THE cyberattack on CMA CGM has again highlighted the dangers faced by shipping from malicious actors taking advantage of an ever more digitally connected industry, reports London's Lloyd's List.
CMA CGM had already been a victim of cyberattack last year, but the French container line is not alone. Other notable cases include the NotPetya attack that affected Maersk in 2017, the outage at the International Maritime Organization and Mediterranean Shipping Co (MSC) last year and an attack on South African ports operator Transnet earlier this year.
"There is one incident on a ship every day, and attacks on shipping have increased 900 per cent in the three years to 2020," said HFW global head of shipping Paul Dean. "There is a ransomware attack once every 10 seconds."
Speaking in a webinar before the latest attack, Mr Dean said container shipping had a greater vulnerability to attack than was seen in other sectors.
Hackers say they have exposed part of CMA CGM's customer data via a link to Google Drive and threatened to 'lay out the entire database' in a week.
"What happened on Golden Ray could easily happen on a containership from a cyberattack," he said. "Reefers and pressurised containers are also equally vulnerable. In terms of reefers, hackers may not be interested in food, but may be in relation to chemicals and dangerous goods.
"You could imagine a stowage plan being altered and containers being put in the wrong place."
Cyber security should be seen as an act of seaworthiness and due diligence in the same way that the International Safety Management Code was.
The IMO's Maritime Safety Committee adopted Resolution MSC 428(98) in 2017 to give guidance on good practice in cyber security. "We do have IMO MSC 428, but again compliance is not enough, the same way that a vessel being in class does not mean it is seaworthy," Mr Dean said.
The bigger issue, however, was the commercial one. "You have tight turnaround times in ports, so there is less time to remediate," he said. "The costs of delay are enormous. We need to be looking at protection against the key financial exposures."
The solutions included undertaking a maritime cyber security review. Operational technologies on board ships needed to be reviewed as well.
"There are many high-risk systems on containerships," he said. "The risks are real and if they are not keeping you awake at night, they should be. But the good news is that there are solutions."