COSCO Cyber Attack And The Importance Of Maritime Cybersecurity

COSCO shipping has been at the receiving end of a cyber attack this week that saw its operations being hit across the world.

The attack started out in the early hours of Tuesday in its U.S. office, with systems going down and certain email services getting affected. The problem spread out across the Americas over the next few days, with Canada, Panama, Argentina, Brazil, Peru, Chile and Uruguay being affected.

News spread and various news outlets raised the possibility of COSCO being held up by a ransomware attack. Though COSCO's official press releases never substantiated the claims, they neither seemed to put the concerns of a ransomware attack to the ground. The initial statement that came out on Wednesday made no specific mention of the countries that were affected, painting them under the “America regions” and in what can be called a plain-worded explanation at best, called the issue a “local network breakdown”.  

The statements that followed mentioned the countries that were affected, but there still has been no word on the type of attack that the company has come under. Over the last two days, COSCO has been working with customers through its social media page and had also mentioned that the communication lines like its website, emails, EDI, and CargoSmart that remain open to the users had not been compromised.

“So far, all the vessels of our company are operating as normal, and our main business operation systems are performing stably,“ said the statement. “We have and will continue to assess developments and take corresponding measures to minimize the impact of current events on business.”

Following the course of events, it can be seen that though the cyber attack had spread to different centers of COSCO, it has not inflicted major damage as the company’s shipping operations go about unhindered. Then again, the larger issue at hand isn’t this isolated incident, but the frequency of such attacks in the logistics world.

A year has passed since the NotPetya cyber attack on Maersk, which disrupted the company’s operations for many weeks, thus costing the shipping major a loss of about $300 million. What makes this worrisome is the fact that Maersk was not a target, but an accidental victim to an attack targeted at the Ukrainian government. This begs the question - had Maersk been targeted, how much bigger would have been the impact?

Pro-actively building on cybersecurity of systems would help in the longer run, and so would having a contingency plan to tackle situations that go haywire. COSCO shipping seems to have one, as it mentioned that it would be conducting its operations via remote access, ensuring uninterrupted service to the Americas.

Add to this the prospect of autonomous shipping, which could be commonplace in the maritime industry in a decade. Though this looks to be a huge ask, the core technology that drives autonomous vehicles on the road is not entirely different from what could steer ships in the high seas.

Rolls-Royce, a pioneer in engine manufacturing, had recently opened an autonomous maritime research facility at Turku, Finland, to accommodate technologies which the company believes would shape the future of the maritime world. Rolls-Royce hopes to put autonomous ships in the water by 2025, and envisions fully-autonomous vessels carrying cargo across the ocean by 2035.

Ports are not far behind in the quest for automation. FreightWaves covered the port of Rotterdam is great detail, where the daily operations of the port have been fully automated. This includes equipment like forklifts and container cranes, to processes like loading of boxes onto the chassis, movement of boxes, and battery swapping at the yard.

Maritime operations cough up millions of data points every week, and it is crucial for shipping lines to have them stored in a secure database, as data theft is a likely scenario when there is a cyber attack. In essence, it is essential for companies to have a cybersecurity plan afloat, and consciously take steps to bolster its firewalls to stop attacks like the one with COSCO or Maersk from happening.

FreightWaves:

You Might Also Read:

Cybersecurity At Sea

Fallout From Petya On Global Shipping:

« Facebook Loses $123 Billion In Value
Bots & Ballots Make A Sophisticated Threat »

Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Acronis

Acronis

Acronis is a leading backup software, disaster recovery, and secure data access provider to consumers, small-medium businesses, and enterprises.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

Focal Point Data Risk

Focal Point Data Risk

Focal Point is a pure-play data risk management provider capable of offering end-to-end consulting, implementation, and training services.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

NGS (UK)

NGS (UK)

NGS (UK) Ltd are independent, vendor agnostic, next generation security trusted advisors, providing all-encompassing solutions from the perimeter to the endpoint.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute builds on the strength of its members in the area of network and communication security, artificial intelligence, big data and cyber physical systems.