COSCO Cyber Attack And The Importance Of Maritime Cybersecurity

COSCO shipping has been at the receiving end of a cyber attack this week that saw its operations being hit across the world.

The attack started out in the early hours of Tuesday in its U.S. office, with systems going down and certain email services getting affected. The problem spread out across the Americas over the next few days, with Canada, Panama, Argentina, Brazil, Peru, Chile and Uruguay being affected.

News spread and various news outlets raised the possibility of COSCO being held up by a ransomware attack. Though COSCO's official press releases never substantiated the claims, they neither seemed to put the concerns of a ransomware attack to the ground. The initial statement that came out on Wednesday made no specific mention of the countries that were affected, painting them under the “America regions” and in what can be called a plain-worded explanation at best, called the issue a “local network breakdown”.  

The statements that followed mentioned the countries that were affected, but there still has been no word on the type of attack that the company has come under. Over the last two days, COSCO has been working with customers through its social media page and had also mentioned that the communication lines like its website, emails, EDI, and CargoSmart that remain open to the users had not been compromised.

“So far, all the vessels of our company are operating as normal, and our main business operation systems are performing stably,“ said the statement. “We have and will continue to assess developments and take corresponding measures to minimize the impact of current events on business.”

Following the course of events, it can be seen that though the cyber attack had spread to different centers of COSCO, it has not inflicted major damage as the company’s shipping operations go about unhindered. Then again, the larger issue at hand isn’t this isolated incident, but the frequency of such attacks in the logistics world.

A year has passed since the NotPetya cyber attack on Maersk, which disrupted the company’s operations for many weeks, thus costing the shipping major a loss of about $300 million. What makes this worrisome is the fact that Maersk was not a target, but an accidental victim to an attack targeted at the Ukrainian government. This begs the question - had Maersk been targeted, how much bigger would have been the impact?

Pro-actively building on cybersecurity of systems would help in the longer run, and so would having a contingency plan to tackle situations that go haywire. COSCO shipping seems to have one, as it mentioned that it would be conducting its operations via remote access, ensuring uninterrupted service to the Americas.

Add to this the prospect of autonomous shipping, which could be commonplace in the maritime industry in a decade. Though this looks to be a huge ask, the core technology that drives autonomous vehicles on the road is not entirely different from what could steer ships in the high seas.

Rolls-Royce, a pioneer in engine manufacturing, had recently opened an autonomous maritime research facility at Turku, Finland, to accommodate technologies which the company believes would shape the future of the maritime world. Rolls-Royce hopes to put autonomous ships in the water by 2025, and envisions fully-autonomous vessels carrying cargo across the ocean by 2035.

Ports are not far behind in the quest for automation. FreightWaves covered the port of Rotterdam is great detail, where the daily operations of the port have been fully automated. This includes equipment like forklifts and container cranes, to processes like loading of boxes onto the chassis, movement of boxes, and battery swapping at the yard.

Maritime operations cough up millions of data points every week, and it is crucial for shipping lines to have them stored in a secure database, as data theft is a likely scenario when there is a cyber attack. In essence, it is essential for companies to have a cybersecurity plan afloat, and consciously take steps to bolster its firewalls to stop attacks like the one with COSCO or Maersk from happening.

FreightWaves:

You Might Also Read:

Cybersecurity At Sea

Fallout From Petya On Global Shipping:

« Facebook Loses $123 Billion In Value
Bots & Ballots Make A Sophisticated Threat »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clavister

Clavister

Clavister is a network security vendor delivering a full range of network security solutions for both physical and virtualized environments.

Penningtons Manches Cooper

Penningtons Manches Cooper

Penningtons Manches Cooper is a leading UK law firm providing high quality legal advice in areas including Data Protection, Cyber Security and Cyber Crime.

Consortium for Information & Software Quality (CISQ)

Consortium for Information & Software Quality (CISQ)

The mission of CISQ is to develop international standards for software quality and to promote the development and sustainment of secure, reliable, and trustworthy software.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

Defscope

Defscope

Defscope is an Azerbaijani company entirely focused on cybersecurity offering training, security consulting, and other professional services.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

Soteria

Soteria

Soteria is a global leader in the development, integration and implementation of advanced cyber security, intelligence and IT solutions, delivering complete end-to-end solutions.

LBMC

LBMC

LBMC is a professional services solutions provider in accounting and finance, human resources, technology, risk and information security, and wealth advisory services.

Profian

Profian

Profian’s hardware-based solutions maintain your data's confidentiality and integrity in use, providing true confidential computing to meet regulatory and audit requirements.

Zenity

Zenity

Zenity is the first and only security governance platform for low-code/no-code applications.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

Incode

Incode

Incode is the leading provider of world-class identity solutions that is reinventing the way humans authenticate and verify their identities online.

Hanwha Systems

Hanwha Systems

Hanwha Systems is a global company based in South Korea providing defense electronics and smart ICT solutions.