TT Club’s Andrew Huxley has raised the issue of cyber activity being a daily operational risk that “needs addressing urgently”.
According to freight transport specialist insurer TT Club, supply chain operators are vulnerable to disruptive cyber activity, from criminals or other perpetrators, impacting operations and putting commercially sensitive or confidential data at risk.
Speaking at the sixth Med Ports Conference in Livorno (Italy) last month, Huxley explained: “Many in the marine supply chain business have operations characterized by widespread office networks and a reliance on multiple third-party suppliers.
“Often IT systems are of an in-house, legacy nature, which may be poorly protected by security software.”
TT Club has found that ports and terminals are exposing themselves to the confluence of physical and communications activity.
The data interfaces are complex and the drive towards interconnected control systems and efficient processes exacerbates the opportunities for outside malicious interference.
A ship/port interface also provides an opportunity to cause loss and damage, far beyond the persistent exposure to criminal activity.
TT Club has stated that the problem is “intensifying”.
At a global level, reports by AV-TEST indicate that on average 4.2 new files of malware code were generated every second last year.
From a maritime supply chain perspective, an example of serious IT incursion in 2017 was the spoofing attack on over twenty ships in Novorossiysk, Russia.
Navigation experts claim the spoofing sent false signals and resulted in ship-board equipment providing false information as to the location of the ships.
There is speculation that this incident could have been a state-sponsored attack.
The riskiest part of a shipping container’s journey is before it begins, according to Peregrine Storrs-Fox, Risk Management Director, TT Club:
A second incident, the NotPetya strike, affected many in the supply chain, including AP Moller-Maersk, resulting in large-scale disruption and substantial costs for those immediately impacted and their partners.
As to the extent of attacks, TT Club has stated that the research available “reveals a worrying situation”.
“A BIMCO survey in 2016 suggested that more than 20% of respondents admitted to cyber attacks and last year a SeaIntel Maritime Analysis report estimated that 44% of the top 50 container carriers had weak or inadequate cybersecurity policies and processes,” stated TT Club’s Huxley.
The US Coast Guard issued a draft Navigation and Vessel Inspection Circular (NAVIC) titled ‘Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities’.
The circular currently under review requires incorporation of personnel training, drills and exercises to test capabilities, security measures for access control, handling cargo, delivery of stores, procedures for interfacing with ships and security systems and equipment maintenance.
Additional national and regional initiatives, exemplified in the European Union by the Directive on Security of Network and Information Systems (NIS Directive) and General Data Protection Regulation (GDPR), are indicative of the development of regulatory expectations.
While the latter does not directly address it, cyber protection is intrinsically at the core of data protection.
Such initiatives, together with known vulnerabilities, highlight that cybersecurity is ever more pertinent for ports and terminals, as well as the broader supply chain community.
TT Club, jointly with UK P&I Club – also managed by Thomas Miller, and cyber security consultants NYA, have published a paper entitled ‘Risk Focus: Cyber – Considering Threats in the Maritime Supply Chain’.
Introducing the paper in his Livorno presentation, Huxley said: “As an insurance mutual, TT Club has always been dedicated to minimizing risk through its loss prevention efforts.
“By publishing ‘Risk Focus: Cyber’ we hope to generate more awareness of the risks to help combat the situation.
“Ultimately, the main threat continues to derive from human error – downloading malicious content, opening an unsecured web browser or falling victim to social engineering attacks and phishing scams.”