An assessment by Norwegian authorities finds that its maritime and oil and gas sectors have recently been victims of cyber campaigns specifically targeting companies in the US, Europe and the Middle East and advise companies to be prepared for continuous activity in the short to medium term.
In a recent information letter to the maritime sector, the Norwegian National Security Authority (NSM) advises of an increase in the number of cyber campaigns targeting several different sectors since June 2019 and states that both the maritime sector and the oil and gas sector have been victims of such targeted attacks.
To this date, the campaigns have used social engineering techniques in e-mails and in personal messages through social media, primarily LinkedIn, but also WhatsApp and Facebook Messenger to:
While the scope of these campaigns and the subsequent incidents are reportedly global, “companies in the United States of America, Europe, and the Middle East have been the main targets”, says the NSM. It also establishes that the threat actors have demonstrated high ability and capacity to conduct their operations.
Based on the current situation and the risks found, the NMS advises companies and organisations to be prepared for attempts of cyber activity with malicious intent in the short to medium term. It also states that both obvious and less obvious companies may be affected, which means all types of ships as well as shipowners’ land-based infrastructure can be vulnerable to cyber incidents. In a statement of 19 August 2019, the Norwegian Maritime Authority (NMA) further emphasizes that: “Especially shipowners that operate in ISPS/MARSEC level two areas or higher should be aware of the situation.”
Although the NSM’s information letter is directed at Norwegian companies, we advise all ship operators and companies with responsibility for infrastructure onboard ships to continuously monitor and review digital security and to follow the recommendations made, including:
Among the recommended counter-measures, the importance of carrying out cyber security awareness training is highlighted. All ‘users’, including seafarers, shore staff and other relevant personnel, should:
Ship operators should also pay close attention to any cyber security advice provided by their national security authorities. As an example, Norwegian companies are advised to follow the NSM’s “Fundamental principles for information and communications technology (ICT) security” as well as its “Measures and recommendations concerning social media” (both are in Norwegian only). We also recommend ship operators and seafarers to report all suspicious activity and breaches of security to their flag administrations and/or national security authorities, as this will support their work to monitor ongoing cyber threats and risks.
For additional recommendations related to cyber risk management, please refer to our publications “Ship operators cannot afford to turn a blind eye to cyber security” of 10 July 2019 and “It is time to strengthen your onboard cyber security procedures “of 12 December 2018. Our loss prevention awareness video produced in cooperation with DNVGL may also be useful in terms of carrying out awareness training.
Ship operators are also reminded that cyber risks must be appropriately addressed in ships’ existing safety management systems, as defined in the ISM Code, no later than the first annual ISM audit after 1 January 2021. Guidelines and best practices for implementation of cyber risk management are described in IMO’s MSC-FAL.1/Circ.3, as well as in the industry guidelines “Cyber security onboard ships”.