LONDON: The International Maritime Bureau (IMB) has warned that the shipping and supply chain sector is the "next playground for hackers" and says lessons from other industry sectors should be applied quickly to mitigate risk.
TT Club's insurance claims expert Mike Yarwood says incidents that might appear to be just a break-in at an office facility with minimal damage and apparently no theft, are actually instances of "thieves" installing spyware in the operator's IT network.
The IMB says hackers also make use of social networks to target truckers and operational personnel to discover routing and overnight parking patterns. The criminals look to find release codes for containers from terminal facilities, or passwords to discover delivery instructions.
"In instances discovered to date, there has been an apparent focus on specific individual containers in attempts to track the units through the supply chain to the destination port. Such systematic tracking is coupled with compromising the terminal's IT systems to gain access to, or generate release codes for specific containers. Criminals are known to have targeted containers with illegal drugs in this way; however such methods also have greater scope in facilitating high value cargo thefts and human trafficking," Yarwood explains.
In June this year the U.S. Government Accountability Office (GAO) warned about possible cyber threats aimed at US ports. In a scathing report, the GAO noted the Department of Homeland Security, the US Coast Guard and Federal Emergency Management Agency had done little to address cyber security in the maritime environment.
Wil Rockall, a director in KPMG's cyber security team, says maritime control systems are vulnerable to hackers because they are controlled by engineers rather than chief information security officers (CISOs) or chief information officers (CIOs).
"Most ports and terminals are managed by industrial control systems which have, until very recently, been left out of the CIO's scope. Historically, this security has not been managed by company CISOs and maritime control systems are very similar," he notes.
Rockall adds the improvements many companies have made to their corporate cyber security have not been replicated in the shipping environment: "It has meant that many companies and their clients are sailing into uncharted waters when they come to try and manage these risks."