Speaking at CMA Shipping 2022, Ince Global Senior Partner Julian Clark voiced his concerns about current cyber risks in maritime and the industry's preparedness.
Both Homeland Security and MI6 have published reports over the last few days identifying the significant risk or 'tidal wave' of a counter attack from Russia and Russian hacktivists in relation to an unprecedented international move to the imposition of sanctions," said Clark. The intelligence agencies warned of a significant backlash from hacktivists attacking the West, and Clark had concerns that the maritime sector poses a great target.
"When you consider the the organization behind the NotPetya attack... was a Russian state activist and have publicly said that they will support Russia's agenda in Ukraine, whilst at the same time probably the largest hacktivist group in the world Anonymous have publicly said that they will support Ukraine, we have the situation of a cyber war going on," said Clark. The cyber war has turned out to be made up of sophisticated global operations, rather than the silent war fought in bedrooms many may have expected.
Clark worries that althought the industry has done a great job of protecting its IT infrastructure with specialist systems, air gaps and firewalls, our operational systems are generally less protected.
"In the same way that, in our houses, we have pressure mats, we have security cameras, we have double locks on our doors and windows, we have alarm sensors on our doors and our windows, but you know what? We don't alarm and protect our garage.
"So if I'm a burglar, I'm not going to come through the window or the front door, I'm coming in through the garage. And the garage in relation to Marine Operations is the operational technology systems. And we we are nowhere near where we should be in relation to protecting operational technology; that's the power systems, navigational systems, the loading systems, all the things that could be crucial, especially in relation to a container vessels," said Clark.
The maritime industry is generally unaware of the real risk of cyber incidents, Clark believes, as they can often only see the identified incidents. Comparing cyber risk to the ice that makes up an iceberg, Clark said that identified scenarios are the small amount of ice visible above the waterline, but hidden from view below the water is a much larger mass of ice, comprising unidentified incidents, failed attempts at cyber attacks and future risks.
Copyright © 2023. All rights reserved. Seatrade, a trading name of Informa Markets (UK) Limited.