COSCO Cyber Attack And The Importance Of Maritime Cybersecurity

COSCO shipping has been at the receiving end of a cyber attack this week that saw its operations being hit across the world.

The attack started out in the early hours of Tuesday in its U.S. office, with systems going down and certain email services getting affected. The problem spread out across the Americas over the next few days, with Canada, Panama, Argentina, Brazil, Peru, Chile and Uruguay being affected.

News spread and various news outlets raised the possibility of COSCO being held up by a ransomware attack. Though COSCO's official press releases never substantiated the claims, they neither seemed to put the concerns of a ransomware attack to the ground. The initial statement that came out on Wednesday made no specific mention of the countries that were affected, painting them under the “America regions” and in what can be called a plain-worded explanation at best, called the issue a “local network breakdown”.  

The statements that followed mentioned the countries that were affected, but there still has been no word on the type of attack that the company has come under. Over the last two days, COSCO has been working with customers through its social media page and had also mentioned that the communication lines like its website, emails, EDI, and CargoSmart that remain open to the users had not been compromised.

“So far, all the vessels of our company are operating as normal, and our main business operation systems are performing stably,“ said the statement. “We have and will continue to assess developments and take corresponding measures to minimize the impact of current events on business.”

Following the course of events, it can be seen that though the cyber attack had spread to different centers of COSCO, it has not inflicted major damage as the company’s shipping operations go about unhindered. Then again, the larger issue at hand isn’t this isolated incident, but the frequency of such attacks in the logistics world.

A year has passed since the NotPetya cyber attack on Maersk, which disrupted the company’s operations for many weeks, thus costing the shipping major a loss of about $300 million. What makes this worrisome is the fact that Maersk was not a target, but an accidental victim to an attack targeted at the Ukrainian government. This begs the question - had Maersk been targeted, how much bigger would have been the impact?

Pro-actively building on cybersecurity of systems would help in the longer run, and so would having a contingency plan to tackle situations that go haywire. COSCO shipping seems to have one, as it mentioned that it would be conducting its operations via remote access, ensuring uninterrupted service to the Americas.

Add to this the prospect of autonomous shipping, which could be commonplace in the maritime industry in a decade. Though this looks to be a huge ask, the core technology that drives autonomous vehicles on the road is not entirely different from what could steer ships in the high seas.

Rolls-Royce, a pioneer in engine manufacturing, had recently opened an autonomous maritime research facility at Turku, Finland, to accommodate technologies which the company believes would shape the future of the maritime world. Rolls-Royce hopes to put autonomous ships in the water by 2025, and envisions fully-autonomous vessels carrying cargo across the ocean by 2035.

Ports are not far behind in the quest for automation. FreightWaves covered the port of Rotterdam is great detail, where the daily operations of the port have been fully automated. This includes equipment like forklifts and container cranes, to processes like loading of boxes onto the chassis, movement of boxes, and battery swapping at the yard.

Maritime operations cough up millions of data points every week, and it is crucial for shipping lines to have them stored in a secure database, as data theft is a likely scenario when there is a cyber attack. In essence, it is essential for companies to have a cybersecurity plan afloat, and consciously take steps to bolster its firewalls to stop attacks like the one with COSCO or Maersk from happening.

FreightWaves:

You Might Also Read:

Cybersecurity At Sea

Fallout From Petya On Global Shipping:

« Facebook Loses $123 Billion In Value
Bots & Ballots Make A Sophisticated Threat »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security is a leading manufacturer of network security appliances for use in industrial environments.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

Cyber Data-Risk Managers

Cyber Data-Risk Managers

Cyber Data-Risk Managers Pty Ltd is an insurance broker based in Melbourne, Australia specializing in Cyber insurance / Data breach insurance.

Assuria

Assuria

Assuria Cyber Security solutions provide protective monitoring of systems and user activity across the whole IT infrastructure.

CERT-AM

CERT-AM

CERT-AM is the national Computer Emergency Response Team for Armenia.

ISGroup (Information Security Group)

ISGroup (Information Security Group)

ISGroup services include network penetration testing, Web application penetration testing, ethical hacking, vulnerability assessments, code review and associated training.

e2e-assure

e2e-assure

e2e Protective Monitoring and Security Operations Centre (SOC) Service is a complete cyber defence service to protect your critical assets from cyber attacks and GDPR breaches.

Hypori

Hypori

Hypori is a virtual smartphone solution that makes truly secure BYOD a reality for organizations in healthcare, finance, government, and beyond.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

FluidOne

FluidOne

FluidOne are an award-winning Connected Cloud Solutions provider. We design tailored solutions to help customers and partners digitally transform their IT and communications.

V3 Cybersecurity

V3 Cybersecurity

V3 Cybersecurity is a unique company focused on contextualization of security programs from a business perspective. Our mission is to provide enterprise IT Risk Management capabilities.

FTI Consulting

FTI Consulting

FTI Consulting is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes.