The digitization of the maritime industry has led to advancements in offshore communications and industrial control systems. As the industry becomes more digitized, critical systems onboard vessels are becoming increasingly vulnerable to cyberattacks.
Shipping is becoming more reliant on digital solutions for the completion of everyday tasks. The rapid developments within information technology, data usage and availability, processing speeds, and data transfer present shipowners and other maritime industry players with increased possibilities for optimized operations, cost savings, safety improvements, and sustainable initiatives. These developments rely on increased connectivity often via the internet between servers, IT systems, and OT systems, which increases the potential for cyber vulnerabilities and risk. A 2020 Safety at Sea and BIMCO Maritime cybersecurity survey found 77% of respondents view cyberattacks as a medium or high risk to their organizations. Within that same survey, only 42% of respondents’ organizations had operational technology cyber protection. It is imperative that ship owners look at all aspects of their ship operations to ensure their protection against growing cyberthreats.
There is a need for the contradistinction between industrial control systems (ICS), operation technology (OT), cyber-physical systems (CPS), and the Internet of Things (IoT). Understanding how these systems differ will help distinguish their specific cybersecurity system requirements. Almost all technology discussed falls within the ICS category, from electronic control systems to associated information used for process control. Operation technology deserves its own distinction, representing hardware or software that invokes a change through direct monitoring of physical devices, particularly in production and operations.
Consider a modern maritime vessel and all its connectivity features. A vessel has technology outfits for bridge control systems, operations security, propulsion and power, network security, communications, safety systems, navigation, physical security, crew network, loading and stability, shipping network, and supply chain. Break each of those categories down further into segmented inputs and you have dozens of ways that hackers can infiltrate and infect your onboard systems.
Cyber Security Attacks
Hackers are becoming increasingly better at their malicious craft. The most common attack vector by hackers is crew interaction with phishing attempts. Eric Griffin, VP of offshore energy at Inmarsat, notes crew welfare and IoT availability is the biggest driver of increased data usage, rising over 200% within the last two years. This increase in internet users onboard vessels allows hackers to cast a wide net in hopes that a single crewmember will take the bait.
The Danish shipping company Maersk was the victim of one of the largest cyberattacks to date. The world’s largest container shipping company with offices in 130 countries and 80,000 employees, was infected by NotPetya malware in 2017. Once the malware infiltrated Maersk’s systems, it spread through the entire network in seven minutes, leading to damages estimated at over $300 million. Following the attack, and to prevent emerging threats, Maersk now employs a separate internal threat team that studies these threats and works on response mitigation for future attacks.
The Department of Homeland Security noted last November that the most significant threat to U.S. ports is cyberattacks. There are over 900 ports in the U.S. that need cybersecurity. Many of those ports are critical to domestic energy infrastructure. Ports are considered an easy target for cyberattacks since much of their workforce is outsourced.
Results from Jones Walker LLP 2022 Ports and Terminals Cybersecurity Survey reflect the responses of 125 c-suite executives, directors, security and compliance officers, and general counsel, and confirm that cybersecurity remains a top concern for the ports and terminals sector within the maritime industry. The findings show that 90% of respondents report that they are prepared to withstand cybersecurity threats in 2022. However, the 2022 survey show’s a big increase from 2018 in reported cyberattacks — from 43% in 2018 to 74% in 2022.
Did you subscribe to our Newsletter?
It’s Free! Click here to Subscribe.