The rush towards digital technology in the maritime world gathers pace every week we read about new technology: blockchain drives further into the industry and paperless certifications are being rolled out by ship registries. But there is a serious side to the digital adventure and last week the Port of San Diego announced its computer systems suffered a “serious” ransomware attack on September 25th followed by hackers demanding a Bitcoin ransom to unlock affected systems. In a bizarre way they were using digital ransom demands to highlight how vigilant we need to be in the maritime world.
According to media reports the port worked with a team of industry experts to minimise impacts, restore the operations and contain the attack. More worrying was the suggestion that some of the Port’s systems would remain proactively shut down as a precaution. While the attacks were apparently aimed at the administration of the Port and its services and not public safety issues, the real threat is to the confidence of users and the maritime world at large.
Ransom demands using Bitcoin are certainly not new; the advantages for the cyber-criminals it that it keeps them a few more arms’ lengths away from the law. The onus is on the industry to embrace technology but put just as much drive into safeguarding systems as sounding sniffy about technology.
The threats to ports and other maritime land-based operations are a clear sign that cyber-criminals are not restricting their attacks to just ships and offshore facilities. We have mentioned before – and it is very much the current case here – that too many people on-board ships and working on offshore platforms have a limited training regime to prepare themselves for such attacks. There is no doubt that training in cyber-security has improved but so have the methods of the hackers. It is unrealistic to expect every seafarer to be fully up to speed on every nuance and new development used by cyber-criminals – but it is realistic to expect better training when challenging these people.
There is no suggestion of complacency in this: training for seafarers at all levels has increased in the past few years with more information available to those working on and operating vessels. Yet cyber-crime moves on as newer threats are developed and just keeping pace with these is a daunting task. If there is a lesson from the recent Port of San Diego threat, it is that complacency does creep in when we are faced with threats that are constantly evolving and when we are naturally behind the curve in dealing with them.