With moderate optimism
29 August 2024
Power from the port wharf
13 September 2024
– Cybercriminals are winning. Large companies rarely fall victim to hacking attacks. Small and medium-sized companies, on the other hand, become easy targets, because they do not implement adequate security solutions – concludes Brian Foremny, head of SECNAP Network Security
According to “The Blue Report” by cyber security firm PICUS, the effectiveness of security measures used in the TSL industry is 65%, meaning that for every 3 attacks, 2 are successful. As a result, it is estimated that the total amount of damage caused by ransomware worldwide reached $20 billion, up from $325 million in 2015.
Although current global annual spending on cybersecurity is about $150 billion, and will reach $265 billion by 2031, malware developers are constantly creating new generations of solutions that are increasingly difficult to detect. This forces cyber security providers to constantly stay ahead of threats. The maritime and transport sector is not an exception.
– There were 2 break-ins in 2021 at a major Japanese shipping company in the same year. It took 10 days to repulse the attack and restore operations. A few months later, a large container shipping company lost all its customer data. In November 2021, transportation companies in Singapore and Greece lost confidential information, including proprietary data of their customers. We don’t know whether state-sponsored groups trying to steal government secrets and attack critical infrastructure or organized crime trying to make money were behind it. However, these were critical incidents, says Sameer Bhalotra, co-founder and CEO of ActZero, a cyber security company.
This also applies to the offshore wind sector. DNV, in its report “Energy Transition Outlook,” notes the consequences of such incidents. It cited, among other things, cyber attacks on Enecron, a wind turbine manufacturer in Germany, as a result of large-scale disruption of Viasat satellite links. The attack took place in February 2022, at the time of the Russian aggression against Ukraine, and resulted in the company losing the ability to remotely control and monitor 5,800 turbines. In contrast, Nordex, another German wind turbine manufacturer, fell victim to a ransomware attack last March. Its IT system was blocked, but the turbines remained intact.
And as far as Poland is concerned, the most spectacular incidents of recent months were fortunately not attacks on TSL companies, but were nevertheless indicative of how big the threat lurks online. There was, for example, a ransomware attack on the Academy of Military Arts in July 2023, behind which was the CyberTriad group with links to Russia. And in November 2023, a ransomware attack by hackers from the RA World group affected ALAB Medical Laboratories, leaking thousands of sensitive information.
Blurring the lines between physical security and cyber security is now a challenge for organizations around the world. These areas intertwine. This is because a breach of security in one area can have direct consequences in another. Thus, for example, in mid-December last year, Ukraine’s largest telecoms operator Kyivstar fell victim to a cyber-attack that deprived its subscribers, a total of more than 24 million people, of connectivity and internet and the ability to pay by card. According to the SBU, the incident was allegedly claimed by one of the groups linked to Russia’s GRU military intelligence service. At the same time, Ukrainian banks reported disruption of branch and terminal operations, due to cyber activities.
Then again, Ukraine often falls prey to Russian hackers and the physical consequences were felt by the population especially during the cyber attacks by the Sandworm group targeting the energy infrastructure in 2015 – 2016, which resulted in blackouts in large parts of the country, even lasting for days at a time.
The US action against uranium enrichment facilities in Iran is also an example of this. The Stuxnet virus remotely damaged around 2000 rotors at the Natanz site in late 2009 and early 2010, out of a total of 8700 pieces of equipment operating there.
As you can see, cyber incidents very simply translate into physical security, which can also apply to the maritime sector. In 2022, researchers from the Norwegian University of Science and Technology (NTNU) in Trondheim examined 46 cyber-attacks in the shipping industry between 2010 and 2020, and noted that the number increased 7-fold over the period. Incidents were described in which transportation systems have been fooled into believing that smuggled drugs are bananas, or GPS systems have been hacked or disabled to hide the true location of ships, including on the northern coast of Norway. Things could get even worse, however.
– Imagine that hackers take control of an oil tanker, the largest of which can hold more than 2 million barrels of oil, or nearly 320 million liters. If they take control of the ship and open the valves, it spells environmental disaster – states Marie Haugli Larsen, a doctoral student in maritime cyber security at the Department of Ocean Operations and Civil Engineering at NTNU.
There are also drones. In their case, ensuring physical security can be fully combined with the cyber security aspect. Only recently, when analyzing such threats, drones have been considered, which can be used to breach network security, steal data or introduce malware, in places where human access is difficult. One example is a 2020 incident targeting an east coast US investment firm, where the goal was to hack into the internal network to seize customer financial data. The attack was thwarted after modified drones equipped with, among other things, a mini laptop and a Pineapple device used to hack Wi-Fi networks were discovered on the roof of the company’s headquarters.
