Cyber Piracy on the High Seas

CYRIN Newsletter

Cyber Piracy on the High Seas

What if pirates didn’t have to board ships they wanted to rob? What if they could do all of their piracy from their laptops?

Movies are filled with images of pirates taking over ships on the high seas – but in this technological age, there’s now a version of piracy where they can launch their attacks right from the shore.

A recent Bloomberg article by Brendan Murray reported that “two key players in the global shipping industry” were attacked this month, “adding short-term complications to supply chains already straining ahead of peak season for consumer demand.” According to Bloomberg these are just the newest in a series of cyber incidents that have “afflicted the shipping industry in recent years, the biggest of which was an intrusion that cost Copenhagen-based A.P. Moller-Maersk A/S about $300 million in 2017.”

How does this affect the rest of us? It can’t a be a good thing that some parts of the shipping industry and the global supply chain are under attack. But other than creating issues for some of these large shipping companies, is it really a problem? Actually yes, the shipping industry is the canary in the coal mine. It’s all about the touchpoints.

The shipping industry is concerned about efficiency, so whenever possible, everything is connected – GPS, trucks, cranes, and the ship itself. New ships, both cargo and passenger, are being developed with even more features. One benefit is optimization of routes. With the Internet of Things (IoT), a ship’s position can be tracked live, and location information can be sent to other ships on the same network, allowing the captain to change route if necessary. Status of cargo containers can be tracked. Refrigerated containers can be monitored for temperature fluctuations, so corrections can be made quickly. All the ship’s equipment, including engines, can be monitored and repaired at the first sign of trouble.

But this efficiency comes at a cost. These “touch points” – places where a company’s business and people intersect with internet technology – are vulnerable to attack. These touch points radiate out via devices, application groups, service sectors, and locations, affecting every portion of a business. And, as noted in this article from Supply Chain, those touch points are also entry points for the “bad guys.”

Though the industry has worked hard to protect its ships from hacking, they have not done as well at protecting their shore-based technology, argues Catalin Cipanu in a recent article on ZDNet.

As we move to the Internet of Things in the consumer and business markets, we have to remember that efficiency must be partnered with protection. National Cyber Security Awareness Month is a good reminder that everyone needs to up their security game. As we move indoors, hold more meetings online, and become more digitally interconnected, we need training to deal with the new reality of the workplace. A worldwide pandemic can accelerate already existing digital trends, impacting all industries and creating more vulnerable “touchpoints.”

At CYRIN, we’ve been developing answers for our changing world for years with our advanced online simulated training. The education comes to you, through your computer, at your convenience. That means that you do not have to show up at a physical site. You do not need a teacher standing in front of you. You do not need an instructor to assist you. You do not have to wait for your grade to understand how you are doing or how you might improve. And you can practice on a real-world system, as often as you like. CYRIN’s next generation cyber-range allows you to have your own sandbox where you use real tools, respond to real attacks, and use real scenarios to hone your skills in a virtual environment.

We even have a scenario from the shipping industry. In one of our Level 2 Exercises – Conduct a Data Leak Investigation – students become a security officer for a shipping company whose trucks have been hijacked repeatedly by a criminal organization. Students are tasked with finding who is leaking the information and how it’s being done. Is it someone from inside the organization or someone on the outside? CYRIN plays out several real-life scenarios like this one to help your team and your company be prepared and protected.

The U.S. Department of Homeland Security’s theme for this year’s Cybersecurity Awareness Month is Do Your Part. #BeCyberSmart. They encourage us all to use best cybersecurity practices, support our colleagues and communities to adopt good security habits, and work to educate others to make our interconnected world safer. From protecting our personal devices (computers, phones, smart TVs, doorbells, baby monitor, etc.), to protecting the networks at our workplaces, to protecting the technological systems that keep us safe (healthcare, for example, or the electric grid) – we have our work cut out for us. But if we all commit to making “cybersecurity a part of our lives” we can build a better protected world.

< Read other CYRIN Newsletters

Contact Us for details to Set Up a CYRIN Demo

Watch CYRIN: The Next-Generation Cyber Range

Learn More About How CYRIN Online Training Can Benefit You