Copenhagen: CyberKeel, which focuses on cyber security in the maritime sector, has warned a number of important shipping websites could be taken over easily by hackers.
On April 14 Microsoft released a software patch related to a vulnerability found in all versions of Windows. The application, which is most affected, is used to host webpages. According to Microsoft, the vulnerability could at worst result in someone else taking control of the webserver over the internet.
Cybersecurity experts at CyberKeel decided to test to which degree the maritime sector remained vulnerable to this risk. Spot checks were performed on 50 different maritime sites. First they were tested to see whether the webservers were using Microsoft, and if they were, whether they remained vulnerable. The result was that 37% of the webservers using Microsoft had not been patched, and hence remained vulnerable.
The vulnerable sites included three major container carriers, which Splash has learnt are MSC, Hapag Lloyd and Hamburg Süd, as well as important systems at a number of ports, such as the vessel traffic management system in Gothenburg, the road haulier identity system in Felixstowe and the main site of the Copenhagen port authority.
CyberKeel’s CEO, Lars Jensen, commented: “Complex systems, such as those provided by Microsoft, are often in need of software patching to plug security holes. Companies need their IT departments to be able to quickly install software patches, as the hacker community operates on decidedly short timeframes. As an example, it took less than 12 hours from the point where Microsoft released the patch, until you could find simple instructions on the internet as to exactly how to exploit this weakness to cause a denial of service.”
CyberKeel was recently participating in a symposium at Rutgers University organized in part by a department of Homeland Security. Therein Vice Admiral Charles Michel of the US Coast Guard told of an incident whereby a hacker brought a port on the US eastern seaboard to a standstill. According to Jensen, this shows that the risk to the maritime community is real, and it is worrying that even simple security measures such as applying software patches are not ingrained in the industry.
As well as CyberKeel, Jensen runs container shipping analysis firm SeaIntel. He also contributes to our sister title, Maritime CEO magazine.