Cybersécurité dans l'espace: comment Thales relève les défis à venir
Understanding the cyber threat:
With 80% of world trade by volume and 70% by value, the shipping industry is at the heart of the various supply chains, making its operation critical at the economic and strategic level. The sector’s need for efficiency has driven the maritime industry to increasingly integrate IT systems into existing OT systems, whose limited connectivity had reduced the risk of intrusion for many years. Today, the increasing digitalization of the maritime sector induces a significant cyber risk on ports, communication channels and vessels by creating opportunities for malicious actors to destroy them.
The explosion in the trade of goods by sea, the increase in carrier capacity, and industrial digitization have increased the complexity of the maritime industry environment. Operational needs for competitiveness have pushed ships and ports towards automation of systems and integration of IT with OT. Yet, by connecting these two models, the maritime industry has expanded the surface, while neglecting cybersecurity investments.
The COVID 19 pandemic by inducing travel restrictions forced original equipment manufacturers (OEMs) to connect standalone systems to the internet, making them vulnerable. These OEMs have also asked port personnel to establish brief connections between the terrestrial network and their OT system in order to perform security updates. These connections, by creating entry points, expose already permeable OT systems.
The first half of the year 2020, marked by the COVID-19 pandemic, has exponentially increased the cyber risk on maritime transport. In fact, over this period, attempted attacks increased by 400%. Over the three years prior to the pandemic, cyberattacks targeting ships and port systems had surged by nearly 900 percent. In 2021, the Port of Houston was the victim of a cyberattack, carried out by advanced threat actors, creating a sense of security urgency among shipping stakeholders.
The blocking of the Suez Canal by the Ever Given cargo ship symbolizes the potential damage of a cyber attack on a ship’s navigation system, resulting in the daily loss of $10 billion in trade. While an intrusion on the IT system can result in financial losses as well as reputational damage, the compromise of the OT system can have consequences on the physical safety of a ship and its crew. By taking control of a ship containing sensitive products (vaccines, liquid energy supply), an attacker has a major destructive potential that may appeal to certain malicious actors.