Lars Jensen, the CEO of SeaIntelligence Consulting has expressed concern for the shipping industry’s security following the Maersk cyber-attack, stating that 44% of carriers show signs of low levels of cyber security “related to very basic elements”.
In an article he posted on LinkedIn, Jensen criticised Maersk’s security following the ransomware cyber-attack saying it “cannot be categorised as high” and adding that “the industry in general still has a significant problem.”
According to an analysis performed in a security assessment provider CyberKeel, 10% of carriers and 20% of the sampled ports and terminals have still not patched the vulnerabilities related to the ‘Poodle’ and ‘Heartbleed’ cyber threats which emerged almost three years ago.
The analysis shows how old some of the servers in use are, meaning a hacker could easily gain access to important port terminal servers and access ecommerce tools by downloading tools available on the internet.
Jensen claimed that in one example, a top five carrier considered the password “12345” to be of “medium” strength.
“One top 20 carrier allows shippers using their ecommerce platform to use ‘x’ as their password,” he added.
Jensen insisted that although it is impossible to be completely safe from cyber-attacks security measures should be in place to prevent attacks spreading.
“The fact that it spread within Maersk, and even across multiple different business units, shows that a lateral spread inside the network was not prevented, and consequently the security level cannot be said to be high,” he said.
Jensen went on to criticise the length of time it has taken Maersk to get operations back to normal.
Six days after the attack phone systems were still down in some countries, bills of lading were unavailable in others, websites of all the brand lines were still offline and some terminals were still operating at reduced capacity.
However, he did praise Maersk’s contingency plan to get “rudimentary functions” back into place within 36 hours of the attack.
“Given the state of affairs in the industry at large, it is crucial that the maritime companies look at the Maersk case and learn from it and create more robust and resilient systems – otherwise this will not be the last time we see such challenges arise,” he said.