Download PDF version

A ransomware attack at a commercial and defence shipbuilder in Wisconsin highlights the vulnerabilities of manufacturing operations, including shipbuilders, to the threats of cybersecurity. 

Fincantieri Marinette Marine was targeted by a cyberattack in the early morning hours of April 12, 2023. Large segments of data on the shipyard’s network servers became unusable because of the efforts of an unknown professional group. In ransomware attacks, offenders encrypt information on a server and then set terms, including monetary payments, to provide a ‘key’ to unlock the data.

Computer numerical control

Systems impacted at Marinette Marine included data that drives the shipyard’s computer numerical control (CNC) manufacturing machines, knocking them offline. CNC machines translate specifications developed using design software into instructions to operate manufacturing devices such as welders, cutters and other computer-controlled tools.

CNC machines translate specifications developed using design software into instructions

Fincantieri Marine Group “Immediately isolated the systems, reported the incident to relevant agencies and partners, and brought in additional resources to investigate and to restore full functionality of the affected systems,” says the company.

Industrial control systems

The company’s email and other networked operations remained off-line for several days. “This [incident] highlights the potential impact of cyber-attacks on industrial control systems and the need for robust detection mechanisms to identify and respond to such threats promptly,” comments Carol Volk, Chief Marketing Officer of BullWall, a cybersecurity solution provider specialising in ransomware containment.

Even if data theft did not occur, the disruption caused by the attack can have significant operational and financial implications,” says Volk. The shipyard in Wisconsin builds the U.S. Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided missile frigates. The yard is currently under contract to build four combatants for Saudi Arabia and three frigates for the U.S. Navy.

First visible risk

The implications for a possible broader impact of the attack on the U.S. Navy is a concern

The implications for a possible broader impact of the attack on the U.S. Navy is a concern. “In addition to seeing ransomware groups with financial gain as their main goal, we also see ransomware applied as a way to divert attention when attackers are creating a ‘smoke screen’ with different objectives in mind,” says Roy Akerman, Co-Founder and CEO, Rezonate, another cybersecurity firm.

Other objectives include propagating through the network and creating backdoors for other, more lucrative motivations. “Especially here, in the case of the U.S. Navy, there is an increased risk of ransomware being the first visible risk while other true intentions remain stealthy,” adds Akerman. 

Employee personal information

Fincantieri Marine Group is part of Fincantieri SpA, based in Trieste, Italy. However, the cybersecurity incident was limited to U.S.-based locations and systems, which include shipyards in Marinette, Sturgeon Bay and Green Bay, Wisconsin.

However, the cybersecurity incident was limited to U.S.-based locations and systems

The locations combined employ about 2,300 people, but there is no indication that employee personal information was compromised. A cyberattack, as defined by the National Institute of Standards and Technology (NIST), is a digital attack that targets an organisation to disrupt, disable, destroy, take information, or take control of computers, networks or digital systems.

Detection and containment capabilities

Lockheed Martin, the Freedom-class prime contractor, issued a statement on the incident: “We face threats every day from sophisticated adversaries around the world, and we regularly take action to increase the security of our systems and to protect our employee, customer and program data.”

While preventative measures are crucial, it is important to acknowledge that motivated cybercriminals are constantly evolving their tactics and can often stay one step ahead,” adds Volk. “As such, detection and containment capabilities should be considered as ‘must have’ defences in addition to preventative measures.”

Download PDF version Download PDF version

Author profile

Larry Anderson Editor, MaritimeInformed.com

An experienced journalist and editor, Larry is MaritimeInformed.com's eyes and ears in the fast-changing maritime marketplace, attending industry and corporate events, interviewing maritime leaders and contributing original editorial content to the site. He leads MaritimeInformed.com's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for maritime professionals. Larry also commissions Expert Commentary / Thought Leadership features, providing a platform for the industry's top executives to comment on the dynamic maritime industry.

In case you missed it

Transforming maritime operations with augmented reality
Transforming maritime operations with augmented reality

Augmented reality (AR) is making waves across various industries, and maritime is no exception. For maritime professionals, AR offers practical, real-time solutions that enhance sa...

NAPA Logbook enhances data collection for Anthony Veder
NAPA Logbook enhances data collection for Anthony Veder

Anthony Veder, a gas shipping company, has strengthened its partnership with NAPA, a global provider of maritime software and data services, to expand the use of electronic logbook...

Sustainable marine coating solutions from PPG
Sustainable marine coating solutions from PPG

PPG has announced its 50th order for the electrostatic application of marine fouling control coatings. The project will be carried out on the VLCC SIDR, a 336-metre oil tanker ope...

vfd