Navigating the surge of cyber threats in global maritime trade
The world’s shipping industry plays a pivotal role in global trade, with nearly 90% of goods transported by sea. However, as digitalisation continues to reshape maritime operations, the industry’s exposure to cyberattacks expands significantly. In the first half of 2024 alone, 23,400 malware incidents and 178 ransomware attacks were reported, according to a recent Marlink study.
Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry further discusses.
Initially, the adoption of digital tools like electronic navigation systems opened up basic vulnerabilities, inviting relatively unsophisticated cyber incidents. These early breaches, often accidental or opportunistic, underscored the industry’s lack of cohesive strategies and robust defences against emerging cyber threats.
As the industry has developed and embraced more advanced technologies, so has the surface of attacks. Threat actors are quickly adopting new, AI-enabled techniques to increase the volume and sophistication of their attacks. Our latest threat intelligence shows the cyber threat landscape is a maelstrom of groups exploiting the latest vulnerabilities and utilising new or updated malware families to target commercial enterprises and critical infrastructure.
Attackers can now gain prolonged access to networks containing sensitive information and use this to disrupt crucial operations, through a single point of entry. In the last year alone, marine giant, Brunswick Corporation has grappled with a cyberattack that disrupted their operations for nine days, causing a material impact of $85 million. Additionally, the European cargo shipping industry was targeted by Chinese threat actors earlier this year, who gained access to not only the office systems but also aboard the cargo vessels using a USB drive.
The reality is that cyberattacks at sea have the potential to be significant and long-lasting. Onboard system failures and compromises can put the safety of the crew and ship at risk. GPS spoofing or jamming can lead to collisions and grounding, while attacks targeting engine controls or ballast waste management systems can lead to crucial failures that increase the risk of environmental disasters like oil spills.
With the global maritime digitisation market expected to grow by 14.2% by 2031, the industry will continue to face persistent threats from well-funded criminal organisations and state-sponsored actors. So, how can the maritime industry combat this growing threat?
The scope of potential disruptions
A key challenge for the maritime industry is operational technology lacking security capabilities like strong authentication found in IT systems. Meanwhile, reliable connectivity can be tough to come by while at sea or in remote parts of the world, and this greatly decreases the efficacy of most cybersecurity tools (but not all). Too many systems are Cloud-dependent to work well when offline.
An additional hurdle to security at sea, and in ports, is the long lifespan of the systems in use, which is typically 10-30 years. Attackers only need to flood networks with legitimate-looking commands to gain entry. Hidden under the lack of detection systems, crews may not notice they have been boarded and by then the momentum of the attack has carried the vessel off course. Ensuring the security of interconnected systems and protection against remote hacking attempts are critical concerns.
Dr. Rory Hopcraft of the Cyber-SHIP Lab at the University of Plymouth and Dryad Global, CEO Corey Ranslem recently conducted lifelike simulations to identify the potential impact of today’s maritime security risks. The scenario involved attackers using a phishing email to install malware on a container ship entering the New York harbour.
The malware waited for GPS coordinates of the ship's location, then flooded command systems to override the bridge and send the engines to full power. Within just 2.5 minutes, the massive vessel drifted off course and ran aground, blocking the critical shipping channel into New York for days. This single-ship incident would have disrupted over $1.6 billion in trade, impacting the entire supply chain.
In this simulation, the crew received an email from their onshore support team asking for a chart update. This points to a key vulnerability within the industry; human error and lack of cybersecurity training. Additionally, other potential attack vectors were identified, from engineers taking on devices themselves to conduct software firmware updates to ship pilots plugging in their own devices. The simulation even tested the scenario of crew members connecting e-cigarettes to the ship's bridge.
The results showed that in every scenario, malicious software can and will board the ship eventually.
Bolstering maritime cyber resilience
Industry collaboration to strengthen collective defences is vital. The IMO's 2021 resolution on maritime cybersecurity, for example, mandates shipowners and operators to incorporate initiatives that allow for collective information sharing.
From an operational perspective, comprehensive strategies must be adopted by shipping companies and port operators to safeguard against sophisticated cyber threats. Implementing advanced technological solutions like intrusion detection systems and encryption protocols can protect critical systems from unauthorised access. Additionally, strong endpoint protection platforms will maintain a level of security even when in disconnected environments and regular software updates will mitigate the risk of software supply chain attacks.
Employing zero-trust strategies, like network and data-centric segmentation, is also essential for continuous access control and security validation. Furthermore, maritime companies must foster a culture of cybersecurity awareness with regular training and drills to equip crews with the skills needed to recognise and respond to potential threats and compromised systems.
Finally, the maritime industry must review its critical event management processes. Emergencies and disruptions will continue to happen; it’s how companies prepare and respond to them that determines their impact. Maritime companies should harness a secure emergency notification system with incident response tools and capabilities. This will provide the necessary tools to deploy response teams and enable them to better prepare for, respond to, and recover from critical events faster.
With the maritime sector advancing further towards digitalisation, prioritising strong cybersecurity and proactive risk management is vital. The industry can benefit greatly by partnering with a trusted security provider to leverage advanced AI technologies, implement zero-trust and endpoint management solutions, and strengthen critical event management systems. This collaborative approach will be vital in equipping the industry to counter cyber threats effectively and safeguard operations at sea.