A security advisory was issued from the US Coast Guard; they put this out after a ship coming into NY in February was having a “significant cyber incident impacting their shipboard network”. The advisory mentions that shipboard systems should segment networks, eliminate the use of generic log-ins (and adding the use of 2FA), and patching systems to avoid vulnerabilities.

One of the not-surprising things they mentioned was the “common practice for cargo data to be transferred at the pier, via USB drive.” It looks like drives are going from ship to dock and back without any sort of malware scanning.

This is not a big surprise for security researchers, but the shipping industry hasn’t completely realized it’s running a something akin to a modern power plant or factory automation system with no or few computer system-related safeguards.