So you think ransomware doesn’t affect you? Well, here’s something to ponder: attacks on container vessels

“Force majeure” is “an unanticipated or uncontrollable event that releases a company from fulfilling contractual obligations”.

Short version: they’ve been hit by a ransomware attack. Goods aren’t moving and some companies are struggling.

The Durban container terminal

 

28 July 2021 – Ships have started to bypass South African ports, and many more may now do so, after Transnet declared “force majeure” at its port operations on Monday. Container vessels that had been due to call at both Cape Town and Durban had been diverted, shipping agents said, in one case to the Port of Maputo, and in other cases onwards to its Asian stops, bypassing the continent entirely.

Importers – already struggling with shortages of key goods – will now have longer to wait for containers on those ships. Just how long is not yet clear; a global shipping crisis and shortage of some types of containers already has the industry overall scrambling. Those same troubles have made shipping lines allergic to delays they can not quantify.

Real time vessel movement around the Cape Town port, via Myshiptracking.com

In a statement on Tuesday morning, Transnet said its “force majeure” declaration on Transnet Port Terminals “is expected to be lifted soon”, but provided no other details on its timeline, or the underlying cause:

“The terminals are berthing vessels as planned and facilitating loading and discharge operations with the shipping lines. We will continue to work directly with shipping lines in order to facilitate maximum import evacuation and further exports planned for future vessels. Controls have been developed, in conjunction with the shipping lines and SARS’ Customs division to ensure safe clearance and evacuation of each container.”

Logistics operators say the flow of containers had effectively ground to a halt.

Some of Transnet’s computer systems were shut down on 22 July, in what the company described only as a “disruption”. It has yet to publicly talk about the reasons, and has not answered questions. But internal employee memos and IT consultants said the company was the victim of hacking, and it told major customers that it had suffered “cyberattack, security intrusion and sabotage, and a ransomware attack”.

To the public, a smokescreen:

“It is expected that some applications may continue to run slowly over the next few days, while monitoring continues. All operating systems will be brought back in a staggered manner, to minimise further risks and interruptions”.

Major shipping companies, stung by ransomware attacks, are looking for ways to thwart money-motivated hackers from interfering with their deliveries as global economies reopen after the Covid pandemic. Companies infected with ransomware have temporarily shifted their operations offline and authorities have shut down ports. That’s left customers with tough choices: higher fees to transfer their goods to other companies at the last minute, late arrivals, or spoiled perishable goods. More broadly, the hacking disrupts global trade.

Shipping companies are part of critical infrastructure that’s fallen prey to cyberattacks in recent years, which most recently included the world’s largest meatpacker, JBS SA, and the Colonial Pipeline Co. which provides roughly 45% of the U.S. East Coast’s fuel, including gasoline, diesel, home heating oil, jet fuel, and military supplies. Supply bottlenecks are driving consumer prices higher.

Pandemic Shocks, Costs Go Far Beyond Empty Shelves: Supply Lines

Ransomware attacks on shipping firms tripled between 2019 and 2020, cybersecurity company BlueVoyant reports. The world’s four largest shipping companies – Maersk, Mediterranean Shipping Company, CMA CGM, and COSCO – were all infected by ransomware in the last four years.

Ransomware attacks encrypt victims’ files, preventing them from accessing sensitive information until they pay the hacker. Hackers can gain entry through malicious email attachments, old passwords, or other phishing techniques.

Follow the media reports and you’ll note everybody is asking “Why all of a sudden are all these critical infrastructure companies being attacked?” The short answer? These groups are all financially motivated, and they’re just looking to target new organizations that they know they’re going to get the biggest payday from due to urgency. Illustrating the urgency and the need to ensure shipping companies are operating adequately: the Ever Given, that quarter-mile container ship that got stuck in the Suez Canal for almost a week, disrupting traffic and resulting in a loss of almost $10 million per day. Its systems were hacked.

Attempts are being made, as feeble as they might be. U.S. President Joe Biden focused on cybersecurity after the high-profile attack of the Colonial Pipeline caused gas prices to skyrocket for the 50 million Americans the company says it serves. Biden, in a May executive order, pushed for improvements in security software across industries, called on the Department of Homeland Security to create a cyber safety review board, and directed federal agencies to improve information-sharing with contractors regarding cybersecurity.

But cracking down on cyber crooks is a tall order for the federal government. The maritime industry is internationally regulated, yet decentralized within the U.S.

Who’s in Charge?

Hackers can break into a ship’s proprietary records or operational technology through three major avenues: ships, ports, and companies. Each falls under a different jurisdiction. It’s complex:

– U.S. shipbuilders must abide by technological standards set by the International Maritime Organization and the Coast Guard

– But most vessels are built abroad. Those ships are subject to regulations from the IMO and their own governments, which tend to require fewer security measures than the U.S. does.

– The Coast Guard largely regulates U.S. ports, but each can range several dozen miles and has its own rules

– Onshore companies, the primary targets of recent cybercrimes, are private and competitive, and may not share security information, complicating anticipation of potential crimes.

– More than 20 federal agencies govern the U.S. maritime industry and its cybersecurity efforts.

With various jurisdictions and different organizations doing the same thing, sometimes it’s hard to draw the line between who does work and who doesn’t.

A Trump-era national maritime cybersecurity plan sought to untangle the roles and responsibilities of the various U.S. agencies that oversee maritime cybersecurity. A National Security Council official confirmed the plan is still in effect under Biden’s administration. But the White House will not respond to questions about the progress in carrying it out.

It will get worse. As the maritime sector increasingly adopts internet-connected technologies, such as electronic maps and virtual aids to navigation, the threat of a cyber-attack continues to rise. Maritime shippers transport the vast majority of U.S. overseas trade and could be a partially attractive target to cybercriminals. Cyberattacks are becoming more coordinated and companies must stay up to date with security standards. 

And even worse. Organized crime has become much more prevalent in cybersecurity than ever before. On top of organized crime, we’re seeing a massive rise in nation-state type attacks as well.

And much more worse. Not all companies have the resources to spend on high-end security technology. So shipping firms must weigh three things when preparing for ransomware attempts: (a) How high do you want your security wall to be? (b) How much do you want to pay for it? (c) And how sophisticated do you want it?”

And hackers will continue to look for new ways to carry out their 21st century piracy to obviate any solutions to hinder or stop them.