According to freight transport specialist insurer TT Club, supply chain operators are vulnerable to disruptive cyber activity, from criminals or other perpetrators, impacting operations and putting commercially sensitive or confidential data at risk.
Huxley explained, “Many in the marine supply chain business have operations characterised by widespread office networks and a reliance on multiple third party suppliers. Often IT systems are of an in-house, legacy nature, which may be poorly protected by security software.” Specifically, ports and terminals are exposed to threats as they are at the confluence of physical and communications activity. The data interfaces are complex and the drive towards interconnected control systems and efficient processes, exacerbates the opportunities for outside malicious interference. Most of all, at the ship/port interface there is much opportunity to cause loss and damage, far beyond the persistent exposure to criminal activity.
The problem is intensifying. At a global level reports by AV-TEST indicate that on average 4.2 new files of malware code were generated every second last year. From a maritime supply chain perspective an example of serious IT incursion in 2017 was the spoofing attack on over twenty ships in Novorossiysk (Russia). Navigation experts claim the spoofing sent false signals and resulted in ship-board equipment providing false information as to the location of the ships. There is speculation that this incident could have been a state-sponsored attack. A second incident, the NotPetya strike, impacted many in the supply chain, including AP Moller-Maersk, resulting in large scale disruption and substantial costs for those immediately impacted and their partners.
As to the extent of attacks, research that is available reveals a worrying situation. “A BIMCO survey in 2016 suggested that more than 20% of respondents admitted to cyber attacks and last year a SeaIntel Maritime Analysis report estimated that 44% of the top 50 container carriers had weak or inadequate cyber security policies and processes,” stated TT Club’s Huxley.
TT Club, jointly with UK P&I Club (also managed by Thomas Miller) and cyber security consultants NYA, has published a paper entitled ‘Risk Focus: Cyber – Considering Threats in the Maritime Supply Chain’.