HLSS645Wk7

MaritimeCyberSecurity.pdf

Maritime Cyber Security

In 2017, Dr. Fred Roberts, who is the Director of the Department of Homeland Security Center of Excellence at Rutgers, Dr. Nicole Drumhiller joined

with Dr. Joe DiRenzo, a Professor of Homeland Security Studies at AMU, edited the �rst-ever comprehensive book on Maritime Cyber Security. While

there is literature about the maritime transportation system and cyber security, as of 2022, fewer than a dozen books have been written on this subject.

One that has received the most notice is by Dr. Gary Kessler and Dr Steven D. Shepard, entitled “Maritime Cybersecurity: A Guide for Leaders and

Managers,” published in September 2020.

This pioneering book is bene�cial to a variety of audiences, as a textbook in courses looking at risk analysis, national security, cyber threats, or

maritime policy; as a source of research problems ranging from the technical area to policy; and for practitioners in government and the private sector

interested in a clear explanation of the array of cyber risks and potential cyber-defense issues impacting the maritime community.

Additionally, June of 2017 saw one of the vicious maritime cyber attacks as MAERSK shipping was attacked worldwide.

In an article from Reuter’s Jacob Gronholt-Pedersen, the full impact of the attack was further developed, noting, “Shipping giant A.P. Moller-Maersk

(MAERSKb.CO), which handles one out of seven containers shipped globally, said the Petya cyber attack had caused outages at its computer systems

across the world on Tuesday.” The report noted, “The attack came as computer servers across Europe and India were hit by a major ransomware

attack. “Global cyber-attack Petya is a�ecting multiple businesses,” Maersk said on Twitter. The breakdown a�ected all business units at Maersk,

including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers, the company said. A

spokeswoman said the IT breakdown could extend across the company’s global operations but could not say how Maersk’s operations were

impacted.”

Signi�cant cyber attacks continued in the maritime industry in 2020. French container shipping company CMA CGM publicly reported a cyber security

attack impacting its’ peripheral server and external access to its IT applications. The maritime industry website Port Strategy noted the CMA CGM

press release on 30 September: “We suspect a data breach and are doing everything possible to assess its potential volume and nature.” It added that

the investigation into the cyber-attack was ongoing.” The system was restored later in October 2020.

On October 27th, 2020, Class Society BIMCO teamed with Safety at Sea to produce a White Paper entitled “Safety at Sea and BIMCO cyber security

white paper 2020. This brilliantly written work analyzed �ve years of survey �ndings and matched them to cyber behavior and investment trends in the

maritime industry worldwide. Read the White Paper here  .

Noted the IMO:

Version 4 of the cyber security guidelines is published when shipowners and ship managers must implement cyber risk management in their safety

management systems (SMS) by their �rst Document of Compliance audit a�er 1 January 2021. While the previous version (version 3, dated November

2018) o�ered the necessary guidance for implementing cyber risk management in the SMS, the new version contains several improvements.

In 2021, the International Maritime Organization (IMO) took dramatic steps to enhance maritime cyber security through member states engaged in the

building of the “2021 guidelines for cyber risk management”. The American Bureau of Shipping (ABS) and the American Club jointly produced the

best document explaining these guidelines. Entitled, “A PRIMER ON IMO CYBER RISK MANAGEMENT GUIDELINES: What to Know and How to

Comply”. Download the report  here and read pages 3 through 6:

2021 also saw the United States Coast Guard take another step towards a more secure maritime cyber regime by releasing its “Cyber Strategic

Outlook.” The service issued a Cyber Strategy in 2015; this document enhanced/re�ned and refocused the e�orts and spotlighted the issue. Within

the strategy, the Coast Guard presented startling statistics emphasizing the danger posed by maritime cyber security bad actors. Noted the strategy:

Threats from cybersecurity continue to evolve rapidly. Since the 2015 strategy, evolving technology has empowered users with sophisticated tools to

increase productivity; meanwhile, cyber attacks on the same technology have continued to evolve in tandem. As the backbone of the United States

economy, the Marine Transportation System (MTS) is a prime target for malicious cyber actors who seek to disrupt our supply chain. (USCG Cyber

Strategic Outlook)

Adding:

Every 39 seconds, a hacker attacks an average of 2,244 times per day•

$3.86 million was the average cost of a data breach in 2020•

https://safetyatsea.net/news/2020/are-you-cyber-prepared-new-cyber-security-white-paper-out-now/

https://www.american-club.com/files/files/A_Primer_on_IMO_Cyber_Risk_Management_Guidelines.pdf

36 billion records were exposed by data breaches in the �rst half of 2020•

207 days is the average time it took to identify a breach in 2020•

289 days was the average lifecycle of a breach•

$10.5 trillion the amount of damage related to cybercrime is projected to hit annually by 2025 (USCG Cyber Strategic Outlook) •