As reported by ZDNet, all four of the world’s largest shipping companies have now been hit by cyber-attacks. Maersk, Mediterranean Shipping Company, Cosco will all victims, and now the French company CMA CGM has been been hit by a ransomware attack. What makes this significant is the fact that no other industry sector has seen its top four giants suffer major cyber-attacks.
This illustrates a point made by the NMLEA’s Executive Director during a presentation at the Transport Security Congress on September 29th: The maritime industry is the enemy’s biggest target. “When you combine the maritime domain’s mission-critical infrastructure with a dramatic increase in IoT operations, in edge devices, in services and in digital traffic over a more complex global operational management environment, you’ve exponentially increased the attack surface for the adversaries,” said Mark DuPont during his talk and subsequent panel discussion. “What adds to the urgency and magnifies the crisis is the point that the maritime industry is large in scope, but small in cybersecurity maturity… put simply, we’re behind the curve.”
DuPont explained how ships, ports, and shipping operations are continuing to rapidly advance automation and cloud based applications, but they have not kept up with protecting those ever increasing “touch points” (or “entry points” for the attacking adversary,) by securing each end of the information chain. He added that the solution can be found in three things: Establishing “Zero Trust” networks, becoming Proactive vs. Reactive, and most importantly, training your people. DuPont encouraged participants in the Transport Security Congress by saying “This is a wake-up call, and maybe now is a good time to look at your cybersecurity posture, and see how you can become Proactive vs. Reactive. Maybe it's also time to think about being a part of our Maritime Cybersecurity Pilot to explore how a "Zero Trust" network can be set up in minutes and tested in your operational environment for 30 days ... at no cost to you.”
For more information on the Maritime Cybersecurity Pilot Program or to explore how you can increase your security posture, contact the NMLEA cyber team at cyber@nmlea.org.