The shipping sector is a crucial part of global trade: approximately 90% of global trade is transported by sea. As the sector becomes increasingly digital, it also becomes more vulnerable to harmful cyber attacks. In the first half of 2024 alone, 23,400 malware and 178 ransomware detections were recorded, according to a recent report from Marlink.
The early adoption of technology in the maritime industry, such as electronic navigation systems, created fundamental vulnerabilities that allowed the introduction of straightforward cyber-attacks. While these incidents were seen as accidental or opportunistic, they highlighted the sector’s lack of strategy and defense against cyber threats.
As the industry has developed and embraced more advanced technologies, so has the surface area of attacks. Threat actors are rapidly adopting new AI-based techniques to increase the volume and sophistication of their attacks. Our latest threat intelligence shows that the cyber threat landscape is a maelstrom of groups exploiting the latest vulnerabilities and using new or updated malware families to target commercial enterprises and critical infrastructure.
Attackers can now gain long-term access to networks containing sensitive information through a single access point and use it to disrupt critical operations. In the past year alone, marine giant Brunswick Corporation suffered a cyberattack that disrupted their operations for nine days, resulting in a material impact of $85 million. Moreover, earlier this year, the European freight shipping sector was targeted by Chinese threat actors, who used a USB stick to gain access not only to the office systems, but also on board the freighters.
The reality is that cyber attacks at sea have the potential to be significant and long-lasting. System errors and compromises on board can jeopardize the safety of the crew and the ship. GPS spoofing or jamming can lead to collisions and jamming, while attacks on engine controls or ballast waste management systems can lead to critical failures that increase the risk of environmental disasters such as oil spills.
With the global maritime digitalization market expected to grow by 14.2% by 2031, the sector will continue to face persistent threats from well-funded criminal organizations and state-sponsored actors. How can the maritime industry combat this growing threat?
Vice President of Threat Research & Intelligence at BlackBerry.
Measuring the magnitude of potential disruptions
A key challenge for the maritime industry is that operational technology lacks the security capabilities, such as strong authentication, that are present in IT systems. Meanwhile, reliable connectivity can be difficult to obtain at sea or in remote parts of the world, and this significantly reduces the effectiveness of most cybersecurity tools (but not all). Too many systems depend on the cloud to work properly offline.
An additional hurdle for safety at sea and in ports is the long lifespan of the systems used, which is usually 10 to 30 years. Attackers simply need to flood networks with legitimate-looking commands to gain access. Hidden beneath the lack of detection systems, the crew may not notice they have boarded and by then the momentum of the attack has taken the ship off course. Ensuring the security of interconnected systems and protection against remote hacking attempts is critical.
Dr. Rory Hopcraft from the Cyber-SHIP Lab at the University of Plymouth and Dryad Global CEO Corey Ranslem recently conducted real-life simulations to map the potential impact of current maritime security risks. In the scenario, attackers used a phishing email to install malware on a container ship entering New York Harbor.
The malware waited for GPS coordinates of the ship’s location and then flooded the command systems to suppress the bridge and send the engines to full power. Within just 2.5 minutes, the massive ship drifted off course and ran aground, blocking the critical shipping route to New York for days. This single-ship incident is said to have disrupted more than $1.6 billion in trade, impacting the entire supply chain.
In this simulation, the crew received an email from their onshore support team requesting a map update. This points to an important vulnerability within the sector; human error and a lack of cybersecurity training. In addition, other potential attack vectors were identified, from engineers deploying devices themselves to perform software firmware updates to ship pilots connecting their own devices. The simulation even tested the scenario where crew members plugged in e-cigarettes on the ship’s bridge.
The results showed that in any scenario, malicious software can and will eventually get on board the ship.
Increasing cyber resilience at sea
Collaboration within the sector to strengthen collective defense is crucial. For example, the 2021 IMO Resolution on Maritime Cybersecurity directs ship owners and operators to include initiatives that enable collective information sharing.
From an operational perspective, shipping lines and port operators must adopt comprehensive strategies to protect against advanced cyber threats. Implementing advanced technology solutions such as intrusion detection systems and encryption protocols can protect critical systems from unauthorized access. Additionally, strong endpoint protection platforms will maintain a level of security even in disconnected environments, and regular software updates will limit the risk of attacks on the software supply chain.
Using zero-trust strategies, such as network and data-centric segmentation, is also essential for continuous access control and security validation. Additionally, maritime companies must promote a culture of cybersecurity awareness through regular training and exercises to equip crews with the skills needed to recognize and respond to potential threats and compromised systems.
Finally, the maritime industry needs to review its processes for managing critical events. Emergencies and disruptions will continue to occur; It is how companies prepare and respond that determines their impact. Maritime companies must use a secure emergency reporting system with instruments and options for incident response. This will provide the necessary tools to deploy response teams and enable them to prepare for, respond to and recover from critical events more quickly.
As the maritime sector continues to digitalize, the importance of robust cybersecurity measures and proactive risk management cannot be overlooked. The industry does not have to tackle this challenge alone, but must work with a trusted security partner to leverage advanced AI technologies, implement innovative zero-trust and endpoint management strategies, and improve critical event management capabilities. Only then will the industry be truly prepared to tackle cyber takeovers at sea.
We recommended the best encryption software.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro