Simple steps to follow in a complex cyber threat environment like the maritime sector
By Jason P. Atwell, Senior Advisor, Global Intelligence, Mandiant, Inc.
As the war in Ukraine drags on, the maritime industry will continue to come under increasing pressure, not the least of which is the exploitation of the environment by cyber threat actors. Russia knows how essential the maritime sector is to its own survival and to the effectiveness of its adversaries’ military and economic countermovements.
The Black Sea plays a vital role in Russia’s strategic objectives in its invasion of Ukraine, as depriving Ukraine of access to this body of water will severely degrade its independence as a nation state. The Baltic Sea and its ports account for 70-85% of all oil exported from Russia, while the Arctic Ocean and its associated terminals account for most of the rest, meaning that these two bodies of water are critical to the economic health of Russia. The Arctic, in particular, will be crucial to any Russian efforts to free its oil and gas industry from sanctions by bypassing the ports and waters of “hostile” nations. Finally, Russian-flagged ships are quickly banned from most Western ports, further reinforcing the maritime sector as critical to Russia’s ability to sustain its economy and wage war.
On the other side of the equation, deep-sea ports are the most efficient way to get important military cargo to Europe, both to reinforce NATO forces and to ship weapons. heavy to Ukraine. Whether it’s the most advanced Russian threat group or low-level criminals, or even other actors like China and Iran looking to take advantage, it’s probably only a matter of time before a major cyber incident in the maritime domain does not mark this conflict.
So what can ship captains and harbor masters do to survive in this threat environment?
Protecting yourself from Russian hackers or intelligence operatives as well as cybercriminals or hacktivists can seem like a daunting task when the number of security, navigation, technology and training needs are already among the highest of any industry. . The rapid digitization and optimization of maritime supply chains is also resulting in a technology-intensive industry, but also with a much larger attack surface than ever before. Securing and defending this attack surface means a renewed effort to define the roles that the company plays in cybersecurity, especially in the face of a crisis like the war in Ukraine. This means that everyone, from a tugboat crew member to a crane operator to a maintenance worker on an oil rig, can play a role in this effort. The good news is that many of the best practices are relatively simple and can be incorporated into existing security controls and operating procedures.
Starting from a very high level, decision-makers in the maritime sector can re-examine the role of technology in their ability to operate. This means reviewing technology supply chains to analyze exposure to products made in places like China or Russia that could prove vulnerable. It also means revisiting technology risk management. Decision makers should consider the likelihood and impact of disruption of any deployed technology before integrating it into their operations.
Below that, technology operators should ensure more than ever that any equipment that relies on a computer or network connection is appropriately protected, whether through software updates, limiting the physical access or through strong and cyclical passwords. This applies to everything from navigation systems on ships to computers used for planning and inventories in ports. At this level, it is also essential that the fingerprints and signatures of these devices are managed appropriately, i.e. accurate inventories, as well as a complete knowledge of what is and is not networked or connected, are essential to secure them.
Finally, at the individual level, we all play a role in cybersecurity, especially in a rapidly changing threat environment. Do not share passwords, hold each other accountable for poor password practices (sticky notes or repeating patterns, anyone?), be appropriately wary of unsolicited emails, direct messages on social media and cellular texts that could be phishing, and not trusting things like thumb drives when their origin is uncertain. All of these elements together help protect any organization against the most likely and common attacks.
Additionally, collaborative discussions between leadership and team levels need to distinguish the “what ifs” of networks and technology in this environment. Crews must demand that those ashore consider the impact of a new hacked or degraded system on its operators, while those making sourcing decisions must also implement corresponding security checks whenever a system is provided to an operator. Organizations also need strong continuity programs and incident response planning to ensure resilience and survivability in the event of a large-scale breach or ransomware attack.
In today’s cyber threat environment, organizations need to plan for the possibility, not the possibility, of an attack. It’s never too late to put in place the appropriate arrangements and relationships, both internal and external, that will be essential to withstand a cyberattack. Every individual at every level of an organization has an important role to play.
Jason P. Atwell is the Senior Global Intelligence Advisor at Mandiant, Inc., the world leader in dynamic cyber defense and response.