COSCO fleet could still be at risk following attack, warns cyber expert

Sela warns vessels can be ensnared in an on-shore cyber breach. Credit: Naval Dome
Sela warns vessels can be ensnared in an on-shore cyber breach. Credit: Naval Dome

COSCO Shipping moved quickly to contain the security breach uncovered on 24 July disrupting its Americas operations, but the vessel operator’s swift response may have been too late to prevent wider damage, a maritime cyber defence specialist has warned.

The Shanghai-based container line notified customers on 26 July that it had isolated its internal networks across its worldwide operations and was able to recover network applications in all regions except the Americas.

“It is expected that the network applications will be gradually back to normal soon,” the company stated, adding that while it was using remote access to ensure operations in the region continued, “during the network failure period, there could be delays in service response in the Americas”.

But cyber security firm Naval Dome, founded by Israeli ex-navy officers and cyber defence experts, stressed that despite COSCO’s precautions, its vessels are still vulnerable because of internal links between ship- and shore-based operations.

“Vessels do not need to be attacked directly, but an attack can arrive via the company’s shore-based IT systems and very easily penetrate the ships’ critical [operating] systems,” Naval Dome CEO Itai Sela told IHS Markit.

“Although COSCO has been quick to respond to this hack, the virus may have been dormant for some time, so I would not be surprised if other systems – shore- and ship-based systems – have been breached. We strongly recommend to whoever discovered the attack to thoroughly verify the breach has been contained and has not infected any ships in the COSCO fleet.”

Fallout detected from the breach so far has been relatively minimal, with container terminal operators at North American ports telling IHS Markit sister publication JOC.com that they are processing documentation from COSCO Shipping vessels slower than usual.

After a ransomware attack struck Maersk and its subsidiary APM Terminals last year – it cost Maersk an estimated USD250–300 million – the US Coast Guard called for more “unified effort” to better defend against cyber incidents, and has since stepped up efforts through cyber-awareness training.

Despite the increased attention being paid to cyber security in the maritime sector, however, the size and scope of the threat are still largely unknown, due in part to shipowners’ reluctance to share their experiences, according to BIMCO’s Phil Tinsley, speaking on the issue during London International Shipping Week last year.

In addition, while many consider blockchain an effective protection against unauthorised data corruption, and could thus be used as a deterrent against cyber threats, a recent survey by law firm Reed Smith revealed that shipowners and vessel operators are more preoccupied with tackling environmental compliance than pursuing investments in the technology.

Sela believes the COSCO attack, like the ransomware breach against Maersk, “will no doubt send shockwaves throughout the industry and encourage board members to take immediate, effective protection”, he said. “Regulators need to implement workable rules and guidelines to help this vitally important global industry defend itself properly.”

Note: Tanya Blake, editor of IHS MarkitSafety at Sea, contributed to this article. Follow her on Twitter: @tanya_blake