The cyber attack that hit Maersk this week underscores the need for vessel operators to work with government to thwart future break-ins by hackers, according the US Coast Guard’s top safety official.
Paul Thomas, assistant commandant for prevention policy at the agency, said in a statement issued on 29 June that “while there is no reason at this time to suspect this was an intentional attack on the port facilities impacted … there is no doubt that attacks against foreign business systems resulted in disruptions in business continuity, cargo operations, and shipping at certain ports in the United States, in ways that may not have been anticipated or understood previously.
“Preparing for cyber incidents must continue to be a unified effort of the maritime industry and government agencies.”
Thomas said the coast guard is monitoring and helping to mitigate cargo disruptions at US ports that resulted from the “ransomware” attack, which struck Maersk on 27 June, hitting the shipping conglomerate’s liner operations as well as its box terminal subsidiary APM Terminals (APMT).
APMT’s terminal at Port Elizabeth, New Jersey, which was forced to shut down for two days, planned to have “modified gate access” on 30 June but would not be processing exports. Nearby Port Newark Container Terminal (PNCT), which was not directly affected, alerted customes that Maersk import containers moving through terminal may not be readily available. APMT also operates in the United States at the ports of Los Angeles, Miami, Mobile, and Tacoma.
Cyber-security has been moving up the coast guard priority list over the past three years. After publishing a general cyber strategy in 2015, it has worked with shipowner groups on more specific voluntary guidelines. Last year it unveiled a cyber-risk profile scheme for liquid bulk operators.
But despite the increasing attention paid to the issue by regulators and the industry, this week’s cyber attack against the world’s largest container operator and other companies swept up in the attack are still considered a wake-up call.
“The outcomes are a reminder of the importance of cyber risk management [CRM] in the Marine Transportation System [MTS] globally,” Thomas said. “As such, the coast guard will continue to improve cyber awareness and address governance throughout the MTS.”
Vessel operators should be focusing on identifying personnel responsible for CRM, he asserted, and put in place shipboard procedures for operating and maintaining cyber systems that control security, safety, and environmental functions.
“Wherever possible, such systems should have fail-safes and manual control options to limit the impacts of possible cyber disruptions. Maintaining current backups of critical data in a cyber isolated location can also reduce vulnerability.”