Maritime Cyber Resilience - Just chat or is real?
Maritime Cyber Resilience– conversations are underway, but have we improved our maritime cyber resilience?
The Maritime Sector and Virtual Stowaways
Another shipping company experiences a cyber attack. Whilst light on detail, (BW Group should be commended for sharing their incident), initial reports indicate that in July 2017, a cyber event occurred at BW group, that was initiated by unauthorised access to BW Group's computer systems resulting in the temporary non-availability of some business systems. It has been reported that future mitigation efforts to address this unauthorised access include “fool proof security products” and “dedicated personnel managing these products”.
Admiral Nelson's blind eye, Maersk and petya
At the Battle of Copenhagen in 1801, Admiral Nelson famously stated that he had the right to be blind sometimes. He raised his telescope to his blind eye and thus did not read the signal to retreat from the battlefield. Sometimes in life, turning a blind eye at a problem can result in reaping the benefits, in this case the Royal Navy won a significant sea battle. When considering the cyber threat to the maritime sector, turning a blind eye will not lead to a resilient security posture.
Petya, the maritime sector and wolf packs Two
My previous article on petya indicated that it was not clear if this cyber attack was motivated by ransomware or the more destructive wiper. It is still being assessed and there is some discussion as to who was the main target. However the Ukraine seems to have experienced the most disruption. So whilst it is reasonable to conclude that the maritime sector was not specifically targeted by petya, it is fair to say that this is the first substantive attack that has had worldwide impact upon maritime operations.
Petya/Peyra- Ransomware or wiper?
For all of the discussion over the petra/pnetya/petya ransomware/wiper malware, what is abundantly clear is the requirement to implement more effective cybersecurity controls. It is self-evident that the decisions on which controls to select will depend upon an enterprise’s security posture and risk appetite.