US Coast Guard warns about malware designed to disrupt ships' computer systems

US Coast Guard also shares a list of cybersecurity best practices for commercial vessels.

US Coast Guard

The United States Coast Guard has sent out two security alerts over the course of the last three months, highlighting a problem with the cybersecurity practices aboard commercial sea vessels.

The first alert was sent out in late May, and Coast Guard officials warned about an ongoing wave of email spear-phishing that spread malware to commercial vessels.

The emails posed as coming from the official US Port State Control (PSC) authority, and the Coast Guard's alert was sent to put maritime stakeholders on alert about ongoing attacks that were specifically targeting ship operators.

At the time, the Coast Guard desribed the malware distributed by this malspam campaign as "malicious software designed to disrupt shipboard computer systems," but did not go into details or provide any copies or file hashes.

Second alert discloses about February 2019 incident

However, the US Coast Guard sent a second alert yesterday.

The US Cost Guard said it published this second alert after it was made aware of a cyber-security incident that impacted a vessel on an international voyage bound for the Port of New York.

Coast Guard officials said the incident took place in February 2019, and the ship "reported that they were experiencing a significant cyber incident impacting their shipboard network."

A subsequent investigation carried out by the Coast Guard and other agencies found that "although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted."

"Nevertheless, the interagency response [team] found that the vessel was operating without effective cybersecurity measures in place, exposing critical vessel controlsystems to significant vulnerabilities," the Coast Guard said.

The Coast Guard didn't say if the February incident had been caused by the same malware it detected and described in the May alert.

Besides alerting maritime stakeholders about the recent attack, Coast Guard officials also included guidance on basic cyber-security practices that can be implemented to improve the security posture of computer networks found aboard a ship. Summarized, these are:

  1. Implement network segmentation.
  2. Create network profiles for each employee, require unique login credentials, and limit privileges to only those necessary
  3. Be wary of external media
  4. Install anti-virus software
  5. Keep software updated

"It is unknown whether this vessel is representative of the current state of cybersecurity aboard deep draft vessels," the Coast Guard said.

"However, with engines that are controlled by mouse clicks, and growing reliance on electronic charting and navigation systems, protecting these systems with proper cybersecurity measures is as essential as controlling physical access to the ship or performing routine maintenance on traditional machinery. It is imperative that the maritime community adapt to changing technologies and the changing threat landscape by recognizing the need for and implementing basic cyber hygiene measures," the agency said.

Ship cybersecurity incidents happened many times before

The two US Coast Guard security alerts are not really that surprising for industry experts. A report published in December 2018 by a conglomerate of 21 international shipping associations and industry groups highlighted a plethora of cyber-security problems aboard ships, where investigators found ransomware, USB malware, and worms on numerous occasions.

On a side note, if readers need another basic intro to securiting computer networks, in April this year, the Australian Cyber Security Centre published what it calls the Essential Eight -- a list of mitigation strategies that organisations can use as starting points to improve their cyber resilience, which can also be applied to computer networks installed aboard a ship.

Related government coverage: