A ransomware attack at a commercial and defence shipbuilder in Wisconsin highlights the vulnerabilities of manufacturing operations, including shipbuilders, to the threats of cybersecurity.
Fincantieri Marinette Marine was targeted by a cyberattack in the early morning hours of April 12, 2023. Large segments of data on the shipyard’s network servers became unusable because of the efforts of an unknown professional group. In ransomware attacks, offenders encrypt information on a server and then set terms, including monetary payments, to provide a ‘key’ to unlock the data.
Computer numerical control
Systems impacted at Marinette Marine included data that drives the shipyard’s computer numerical control (CNC) manufacturing machines, knocking them offline. CNC machines translate specifications developed using design software into instructions to operate manufacturing devices such as welders, cutters and other computer-controlled tools.
CNC machines translate specifications developed using design software into instructions
Fincantieri Marine Group “Immediately isolated the systems, reported the incident to relevant agencies and partners, and brought in additional resources to investigate and to restore full functionality of the affected systems,” says the company.
Industrial control systems
The company’s email and other networked operations remained off-line for several days. “This [incident] highlights the potential impact of cyber-attacks on industrial control systems and the need for robust detection mechanisms to identify and respond to such threats promptly,” comments Carol Volk, Chief Marketing Officer of BullWall, a cybersecurity solution provider specialising in ransomware containment.
“Even if data theft did not occur, the disruption caused by the attack can have significant operational and financial implications,” says Volk. The shipyard in Wisconsin builds the U.S. Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided missile frigates. The yard is currently under contract to build four combatants for Saudi Arabia and three frigates for the U.S. Navy.
First visible risk
The implications for a possible broader impact of the attack on the U.S. Navy is a concern
The implications for a possible broader impact of the attack on the U.S. Navy is a concern. “In addition to seeing ransomware groups with financial gain as their main goal, we also see ransomware applied as a way to divert attention when attackers are creating a ‘smoke screen’ with different objectives in mind,” says Roy Akerman, Co-Founder and CEO, Rezonate, another cybersecurity firm.
Other objectives include propagating through the network and creating backdoors for other, more lucrative motivations. “Especially here, in the case of the U.S. Navy, there is an increased risk of ransomware being the first visible risk while other true intentions remain stealthy,” adds Akerman.
Employee personal information
Fincantieri Marine Group is part of Fincantieri SpA, based in Trieste, Italy. However, the cybersecurity incident was limited to U.S.-based locations and systems, which include shipyards in Marinette, Sturgeon Bay and Green Bay, Wisconsin.
However, the cybersecurity incident was limited to U.S.-based locations and systems
The locations combined employ about 2,300 people, but there is no indication that employee personal information was compromised. A cyberattack, as defined by the National Institute of Standards and Technology (NIST), is a digital attack that targets an organisation to disrupt, disable, destroy, take information, or take control of computers, networks or digital systems.
Detection and containment capabilities
Lockheed Martin, the Freedom-class prime contractor, issued a statement on the incident: “We face threats every day from sophisticated adversaries around the world, and we regularly take action to increase the security of our systems and to protect our employee, customer and program data.”
“While preventative measures are crucial, it is important to acknowledge that motivated cybercriminals are constantly evolving their tactics and can often stay one step ahead,” adds Volk. “As such, detection and containment capabilities should be considered as ‘must have’ defences in addition to preventative measures.”