Petya Cyber Attack Strikes Ships, Terminals

A global cyber attack spread worldwide June 27, striking multiple shipping operations, including carrier lines and terminals. Internal systems as well as online booking applications were shuttered, causing port closures and potentially serious problems with terminal operating systems that control cargo logistics and ship berthing among many other terminal functions.

The virus, called Petya, is based on the leaked “EternalBlue” code from the National Security Agency and works on vulnerabilities in the operating system of Microsoft Windows, using a fake digital signature to spread from network to network. The virus presented itself as ransomware, but officials in the Ukraine, which was heavily affected, said the goal was to disrupt economic systems.

One of the world’s largest container shipping lines reported its IT systems were down and all of its business units were affected, including container shipping, port and tug boat operations, and oil tankers. It didn’t report specifically what effects the virus had on those operations, but it did report that its port operator subsidiary had been hacked, affecting at least 17 terminals across several nations.

The effects on tankers and other ships is of particular concern since failures in those IT systems could lead to multiple kinds of environmental hazards. Some container ships have computerized plans for discharging ballast water to keep water on board until it can be discharged in the same locale it was taken in. Ships also use on-board computer systems to control ballast management, including bilge water. If those systems are compromised and the ballast operator loses control, not only could an environmentally damaging discharge occur, the entire ship could be at risk. From bilge water to food waste, systems on board ships work in tandem with a built-in global positioning system (GPS) to ensure compliance with MARPOL and U.S. Coast Guard regulations on discharge. Hackers that lock systems or tamper with them in other ways could cause environmental damage. The current international legal and forensic system is not set up to deal with penalizing the cyber criminals, and many shipping companies’ insurance policies have cyber-crime gaps.

It is crucial that ship operators and all terminal managers update their anti-virus systems immediately and continuously. Patches are being developed and disseminated, but the hackers are ahead of the curve, so the white hats are playing catch-up and will be for months at least. If you are using a legacy system that is no longer supported by the developer, you could have serious cyber-security problems. It is time to talk to your IT and budget team about your priorities.

At terminals, control over pipelines receiving waste or product could be jeopardized. If systems cannot be shut down or reverted to backup management computers quickly enough, environmental and life-threatening accidents could result. If GIS systems are compromised, terminal operators could lose their ability to monitor hazardous materials or a cleanup that is in process. Can you imagine if automated crane operations suddenly lost access to their order of operations? Or if port supervisors went “blind” and could no longer monitor what was being moved where? Or if valves in pipelines accepting intake were automatically closed?

Paradoxically, one major, international, process management provider advertises that “digital automation contributes greatly to…safety, health and the environment.” While efficiencies and communications may well be improved by automation, without serious attention to cyber security, Petya’s effect on the shipping industry could prove to be the canary in the coal mine. In another ironic event, it was only six days earlier that Rolls-Royce and Svitzer announced they had demonstrated the world’s first remotely operated commercial vessel. Rolls-Royce says remote and autonomous commercial shipping will be a reality by 2020. Hopefully, cyber-security capabilities will match those developments.

Since 1971, WQIS has been involved in more vessel pollution events than any other marine pollution provider. Having the right team immediately available in the event of a loss is crucial for mitigating damages, getting clients back to an operational status and the claims process. Our team is made up of an extensive network of trusted professionals to assist from the moment a spill occurs until the spill is cleaned up. For more information about our insurance solutions and services, call us at 212-292-8700.