In its latest edition of Phish&Ships newsletter, Be Cyber Aware at Sea campaign provides an insight into the pain and costs associated with cyber losses, while also exploring the old technologies which could re-emerge as vessels seek to protect themselves against GPS weaknesses.
Soren Skou, the CEO of AP Moller – Maersk, has, for the first time approximated the hit in revenues they suffered in the wake of Not Petya at $300m.
“In the last week of the quarter we were hit by a cyberattack, which mainly impacted Maersk Line, APM Terminals and DAMCO. Business volumes were negatively affected for a couple of weeks in July and as a consequence, our Q3 results will be impacted. We expect the cyber-attack will impact results negatively by $200m to £300m.”
In response, concerns about the impact of cyber attacks on satellite navigation are reportedly prompting a return to legacy systems, many of which date back to WWII radio technology. Experts say that modern GPS devices reliant upon satellite signals, are vulnerable to jamming by hackers, and ships lack back-up navigation systems.
One such answer is the earth-based navigation technology known as ELoran. The ELoran technology is being pushed as a means of protecting security despite it requiring significant investment. The network will need new transmitter stations to give signal coverage, or old facilities will need to be upgraded, which could prove expensive, as many of these date back decades to when radio navigation was standard. Many towers have actually been demolished over the past years, so there would have to be major investment.
Tackling cyber threats from a standing start can be intimidating for many reasons. Security systems can seem daunting and confusing, while the costs can appear overwhelming and operation technology data heavy and vulnerable. However, it is imperative that a robust cyber security system is built sooner rather than later. First four steps could be:
- Assess your current cyber state
- Review your policies and procedures
- Create a data map of the network and how your data interacts
- Review the systems to help identify priorities – are they outdated/unsupported and configured correctly?
One mitigation strategy is for each link of the supply chain to develop its own holistic, risk-based cyber strategy. The alternative is for regulators to impose cybersecurity preparedness regulations; these would need to cross national boundaries or at least comply with corresponding bodies in other linked nations.
“Shipping is the largest set of dominos operating today in the commercial market, it could be your domino that succumbs to an attack, or the domino of a colleague or even a third party you don’t work with directly, but when one falls, the rest – including you – could follow. Conversely, strengthen your position and you strengthen the entire body.”
Further information may be found herebelow: