View non-flash version
On one side, auto- mation has its ben- efi ts, especially as crews grew smaller and ships got bigger. On the fl ip side, how- ever, marine technol- ogy, like most other technology, comes with its own risks. Today’s technologies often require In- ternet connectivity to function properly. A recent study by Boston-based security company Rapid7 found more than 100,000 devices – from traffi c signal equipment to oil and gas monitors – were connected to the Internet using serial ports with inadequate security leaving them vulnerable to breaches or hacking. Hackers seek and exploit weaknesses in computer sys- tems and networks. They may be motivated by a variety of reasons, such as profi t, protest, challenge or just the sport of it. Like most businesses, maritime companies can show weaknesses in their computer systems and networks that many hackers would just love to exploit. RISK ON THE WATER Hackers recently shut down a fl oating oil rig by tilting it, while another rig was so riddled with computer mal- ware that it took 19 days to make it seaworthy again. Last October, Tokyo-based cloud security fi rm Trend Micro Inc. said it discovered fl aws in ships’ mandated automated identifi cation systems, installed in an estimated 400,000 vessels, that can let attackers hijack communications of vessels and even create fake vessels. In another well-pub- licized incident, researchers at Texas A&M University last year “fooled” an $80 million yacht off the coast of Italy as to its location by manipulating its GPS. In the maritime industry, the number of known cases is low as attacks often remain invisible to the company, or businesses don’t want to report them for fear of alarming investors, regulators or insurers. But while it might be fun and games for hackers, a hacking incident can have signifi - cant and costly consequences for vessels and their owners. For the marine industry, areas of vulnerability include: Company information: Breaches in computer networks can pose a threat to fi nancial, customer, employee and oth- er proprietary data, putting it in the wrong hands. Hackers can take down a website and totally interrupt a company’s online operation. Like most companies, maritime compa- nies stores customer and employee information on com- puter systems. For one, consider cruise lines who maintain databases of their loyalty customers, in addition to the more than 300,000 people they employ. By law in the US, any breach of data that is deemed Personally Identifi able Information (PII) must be reported. PII is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. When a breach occurs, most states mandate that companies notify those affected and often- times, companies incur costs to provide credit monitoring services. Ships: In another study, security fi rm Rapid7 was able to collect information from 34,000 vessels around the world using their automatic identifi cation system (AIS) receiver. Using this information they were able to identify and track individual ships, GPS coordinates and outgoing com- munications from every vessel involved, which included 29 law-enforcement vessels and 27 military ships. Somali pirates help choose their targets by viewing navigational data online, prompting ships to either turn off their navi- gational devices, or fake the data so it looks like they’re somewhere else. That doesn’t mean that others are watch- ing in other parts of the world. Ports: Hackers infi ltrated computers connected to the Belgian port of Antwerp, located specifi c containers, made off with their smuggled drugs and deleted the records. A study last year by the Brookings Institution of six U.S. ports found that only one had conducted an assessment of how vulnerable it was to a cyber-attack, and none had developed a plan to response to an attack. Of some $2.6 billion allocated to a federal program to strengthen port security, less than 1 percent had been awarded for cyber security projects. INSURANCECOLUMN Taking Cyber Risks Seriously Once, the stars were all that mariners needed to navigate the seas. Today, maritime companies rely on hi-tech systems to operate and navigate equally hi-tech vessels. All of that comes with new and signifi cant risks. By Christopher Cooke and John Coletti 18 MN October 2014 MN Oct14 Layout 18-31.indd 18 9/18/2014 3:27:46 PM