IMO and CMA CGM Work to Recover from Cyberattacks

cyberattacks on IMO and shipping industry — IMO Headquarters (file photo)

The International Maritime Organization’s (IMO) Internet website and web-based services remained down for a third day as the UN organization works to recover from what it is calling “a sophisticated cyberattack against the organization’s IT systems that overcame robust security measures.”

The attack comes as the organization that oversees the global shipping industry has been urging the maritime community to improve cybersecurity and has new guidelines pending for 2021 designed to create new safeguards in an increasingly technologically driven industry.

“The Secretariat takes its responsibilities for cyber risk management and information security management extremely seriously and has acted immediately to address the cyberattack and to implement measures to ensure the risk of recurrence is minimized,” the IMO said in its public statement. They also reported that despite the disruptions from the attack, meetings were continuing as is the work of the IMO’s offices.

The attack began on September 30 affecting the IMO’s public website, Intranet, and other web-based services. According to a statement from the organization, following the attack, the secretariat shut down key systems to prevent further damage. The IMO is working with the UN International Computing Centre and security experts to restore its systems as soon as possible. They are also investigating the attack both to identify the source and further enhance security systems to prevent a recurrence.

The technical teams have been able to restore some functions, including the GISIS database. IMODOCS and Virtual Publications. The IMO’s internal and external email systems continued to function as does the platform the IMO is using to conduct its virtual meetings. They said that the IMO headquarters file servers are located in the UK, with extensive backup systems in Geneva. The backup and restore system is regularly tested.

This was the second cyberattack this week aimed at the maritime industry as shipping giant CMA CGM Group reported on September 28 that the was dealing malware on its network. The carrier's external booking systems and other customer-facing applications were taken offline causing frustration and delays for shippers. At first, the carrier said it was limited to “peripheral servers” and that it had taken actions to limit the spread of the malware.

In follow-up statements, it became apparent that the attack at CMA CGM had been more widespread and the carrier later said that it suspected there had been a data breach and that it was “doing everything possible to assess its potential volume and nature.”

CMA CGM’s teams worked all week to bring the carrier’s systems back online. In the latest update, they said that some functionality and subsidiaries had been restored. However, the eCommerce websites were offline on October 2 with the carrier offering alternatives to aid with bookings.

Some observers have begun to question the timing of the two cyberattacks looking for possible connections or coordination. Others have questioned the timing of the attack specifically on the IMO, a UN organization, which has been especially outspoken recently calling attention to the plight of seafarers around the globe.

The maritime world has been subjected to other cyberattacks in recent years which have affected the largest carriers as well as ports and other organizations. The increasing rate of attacks underscores the importance of the industry increasing its cyber protection efforts as ships becoming increasingly technology-driven and connected via cloud computing.