Feature: Attack of the cybermen
As a new series of the long-running BBC TV series involving a time-travelling hero begins, more dire warnings are being made about the threats the real world including shipping faces from dark forces operating in cyber-space.
Among the most recent ringers of alarm bells have been regulators of financial markets and maritime fraud experts warning that “cyber attacks” are increasing and everyone needs to be more vigilant and careful with their passwords.
Last week the International Martime Bureau (IMB, the London-based agency that has been prominent in the fight against piracy, warned shipping that it is becoming “the next playground for hackers” as criminals among others exploit weaknesses in the maritime supply chain to smuggle drugs, contraband and even people.
This week the head of a global body representing financial regulators told the Financial Times the next major financial shock would come from cyberspace. The chairman of the board of the International Organisation for Securities Commissions (Iosco) said a succession of attacks on “financial players” would result in the next “black swan event” – a reference to the crisis of 2008 whose effects are still being felt.
Last year Iosco claimed more than half of the world’s securities exchanges had been the subjects of cyber attacks. Central banks and stock exchange regulators now regularly test the “cyber resilience” of financial sectors, with the Bank of England, for example, carrying out its most recent “Waking Shark” desktop exercise in November last year.
The Iosco chairman told the Financial Times there was “a lack of consistency in approach” to cyber security among financial firms and regulators around the world. Their increasing interconnectedness and interdependence mean they are only as strong as the weakest link.
Banks, other financial institutions and large online retailers are, of course, the obvious targets for criminals looking for rich pickings, but perhaps those looking for easier ways to make money are turning to transport and maritime logistics, in particular, where cyber security may be less watertight.
The IMB quoted incidents reported by the mutual insurer TT Club of what appeared at first to be “petty” office break-ins but on closer examination turned out to have been cover for the installation of spyware in logistic companies’ IT systems.
Combining spyware with monitoring social networks to check on locations and planned movements of personnel such as truck drivers enabled criminals to track containers. Hacking into a terminal’s IT system also meant they could release containers at selected times in order to either steal valuable cargoes or smuggle drugs and traffick people more easily.
The IMB also quoted cyber security experts who point out that terminals’ IT systems are too often geared towards operational efficiency and safety, while implementation of cyber security systems was left to engineers who “normally focus” on optimising those processes.
A report published in June by the US government spending watchdog, the General Accountability Office (GAO), also warned more needed to be done by American agencies such as the US Coast Guard to protect ports and terminals from cyber attacks. (The GAO helpfully identifies the main types of cyber attacks and attackers.)
The report also confirmed that a European terminal had been the subject a cyber attack last year when malware was installed by hackers to enable smugglers to track the movement of containers. The incident was reported by Europol’s Cyber Crime Centre and confirmed, the GAO said, by the US Federal Bureau of Investigation.
Last year a report by the US National Maritime Intelligence Integration Office (NMIO) also highlighted the risks and noted, while the number of actual and reported incidents was “low to non-existent”, insurers were incorporating online threats in their risk assessment models.
“Should the loss of a vessel or a major port disruption ever be traced to a cyber attack,” the NMIO said, “costly new regulation and insurance mandates are likely to follow.” It added that now was a “good time for maritime operators and their business partners to begin incorporating cyber risk assessments into their regular risk modelling.”
The problem for maritime operators, banks, business in general and individuals is that it is increasingly difficult to keep up with the latest developments in technology and the ways in which it creates new opportunities for cyber attackers.
The NMIO report, for example, refers to cloud computing and the “internet of things” where “smart” devices – from televisions to cookers – are connected to the internet in ways that are useful but at the same time dangerous. (Experts have already found ways to hack into smart refrigerators and central heating.)
“Next-generation mobile scanners,” according to the NMIO, “will also empower customs officers with better cargo monitoring capabilities to uncover contraband or undocumented immigrants. Cloud-based data stores already allow operators to store or exchange information in multiple domains and legal jurisdictions.”
Shippers, the report added, were also mandating the use of mobile radio-frequency identification (RFID) on some sensitive cargoes to meet more stringent security requirements. “RFID-enabled” products –smart cargoes perhaps – are now reporting their locations and “environmental changes” as they travel across sea and land.
But, as the NMIO pointed out, such developments, while delivering benefits, also create new opportunities for criminals and others. Cloud computing systems, for example, present “many new entry points for hackers looking to disrupt sea-based or port-based systems from afar”.
While the maritime versions were not “inherently more insecure” than their land-based counterparts, they did, however, have a number of “operational and environmental challenges that may require more stringent security engineering”.
What concerns the NMIO, of course, is that what affects civilian transport also affects the ability of the US and its allies to maintain naval effectiveness. Ports, for example, may be commercial entities but they may also be required to serve their country or its allies in time of conflict.
In the fictional world of Doctor Who the cybermen always lose, but in the real world the cyber attackers seem that much harder to beat.
Source: BIMCO
