Jason P. Atwell, Principal Advisor for Global Intelligence, Mandiant, Inc.
As the war in Ukraine drags out, the maritime sector will continue to feel increasing pressures. Not least because of cyber threat actors exploiting the environment. Russia knows how vital the maritime sector is for its survival and that of its economic and military opponents.
The Black Sea is a key part of Russia’s strategic goals in its invasion of Ukraine. If Ukraine is denied access to this body, it will severely undermine its independence as a country state. The Baltic Sea and its ports account to 70-85% of all oil exported from Russia. However, the Artic Ocean, its associated terminals, and most of the rest account for the majority of the rest. Russia’s economic health is dependent on two bodies of water. The Artic is crucial for any Russian efforts to remove sanctions from its oil and natural gas industry by bypassing ports and waters of unfriendly countries. Russian flagged vessels are being rapidly banned from most western ports. This further strengthens the maritime sector, which is critical to Russia’s ability to support its economy and wage war.
Deep water ports are also an efficient way to move large military goods into Europe. This is both to strengthen NATO forces and to transport heavy weapons to Ukraine. It is only a matter time before a major cyber-attack in the maritime domain causes havoc on this conflict, whether it be the most advanced Russian threat group, lowly criminals, or other actors like China or Iran.
What can individual captains of ships and harbor masters do in order to survive in this dangerous environment?
When the industry has the highest levels of technology, safety, and training, it might seem like it is difficult to protect yourself against Russian hackers or intelligence agents. The rapid digitization and optimization maritime supply chain chains has resulted in a tech-rich industry with a much larger attack surface. This attack surface requires a renewed effort to define roles across the enterprise in cybersecurity. This is especially important in the face of a crisis such as the one in Ukraine. This means that everyone can play a part, from a tugboat crewman down to a crane operator or maintenance worker on an Oil Rig. The good news? Many of the best practices can be easily incorporated into existing safety procedures and operating procedures.
The decision-makers in maritime can reexamine technology’s role in their ability and ability to operate starting at a very high level. This involves reexamining technology supply chains to assess exposure to products made in countries like China and Russia that could make them vulnerable. It also means that technology risk management must be reviewed. Decision-makers must ask themselves what the likelihood and potential impact of any disruption. Technology deploymentBefore integrating it into the company’s operations.
Technology operators need to ensure that equipment that relies on a computer network connection or software update is properly protected. This can be done through strong, cycled passwords, physical access restrictions, or software updates. This applies to everything: from ships’ navigation systems to computers used to schedule and maintain inventories at ports, this applies to all. This is where it is critical to ensure that the footprints and signatures are appropriately managed. That is to say, accurate inventories as well as complete knowledge about what is and isn’t connected or networked at ports are essential for securing them.
Finally, at the individual level, we all play a role in cybersecurity, especially in a rapidly-evolving threat environment. Not sharing passwords or holding each other responsible for bad password habits (sticky notes and repeated patterns anyone?Be suspicious of unsolicited email, social-media direct messages and cellular texts that could indicate phishing. All of these elements work together to protect an organization from the most common and probable attacks.
In addition, it is important that teams and managers have open discussions about the what-ifs of technology and networks in this environment. Crews should demand that everyone ashore think about the impact on their operators if a new system is hacked or compromised. Similarly, those who make procurement decisions should implement appropriate security controls when supplying a system operator. To ensure resilience and survival in the event of a ransomware attack or large-scale breach, organizations need strong continuity plans and incident response planning.
Companies should prepare for the possibility of an attack in the current cyber-threat environment. It is never too late if you have the right relationships and retainers, both internal and externe, to help you weather a cyber attack. Every employee at every level of an organisation has a vital role to play.
Jason P. Atwell, Principal Advisor to Global Intelligence Mandiant, Inc.The global leader for dynamic cyber defense and response.