COSCO Cyber Attack And The Importance Of Maritime Cybersecurity

Uploaded on 2018-07-31 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Transport & Travel

COSCO shipping has been at the receiving end of a cyber attack this week that saw its operations being hit across the world.

The attack started out in the early hours of Tuesday in its U.S. office, with systems going down and certain email services getting affected. The problem spread out across the Americas over the next few days, with Canada, Panama, Argentina, Brazil, Peru, Chile and Uruguay being affected.

News spread and various news outlets raised the possibility of COSCO being held up by a ransomware attack. Though COSCO's official press releases never substantiated the claims, they neither seemed to put the concerns of a ransomware attack to the ground. The initial statement that came out on Wednesday made no specific mention of the countries that were affected, painting them under the “America regions” and in what can be called a plain-worded explanation at best, called the issue a “local network breakdown”.  

The statements that followed mentioned the countries that were affected, but there still has been no word on the type of attack that the company has come under. Over the last two days, COSCO has been working with customers through its social media page and had also mentioned that the communication lines like its website, emails, EDI, and CargoSmart that remain open to the users had not been compromised.

“So far, all the vessels of our company are operating as normal, and our main business operation systems are performing stably,“ said the statement. “We have and will continue to assess developments and take corresponding measures to minimize the impact of current events on business.”

Following the course of events, it can be seen that though the cyber attack had spread to different centers of COSCO, it has not inflicted major damage as the company’s shipping operations go about unhindered. Then again, the larger issue at hand isn’t this isolated incident, but the frequency of such attacks in the logistics world.

A year has passed since the NotPetya cyber attack on Maersk, which disrupted the company’s operations for many weeks, thus costing the shipping major a loss of about $300 million. What makes this worrisome is the fact that Maersk was not a target, but an accidental victim to an attack targeted at the Ukrainian government. This begs the question - had Maersk been targeted, how much bigger would have been the impact?

Pro-actively building on cybersecurity of systems would help in the longer run, and so would having a contingency plan to tackle situations that go haywire. COSCO shipping seems to have one, as it mentioned that it would be conducting its operations via remote access, ensuring uninterrupted service to the Americas.

Add to this the prospect of autonomous shipping, which could be commonplace in the maritime industry in a decade. Though this looks to be a huge ask, the core technology that drives autonomous vehicles on the road is not entirely different from what could steer ships in the high seas.

Rolls-Royce, a pioneer in engine manufacturing, had recently opened an autonomous maritime research facility at Turku, Finland, to accommodate technologies which the company believes would shape the future of the maritime world. Rolls-Royce hopes to put autonomous ships in the water by 2025, and envisions fully-autonomous vessels carrying cargo across the ocean by 2035.

Ports are not far behind in the quest for automation. FreightWaves covered the port of Rotterdam is great detail, where the daily operations of the port have been fully automated. This includes equipment like forklifts and container cranes, to processes like loading of boxes onto the chassis, movement of boxes, and battery swapping at the yard.

Maritime operations cough up millions of data points every week, and it is crucial for shipping lines to have them stored in a secure database, as data theft is a likely scenario when there is a cyber attack. In essence, it is essential for companies to have a cybersecurity plan afloat, and consciously take steps to bolster its firewalls to stop attacks like the one with COSCO or Maersk from happening.

FreightWaves:

You Might Also Read:

Cybersecurity At Sea

Fallout From Petya On Global Shipping:

« Facebook Loses $123 Billion In Value
Bots & Ballots Make A Sophisticated Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

GSMA - IoT Security Guidelines

GSMA - IoT Security Guidelines

GSMA has created a set of security guidelines for the benefit of service providers who are looking to develop new IoT products and services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

Critifence

Critifence

Critifence provides unique Cyber Security solutions designed for Critical Infrastructure, SCADA and Industrial Control Systems.

Rewertz

Rewertz

Rewterz is a cyber security company based out of Dubai, serving customers in UAE, Oman, Qatar, Bahrain, Saudi Arabia, and Pakistan.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

BIND 4.0

BIND 4.0

Bind 4.0 is an acceleration program geared toward tech startups with solutions applied to Advanced Manufacturing, Smart Energy, Health Tech or Food Tech fields.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Robo Shadow

Robo Shadow

Robo Shadow are trying to bridge the gap between the top tier organisations that can afford everything and everyone else who has to “Make it up as they go along” when it comes to Cyber.

Comparitech

Comparitech

Comparitech strives to promote cyber security and privacy for all. We are committed to providing detailed information to help our readers become more cyber secure and cyber aware.

Cyber Security Services

Cyber Security Services

Cyber Security Services is a cyber security consulting firm and security operations center (SOC).

Red Access

Red Access

Red Access provides the first SaaS-based platform to protect web browsing from cyber threats on any browser and any in-app while ensuring frictionless user experience.

Association for Uncrewed Vehicle Systems International (AUVSI)

Association for Uncrewed Vehicle Systems International (AUVSI)

AUVSI is the world's largest nonprofit organization dedicated to the advancement of uncrewed systems and robotics. Focus areas include cyber security for uncrewed systems and robotics.