10 OCT 2020
For the past days, visitors to the official International Maritime Organization website, www.IMO.org, have been greeted with the message “This website is under maintenance.” But the maintenance is not routine, it’s the result of a cyber attack and comes at a time when the IMO is under intense scrutiny, is working to bring attention to the global crew crisis, and is asking member nations to enforce “IMO 2021“, a resolution requiring ship owners to invest in cyber security measures.
The attack also comes just days after Shipping Giant CMA CGM was hit by a ransom ware cyber attack.
“What could have motivated these attacks?” asks Dr Will Perez, Director of Cyber security Solutions at Moran Cyber. “Was it a random occurrence or a targeted message to the international maritime industry?”
gCaptain first noticed the trouble early morning (30th OCT) while following up on our recent article about the organization, which is a branch of the United Nations, questioning the reports of journalists. A few hours later the IMO tweeted this message:
Today the IMO tweeted a new statement admitting it was hacked. “The interruption of service was caused by a cyberattack against our IT systems,” says the tweet. “IMO is working with United Nations IT and security experts to restore systems as soon as possible, identify the source of the attack, and further enhance security systems to prevent a recurrence.”
An IMO spokesperson then told Reuters that internal and external emails continued to work normally and that the organization was working to restore access to public documents.
Could The Attack Be Related To Wakashio?
We don’t know that the source of the attack but we do know it happened just weeks after over 100,000 protesters took to the streets in Mauritius to protest the mishandling of MV Wakashio salvage and oil recovery efforts.
While the IMO has released a statement claiming their involvement in the spill was limited, the fact remains that they are the lead UN agency in Mauritius and, in numerous videos, the IMO expert they sent to represent the organization claimed responsibilities and provided damaging advice beyond the scope of the IMO’s charter and in the wake of these massive protests, rather than correcting his errors, the organization issued a new statement saying they “fully back” his work. (NB: we can’t link to the statement due to the website errors).
The situation in Mauritius has deteriorated to such an extent that the Pope himself has called for more help.
Journalists too have cried numerous times for help (literally cried in the case of this author). “When the Pope has to intervene in your industry, you know you’re in trouble.” wrote Forbes contributor and BBC veteran Nishan Degnarain. “How many more signals does the IMO need to see to believe that global shipping is an industry in meltdown?” he continued in a follow-up article this week.
RELATED ARTICLE: IMO FAIL – Forbes Drills Deep Into The Wakashio Salvage Efforts
“It is unacceptable for a poor third-world government only to receive tens of millions of dollars in compensation for a clean-up that will cost hundreds of millions of dollars to undertake,” argued David Osler of Lloyds List. “Even if that is legally right, it is morally wrong.”
“The IMO has fossilized; it needs something to wake it up.” said Andrew Craig-Bennett in last week. “A change of scenery (To Singapore) might do that.”
This is not the first attack (nor the last)
The 2017 Not Petya malware attack grabbed global headlines caused massive disruption and required Maersk to rebuild its network of 4,000 servers and 45,000 PCs costing the company hundreds of millions of dollars and the total cost to the world economy was much higher.
In 2017 Hackers stole classified Navy warship blueprints from DSME’s shipyard in Korea.
In 2018, COSCO Shipping Lines was hit by a cyber-attack affecting terminal operations, while the ports of Barcelona and San Diego were targeted in separate ransom ware attacks.
This week the French shipping giant CMA CGM said that its back-offices are gradually being reconnected to the network, after a major attack the costs of which are still unknown.
And these are just the major headlines. Thousands more small or unsuccessful attacks happen against the maritime industry computers, systems, and people every day.
What Happened Today?
Via the use of basic open-source intelligence (OSINT) tools it appears that the IMO website was using an older version of Microsoft SharePoint that may be been exploited and compromised.
“Until further details are revealed in the coming days it is uncertain if indeed the attack was sophisticated or trivial,” says Dr. Perez of Moran Cyber. “In any event, the takeaway from this incident is that the maritime industry has been operationally and reputationally impacted this year with cyber-attacks.”
According to Perez, to protect against this type of attack, Internet-accessible systems need to be vigilantly maintained by keeping them updated and locked down as much as functionally possible to help reduce the threat surface and risks but many maritime companies are adopting the use of cloud-based collaboration platforms such as Microsoft Office365 for email and document sharing to improve the resiliency, operational efficiency, and security in place of their traditional on-premise IT systems.
I’m not sure what all that means either but the bottom line is that maritime companies should hire professionals with maritime expertise and experience protecting ships and IT/OT systems against attack.
IMO CYBERSECURITY 2021
Further embarrassing the subject the IMO was preparing to new cybersecurity guidelines that require shipping to beef up digital security measures by the end of this year.
In a series of resolutions, the industry has nicknamed “IMO2021” requires that by December 31st ship owns must develop comprehensive cyber risk management programs based around five major areas of concern: identifying risk, detecting risk, protecting assets, responding to risk and recovering from attacks.
Shipping companies will not only need to harden assets ashore but also aboard their ships. Each ship will be required to undergo a cyber risk analysis that assesses threats and vulnerability, as well as the impact of hackers on all digital systems critical for the safe operation of ships.
The IMO considers these new rules essential because the fallout from a coordinated attack on shipping would have disastrous results not just for ships but the world economy itself. According to the World Shipping Council, liner shipping terminals trade more than $4 trillion worth of goods destined to the U.S. alone and terminals are increasingly dependant of digital systems.
A cyber attack at sea could be much worse. According to a study by Allianze insurance, a worst-case scenario involving the collision and grounding of two large vessels in an environmentally-sensitive location could result in significant loss of life, untold environmental damage, and financial losses “as big as $4bn when the cost of disruption, salvage, wreck removal, and environmental claims are considered.” That’s the potential damage if just one ship’s navigational computers get hacked.
If hackers were able to hack into the autopilot systems of an entire global fleet of vessels the damage would be unimaginable.
Companies like Moran Cyber can assist maritime companies to reduce the risks of these attacks but, as is usually the case in this industry, some shipping companies are waiting until the current IMO2021 grace period to expire before fully securing their systems and with the number of active attacks happening now specialized security teams might not have the bandwidth this December to take on new clients.
It’s going to get a lot worse.
Cyber security experts have been warning the IMO about this problem for many years and most cyber experts say that the IMO 2021 requirements are not nearly enough.
The question we are thinking is: Will these problems be enough to finally wake up the IMO?
Will they begin to take real and immediate action or continue to push soft regulations (e.g. IMO 2021).
Or will the IMO continue to defend the status quo?