Navigating the Rising Tide of Maritime Cyber Threats

A New Age of Maritime Piracy

Present day maritime piracy is no longer limited to physical acts of hijacking or armed robbery. Shipping and logistics operations have increasingly adopted new technologies, creating new avenues for theft, financial gain, and general disruption, among other nefarious outcomes. 

Need for increased cybersecurity investment

The digital threat has escalated in line with the increased complexity of today’s maritime operations, which heavily rely on interdependent digital systems. Yet the industry’s slower pace of adopting cybersecurity measures has compounded the problem.  

A 2023 maritime industry report highlighted that in a survey of 150 industry professionals, a third of participants stated that their organisation spends less than $100,000 per year on cybersecurity. Many shipping companies, especially smaller organisations, prioritise operational efficiency over improving digital resilience in terms of investment. 

In 2013, the Belgian port of Antwerp experienced what many consider the landmark maritime incident in the new era of cyber threats.  Criminals exploited security vulnerabilities to facilitate drug smuggling, demonstrating the ability to manipulate physical port operations and ushering in a new methodology of using the Internet to recruit hackers in what is now referred to as, cybercrime-as-a-service.

Attacks beyond maritime supply chain

Modern shipping and logistics organisations now face the danger of cyber incidents and attacks that can extend to every facet of the maritime supply chain, affecting everything from vessel navigation to port and container management without a single kinetic action being executed. 

We have seen examples of this on a global scale:

• The Port of Lisbon, in 2022, faced a ransomware attack that disrupted operations for several days, exposing sensitive cargo data and the threat actors demanded a ransom of $1.5 million.  
• Similarly, in November 2023, a cyber incident at DP World Australia meant that systems halted nearly 40% of the country’s seaborne commerce.  It has been reported that, the event was prompted by a software vulnerability that the organisation patched but failed to update fully, exposing the business to unauthorised access.

Even the regulators are not immune to these threats. In September 2020, the International Maritime Organisation (IMO) experienced a cyberattack that impacted the organisation’s web-based services and internal network, resulting in a voluntary shutdown of all key systems to prevent further damage. The public website, intranet, and other web-based services were down for several days impacting the accessibility of critical regulatory data. 

These incidents have served as a stark demonstration of how vulnerable the global supply chain is to cyberattacks, causing delays in cargo processing and millions in economic losses. Without stronger cybersecurity investment and rapid adoption of protectionary measures, the maritime industry remains dangerously exposed to cyber risks.

Navigating towards cyber resilience

Given the rising frequency and sophistication of cyber threats, it is pivotal that maritime organisations start to focus on investing in cybersecurity, resilience and regulatory compliance. Becoming cyber resilient is not only the ability to defend the organisation, but also the ability to maintain or recover operations, and avoid potential sanctions, in the face of an incident. 

Here are five key strategies that maritime organisations can adopt.

Develop a comprehensive cybersecurity strategy

• Establish a robust cybersecurity framework. Identification and assessment of  potential threats is the first step in combating the evolving cyber threats. The framework should include implementing proactive defence mechanisms and developing comprehensive response plans to minimise operational disruption.
• Adhere to international standards. The IMO Resolution MSC.428(98) has mandated from 2021 that owners, operators, and managers of vessels consider and implement cyber security measures across all levels of their management systems. In addition, the resolution advises companies to identify, analyse, and prioritise risks posing a threat to shipboard systems and networks. 
• Compliance with legal obligations. Like all industries, the maritime industry must comply with relevant legal obligations (often on an international basis) relating to cybersecurity ranging from the UK Data Protection Act 2018 to the GDPR to NIS2. 
• The maritime industry’s extraterritorial nature adds to the complexity of compliance, which cannot be ignored since, in addition to cybersecurity risk, non-compliance also carries the risk of sanctions, including potential fines of 4% of annual global turnover together with the personal liability of the organisation’s management bodies.  Although factors such as the size, risk exposure, likelihood and severity of incidents together with the availability and cost of implementation will govern specific measures required, organisations are obliged to take appropriate and proportionate technical, operational and organisational measures to manage risk.  

Limit potential lateral movement

• Critically analyse your network to understand data flows and connections across the IT and Operational Technology (OT) environments. These connections are usually the weakest points in the network and allow threat actors to move across the environment. Organisations must identify these connections to assess whether they are critical to operations and invest in protective controls or remove them altogether to reduce risk and adhere to compliance requirements.
• Implement strong role-based access controls. Ensure personnel only have access to systems and digital assets related to their job function. This must be aggregated with a monitoring and detection mechanism to identify anomalous behaviour and as maintain control within the network.

Invest in human security

• Human error is often the weakest link.  provide regular and thorough training for crew members, port personnel and office staff. These programmes should cover social engineering, safe handling, secure use of digital tools and awareness of Bring Your Own Device (BYOD) policies. Enhance each module by providing role-specific training so that crew handling shipboard technology get distinct guidance on maintaining vessel security.
• Establish cybersecurity as part of the company’s safety culture. It is important to , integrating this culture into business-as-usual and key decision-making practices. Hazards are risks, they just manifest differently but can have the same impact. Ensure that leadership prioritises and communicates the importance of cybersecurity and how the business is addressing the continuously evolving threat landscape.

Evaluate your supply chain

• Map out the entire supply chain. This includes shipping lines, ports, suppliers, vendors, technology providers and managed services. Understand your operational dependencies on each part of the supply chain, especially around just-in-time logistics, location and communication channels.
• Assess the cybersecurity posture of your shipping lines, ports, suppliers, vendors, technology providers and managed services. Conduct periodic audits based on the criticality of the third party, identify areas of risk and contractually require compliance with relevant regulations as well as service level agreements. 

Practice makes better

• Simulate a cyber incident. much like any drill for other emergency situations. It is far better to have practiced identifying, reporting, and responding to a cyber incident in peacetime than it is to have to figure it out in the heat of the moment. These types of assessments provide a basis for improving communication protocols, effective decision-making structures, and knowledge sharing so that crew members, port personnel, and office staff are well-equipped. 
• Start with walk-throughs of an incident and create a safe space for people to practice responding. Do not expect everyone to be an expert; it is something that has to be trained for and learned from. Dedicating time to these exercises can only benefit organisations, and it is a vital step in minimising disruptive events.

Determining a way forward

The maritime industry is at a critical juncture when it comes to investing in cybersecurity and being able to combat the evolving threat landscape. To ensure the continuity of global trade and to build resilient and compliant organisations, cybersecurity must be a foundational pillar at the heart of the organisation’s mission. 

A multi-layered methodology combining advanced technical defences, rigorous regulatory and compliance policies and a security-focused culture will provide an approach that safeguards the business while maintaining financial success.

The world is increasingly interconnected and reliant on technology, which brings a vast swath of opportunities and obligations. With that comes inherent vulnerabilities that threat actors will look to benefit from. Maritime organisations must commit to protecting digital infrastructure and promoting a culture of security now, which in turn will safeguard their operations and build a more secure future.

[Photo by Maksym Kaharlytskyi on Unsplash]