washington State, https://www.maritime-executive.com/article/ransomware-attack-cripples-systems-of-inland-port-in-washington-state, last accessed 2021/04/25.
48. Maritime Executive: Saipem’s Servers Hit by Cyberattack, https://www.maritime-executive.com/article/saipem-s-servers-hit-by-cyberattack, last accessed 2021/03/16.
49. Matson: Matson Reports Cyber Attack, https://www.omnitrans.com/matson-reports-cyber-attack/, last accessed 2021/04/25.
50. Nesheim, D.A., Rødseth, Ø., Bernsmed, K., Frøystad, C., Meland, P.H.: D1.1 Risk Model and Analysis. (2017).
52. NSM: Helhetlig digitalt risikobilde 2019. (2019).
53. NSM: RISIKO 2020. (2020).
54. O’Dwyer, R.: IMO latest to fall victim to cyber attack, https://smartmaritimenetwork.com/2020/10/01/imo-latest-to-fall-victim-to-cyber-attack/, last accessed 2021/04/25.
55. Polychronis, K.: Cybersecurity at Sea. In: Otto, L. (ed.) Global Challenges in Maritime Security. p. 243 Springer International Publishing (2020).
56. PST: Nasjonal trusselvurdering 2020, https://www.pst.no/alle-artikler/trusselvurderinger/nasjonal-trusselvurdering-2020/, last accessed 2021/04/25.
57. Redden, J.: Covid-19 has increased the chances of marine industry cyberassaults,https://www.workboat.com/offshore/covid-19-has-increased-the-chances-of-marine-industry-cyberassaults, last accessed 2021/04/25.
58. Reynolds, Z.: Australian defence shipbuilder Austral victim of Iranian cyber attack, https://safetyatsea.net/news/news-safety/2018/australian-defence-shipbuilder-austral-victim-of-iranian-cyber-attack/.
59. Safety4Sea: 2018 Highlights: Major cyber attacks reported in maritime industry, https://safety4sea.com/cm-2018-highlights-major-cyber-attacks-reported-in-maritime-industry/, last accessed 2021/04/25.
60. Safety4Sea: Hurtigruten hit by cyber-attack, https://safety4sea.com/hurtigruten-hit-by-cyber-attack/, last accessed 2021/04/25.
61. Safety4Sea: Vard shipbuilder experiences ransomware attack, https://safety4sea.com/vard-shipbuilder-experiences-ransomware-attack/, last accessed 2021/04/25.
62. Schnelle, S.: Kartlegging av maritime hybride trusler. Kan bruk av stordata og sosial nettverksanalyse bidra til økt maritim situasjonsbevissthet? Forsvarets Høgskole (2018).
63. Secureworks: GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry, https://www.secureworks.com/research/gold-galleon-how-a-nigerian-cyber-crew-plunders-the-shipping-industry, last accessed 2020/08/11.
64. Security: Maritime Industry Sees 400% Increase in Attempted Cyberattacks Since February 2020, https://www.securitymagazine.com/articles/92541-maritime-industry-sees-400-increase-in-attempted-cyberattacks-since-february-2020?v=preview, last accessed 2020/08/10.
65. Sfakianakis, A., Drougkas, A., Douligeris, C., Marinos, L., Lourenço, M., Raghimi, O.: ENISA threat landscape report 2018 - 15 top cyberthreats and trends. (2019).
66. Shauk, Z.: Malware on the offshore rig: Danger lurks where the chips fail, https://www.houstonchronicle.com/business/energy/article/Malware-on-the-offshore-rig-Danger-lurks-where-4470723.php, last accessed 2021/04/25.
67. Shen, C., Baker, J.: CMA CGM confirms ransomware attack, https://lloydslist.maritimeintelligence.informa.com/LL1134044/CMA-CGM-confirms-ransomware-attack, last accessed 2021/03/16.
68. Singh, H.: Cyber Security in Maritime Industry. University of Oslo (2019).
69. Taleb, N.N.N.: The Black Swan: The Impact of the Highly Improbable. Random House Publishing Group, New York (2010).
70. Tam, K., Jones, K.: Cyber-Risk Assessment for Autonomous Ships. In: 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). pp. 1–8 (2018). https://doi.org/10.1109/CyberSecPODS.2018.8560690.
71. Tam, K., Moara-Nkwe, K., Jones, K.: A Conceptual Cyber-Risk Assessment of Port Infastructure. Presented at the 2021 World of Shipping Portugal. An International Research Conference on Maritime Affairs , Parede, Portugal January 29 (2021).
72. Toogood, D.: Red Funnel siffers “malicious attack” on IT systems causing major disruption, https://www.islandecho.co.uk/red-funnel-suffers-malicious-attack-on-it-systems-causing-major-disruption/, last accessed 2021/04/25.
73. Torbati, J., Saul, Y.: Iran’s top cargo shipping line says sanctions damage mounting, https://www.reuters.com/article/us-iran-sanctions-shipping-idUSBRE89L10X20121022, (2012).
74. UNCTAD: Review of Maritime Transport 2020, https://unctad.org/webflyer/review-maritime-transport-2020, last accessed 2021/04/25.
75. Vold, L.B.: Den Norske Krigsforsikring for Skib, https://www.warrisk.no/, last accessed 2021/04/25.
76. Volz, D.: Chinese Hackers Target Universities in Pursuit of Maritime Military Secrets, https://www.wsj.com/articles/chinese-hackers-target-universities-in-pursuit-of-maritime-military-secrets-11551781800, (2019).
77. Walker, J.: AIDA Cruise Ships Under Cyber Attack - Are Costa Ships Also Affected?, https://www.cruiselawnews.com/2020/12/articles/cyber-attacks/aida-cruise-ships-under-cyber-attack-are-costa-ships-also-affected/, last accessed 2021/04/25.
78. Walker, J., Spencer, J.: Cyber Marine: Risks & Loss Scenarios, http://www.marineclaimsconference.com/imcc-docs/docs/Cyber%20workshop.pdf.
79. Wallace, T., Mesko, F.: The Odessa Network Mapping Facilitators of Russian and Ukrainian Arms Transfers, https://globalinitiative.net/analysis/the-odessa-network-mapping-facilitators-of-russian-and-ukrainian-arms-transfers/, last accessed 2021/04/25.
80. Warrick, J., Nakashima, E.: Officials: Israel linked to a disruptive cyberattack on Iranian port facility, https://www.washingtonpost.com/national-security/officials-israel-linked-to-a-disruptive-cyberattack-on-iranian-port-facility/2020/05/18/9d1da866-9942-11ea-89fd-28fb313d1886_story.html, (2020).
81. Weldemichael, A.T., Schneider, P., Winner, A.C.: Maritime Terrorism and Piracy in the Indian Ocean Region. Routledge (2017).
82. Windward: AIS Data on the High Seas: An Analysis of the Magnitude and Implications of Growing Data Manipulation at Sea. (2014).
83. Wohlin, C.: Guidelines for Snowballing in Systematic Literature Studies and a Replication in Software Engineering. In: Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering. Association for Computing Machinery, New York, NY, USA (2014). https://doi.org/10.1145/2601248.2601268.

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2021).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-3dd150d9-d324-4174-ab54-7ad8622af212