The shipping industry is a critical component of global trade, with approximately 90% of world trade carried by sea. As the industry becomes increasingly digitized, it also becomes more vulnerable to damaging cyberattacks, with 23,400 malware and 178 ransomware detections registered in the first half of 2024 alone, according to a recent Marlink report.
The early adoption of technology in the maritime industry, like electronic navigation systems, created basic vulnerabilities that allowed unsophisticated cyber-attacks to be introduced. While these incidents were seen as accidental or opportunistic, they highlighted the industry’s lack of strategy and defense against cyber threats.
As the industry has developed and embraced more advanced technologies, so has the surface of attacks. Threat actors are quickly adopting new, AI-enabled techniques to increase the volume and sophistication of their attacks. Our latest threat intelligence shows the cyber threat landscape is a maelstrom of groups exploiting the latest vulnerabilities and utilizing new or updated malware families to target commercial enterprises and critical infrastructure.
Attackers can now gain prolonged access to networks containing sensitive information and use this to disrupt crucial operations, through a single point of entry. In the last year alone, marine giant, Brunswick Corporation has grappled with a cyberattack that disrupted their operations for nine days, causing a material impact of $85 million. Additionally, the European cargo shipping industry was targeted by Chinese threat actors earlier this year, who gained access to not only the office systems but also aboard the cargo vessels using a USB drive.
The reality is that cyberattacks at sea have the potential to be significant and long-lasting. Onboard system failures and compromises can put the safety of the crew and ship at risk. GPS spoofing or jamming can lead to collisions and grounding, while attacks targeting engine controls or ballast waste management systems can lead to crucial failures that increase the risk of environmental disasters like oil spills.
With the global maritime digitization market expected to grow by 14.2% by 2031, the industry will continue to face persistent threats from well-funded criminal organizations and state-sponsored actors. So, how can the maritime industry combat this growing threat?
Measuring the scale of potential disruptions
A key challenge for the maritime industry is operational technology lacking security capabilities like strong authentication found in IT systems. Meanwhile, reliable connectivity can be tough to come by while at sea or in remote parts of the world, and this greatly decreases the efficacy of most cybersecurity tools (but not all). Too many systems are cloud-dependent to work well when offline.
An additional hurdle to security at sea, and in ports, is the long lifespan of the systems in use, which is typically 10-30 years. Attackers only need to flood networks with legitimate-looking commands to gain entry. Hidden under the lack of detection systems, crews may not notice they have been boarded and by then the momentum of the attack has carried the vessel off course. Ensuring the security of interconnected systems and protection against remote hacking attempts are critical concerns.
Dr. Rory Hopcraft of the Cyber-SHIP Lab at the University of Plymouth and Dryad Global, CEO Corey Ranslem recently conducted lifelike simulations to identify the potential impact of today’s maritime security risks. The scenario involved attackers using a phishing email to install malware on a container ship entering the New York harbor.
The malware waited for GPS coordinates of the ship’s location, then flooded command systems to override the bridge and send the engines to full power. Within just 2.5 minutes, the massive vessel drifted off course and ran aground, blocking the critical shipping channel into New York for days. This single-ship incident would have disrupted over $1.6 billion in trade, impacting the entire supply chain.
In this simulation, the crew received an email from their onshore support team asking for a chart update. This points to a key vulnerability within the industry; human error and lack of cybersecurity training. Additionally, other potential attack vectors were identified, from engineers taking on devices themselves to conduct software firmware updates to ship pilots plugging in their own devices. The simulation even tested the scenario of crew members connecting e-cigarettes to the ship’s bridge.
The results showed that in every scenario, malicious software can and will board the ship eventually.
Enhancing cyber resilience at sea
Industry collaboration to strengthen collective defenses is vital. The IMO’s 2021 resolution on maritime cybersecurity, for example, mandates shipowners and operators to incorporate initiatives that allow for collective information sharing.
From an operational perspective, comprehensive strategies must be adopted by shipping companies and port operators to safeguard against sophisticated cyber threats. Implementing advanced technological solutions like intrusion detection systems and encryption protocols can protect critical systems from unauthorized access. Additionally, strong endpoint protection platforms will maintain a level of security even when in disconnected environments and regular software updates will mitigate the risk of software supply chain attacks.
Employing zero-trust strategies, like network and data-centric segmentation, is also essential for continuous access control and security validation. Furthermore, maritime companies must foster a culture of cybersecurity awareness with regular training and drills to equip crews with the skills needed to recognize and respond to potential threats and compromised systems.
Finally, the maritime industry must review its critical event management processes. Emergencies and disruptions will continue to happen; it’s how companies prepare and respond to them that determines their impact. Maritime companies should harness a secure emergency notification system with incident response tools and capabilities. This will provide the necessary tools to deploy response teams and enable them to better prepare for, respond to, and recover from critical events faster.
As the maritime sector continues to digitalize, the importance of robust cybersecurity measures and proactive risk management cannot be overlooked. The industry doesn’t have to face this challenge alone, working with a trusted security partner to harness advanced AI technologies, deploy innovative zero-trust and endpoint management strategies, and enhance critical event management capabilities. Only then will the industry truly be prepared to tackle cyber takeovers at sea.
We’ve featured the best encryption software.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro