The maritime industry has long been the backbone of global trade, with over 90% of the world's goods transported by sea. However, the rapid adoption of digital technologies has brought significant vulnerabilities, leading to an increasing number of maritime cybersecurity incidents. Cyberattacks on shipping companies, port authorities, and onboard systems have exposed weaknesses in the sector's digital infrastructure. These incidents have disrupted operations and highlighted the need for robust cybersecurity measures to safeguard the maritime industry.
Today, Electronic Chart Display and Information Systems (ECDIS), operational technology (OT) with information technology (IT), and remote monitoring and control systems for ports and vessels are being used more frequently.
Major Maritime Cybersecurity Incidents
One of the significant cybersecurity incidents that have happened is the Maersk Cyberattack. This is the most notable maritime cybersecurity incident in 2017 when the Danish shipping giant A.P. Moller-Maersk fell victim to the NotPetya ransomware attack. The attack crippled Maersk's IT systems, forcing the company to reinstall over 4,000 servers, 45,000 PCs, and 2,500 applications. The estimated cost of the attack exceeded $300 million. This incident highlighted the global maritime sector's vulnerability to large-scale ransomware attacks.
In 2018, the Port of San Diego suffered a ransomware attack that disrupted administrative functions and communications. Although the attack did not affect the port's cargo operations, it underscored the risks of targeting administrative systems that support critical infrastructure. COSCO, one of the world's largest shipping companies, experienced a ransomware attack in 2018 that disrupted its U.S. operations for several days. The attack affected email and telephone systems, forcing the company to switch to manual processes. Unlike the Maersk attack, this incident was contained regionally but demonstrated the potential for significant disruption.
In 2020, Iran's Shahid Rajaee Port was targeted in a cyberattack that caused massive disruptions to operations. The attack, believed to be geopolitically motivated, resulted in significant delays and traffic congestion. This incident underscored how cyberattacks can be used as tools of political retaliation. Also, Svitzer, a tow company owned by Maersk, faced a prolonged cyber incident in 2021 that compromised employees' email accounts. The attack remained undetected for several months, during which sensitive information was accessed. This incident revealed the potential for cyber espionage in the maritime sector.
IMO Regulation in Cybersecurity for Maritime Sector
The increasing frequency and severity of maritime cybersecurity incidents underscore the urgent need for action. The risks will only grow as digitalization continues to reshape the maritime industry. By adopting proactive measures and fostering a culture of cybersecurity awareness, the naval sector can protect itself from evolving threats. Governments, shipping companies, and technology providers must collaborate to ensure the resilience of this critical global infrastructure. The International Maritime Organization (IMO) was prompted to develop cybersecurity guidelines due to the growing number of cyberattacks on the maritime industry and the increasing digitalization of naval operations. Several key factors and incidents were pivotal in pushing the IMO to address cybersecurity risks systematically.
Rising Threat of Cyberattacks on Critical Maritime Infrastructure
Attacks on GPS systems, Electronic Chart Display and Information Systems (ECDIS), and Automatic Identification Systems (AIS) showed how hackers could compromise critical systems and jeopardize the safety of vessels at sea. Port infrastructure, such as cargo management systems and automated cranes, became increasingly connected to IT networks, creating vulnerabilities. The introduction of innovative ships, smart ports, and reliance on IoT devices and automation transformed maritime operations and created new vulnerabilities. Systems previously isolated from external networks were now connected to the internet, making them susceptible to cyberattacks.
As the specialized United Nations agency responsible for the safety, security, and environmental performance of international shipping, the IMO had a clear mandate to address cyber risks. Failure to establish cybersecurity standards could lead to inconsistent practices across the industry, leaving significant gaps in protection.
The IMO began addressing this issue in the mid-2010s, culminating in Resolution MSC.428(98) issuance in 2017, which required shipowners and operators to incorporate cyber risk management into their Safety Management Systems (SMS) by January 1, 2021.
Hackable Autonomous Vessels
The rise of autonomous vessels marks a significant shift in the maritime industry. These vessels offer potential benefits such as reduced costs, improved safety, and lower environmental impact. Although they are still in various stages of development and deployment, they represent the future of shipping and maritime operations. Continued innovation, regulatory frameworks, and international cooperation will ensure their successful integration into global maritime trade.
Autonomous vessels are hackable and pose significant cybersecurity risks due to their heavy reliance on advanced technology, sensors, artificial intelligence (AI), and satellite-based communication systems. These vessels are essentially large floating networks, making them vulnerable to cyberattacks that could have serious safety, financial, and environmental consequences.
Key Vulnerabilities in Autonomous Vessels
The key vulnerabilities in autonomous vessels are the navigation system and GPS spoofing, which are real-world vulnerabilities. In 2017, researchers demonstrated how easy it was to spoof a yacht's GPS, altering its course without detection. This same technique can affect autonomous ships. Autonomous vessels rely on satellite communication (SATCOM) and shore-based control centers for remote monitoring and updates. These communication links can be intercepted or disrupted, allowing attackers to take control of the vessel or shut it down. Sensors can be manipulated, Malware and Ransomware can be inducted, and AI can be manipulated.
The potential consequences of a successful hack include issues such as Hijacking, remote control, collision or Grounding, Theft of Cargo or Sensitive Data, Disruption in the Global Supply Chain, and other attacks and impacts.
Conclusion
In this case, ethical hackers could play a critical role as salvors for autonomous vessels, especially in cyber salvage, a new and evolving concept in maritime operations. Traditionally, a salvor rescues a ship or its cargo from peril at sea. In the digital age of autonomous vessels, the idea of salvage is expanding to include cybersecurity specialists who can respond to cyber incidents and recover control of compromised vessels.
Ethical hackers have the skills and expertise to become cyber salvors, protecting autonomous vessels from cyber threats and ensuring operational safety. This role will likely expand as autonomous shipping grows, with new regulations and frameworks required to govern cyber salvage operations. In the future, "cyber rescue teams" could be as essential to maritime operations as traditional salvage crews, safeguarding vessels from digital and physical perils.
The article is written by Sanjana Rathi - CEO of The CyberDiplomat & Visiting Professor of Cybersecurity at Indian Maritime University
Comments