If you want to overcome your adversaries, you must know both yourself and your enemies, and fully understand your enemies’ intentions. Hunt & Hackett has observed an increasing activity of Advanced Persistent Threat groups (APTs) in the maritime industry. In this series of blogs, the threat posed by APTs to maritime and related industries is analyzed and it is explained what motives lie behind their cyber-attacks. In this fourth and last part, one central question is asked: what do adversaries want from the Dutch maritime industry?
The Netherlands has a strong position in the maritime industry as one of the global leading nations. Centuries in buildup of know-how have resulted in a flourishing and world-renowned industry which resonates all over the globe. Companies such as Damen Shipyards, SBM Offshore, Huisman and Royal Boskalis are just a few examples of leading enterprises in global maritime industries. There are some terrains of expertise where there are few countries that are more developed than the Netherlands. This is because the maritime industry in the Netherlands has dedicated itself to the development of high-tech products since the 1980s.
This approach has been successful and has resulted in the dominance of the Netherlands in certain specialized parts of the maritime industry. An example of this is dredging, in which the Netherlands held a global share of 14,1% in 2009, only to see it grow to 36,1% in 2018. Also, Dutch shipbuilder Damen Shipyard has obtained a €5.5 billion contract for the construction of four German warships. These examples, even without mentioning the Port of Rotterdam, clearly demonstrate that the Netherlands’ expertise has resulted in a global frontrunner position.
According to a study conducted by MENON in 2018, the Netherlands especially excels in innovation related practices: ICT systems, knowledge creation and R&D. Noteworthy is that China and Russia, who are also included in the study, score particularly low on these three categories, meaning the Netherlands has a high comparative advantage over two countries notorious for their habit of (corporate) espionage and information theft. Not included in the study are Iran and North Korea, but it is not hard to imagine that the Netherlands has an even larger competitive advantage over them.
Figure 1 - Dutch tugs at work to get the Ever Given loose.
The development of high-tech products requires significant resources, which is a very capital and time-consuming process. Countries that are catching up to the level of sophistication some countries in the global West have already accomplished, often do not have the capital nor the willingness to await lengthy R&D projects. Yet, as they have a clear need to leapfrog the innovation cycle, they often prefer to hatch their bets and complement their own R&D efforts with an easier way, they choose the illicit path.
Through offensive cyber-operations, the offensive nations can get their hands on companies’ most valued and hard-earned trade secrets. Decades of investments and R&D projects that have secured an advantage not only over competing companies, but also over other nations entirely, can become lost to hackers. Therefore, it is vital that companies do not limit themselves by seeing cyber risks exclusively as an IT-issue. Organizations in the maritime sector need to protect themselves from these (advanced) attackers to protect their innovations and competitive advantage to ensure that they don’t lose their leading positions in the global maritime market.
So, what to do with this threat landscape information? Firstly, these industry specific blog-series are meant to raise awareness and educate organizations about their threat landscape. Secondly, the series aims to share some insights on how Hunt & Hackett goes about defending organizations against specific threats. This is the reason why Hunt & Hackett tracks APTs, their TTPs and Tools. In cybersecurity, this adversary-central approach is also known as Threat Modelling.
Hunt & Hackett works for innovative companies, in maritime and related industries, that invest a great deal in their R&D departments and want to keep their (trade)secrets just that: secrets. The approach we provide our customers with is data-driven, and focuses on the adversary: what attacking techniques do they apply and how can we defend from them? This is the reason why Hunt & Hackett tracks APTs, their TTPs and Tools.
Having an adversary-central approach, that is within the cybersecurity community also known as Threat Modelling, is required to make the threat landscape actionable. With this approach the Tactics, Techniques and Procedures (TTPs) and tools of a set of relevant adversaries form the basis to build-up the defenses of an organization. This specific threat picture can then be translated into specific security controls (e.g. CIS, NIST, ISO) and data-sources to log and actively monitor. How this can be done is outlined in some of our previous blogs:
- Threat Modelling as starting point;
- Applied Threat Diagnostics;
- Insights: the driving force behind a digital immune system.
Figure 2 – Hunt & Hackett has observed an increasing cyber-threat in maritime and related industries.
This blog concludes this Hunt & Hackett series of blogs on the increasing cyber-threat in the maritime and related industries are facing (see figure 2, which outlines the increase of APT activity over the years). Detection & response plays a key role in defending an organization against the maritime and related industries specific threat landscape. As not all MSSP/MDR offerings are equal, Hunt & Hackett has written an ‘Buyer's Guide to Managed Detection & Response (MDR)’ that can help organizations select a modern MDR-solution that best fits their needs.