The maritime sector is on the verge of a digital disruption. As digital transformation of the maritime sector is gathering momentum that will have a major impact on operations and existing business models, simultaneously the threat cyber attacks is emerging. Further the sector’s infrastructure will be exposed to more and more cyber vulnerabilities as the drive towards autonomous ships.
The United States Coast Guard has sent out two security alerts in 2019, highlighting a problem with the cybersecurity practices aboard commercial sea vessels. Coast Guard desribed the malware distributed by this malspam campaign as “malicious software designed to disrupt shipboard computer systems.” A report published in December 2018 by a conglomerate of 21 international shipping associations and industry groups highlighted a plethora of cyber-security problems aboard ships, where investigators found ransomware, USB malware, and worms on numerous occasions.
The international shipping industry carries around 90 percent of world trade. At any given time, about 50 000 ships are at sea or in port. The maritime industry is highly exposed to cyberattacks and threats that may have severe financial and reputational repercussions. Globally, almost 17 million cyberattacks occur every week. In 2018, cybercrime was estimated to cost around $600 billion globally.
An internal US Navy review concluded that the service and its various industry partners are “under cyber siege” from Chinese hackers who are building Beijing’s military capabilities while eroding the US’s advantage, The Wall Street Journal reported in March 2019. Chinese hackers have repeatedly hit the Navy, defense contractors, and even universities that partner with the service. “We are under siege,” a senior Navy official told The Journal. “People think it’s much like a deadly virus – if we don’t do anything, we could die.”
Breaches have been “numerous,” according to the review. While China is identified as the primary threat, hackers from Russia and Iran have also been causing their share of trouble. US Navy considers that it faces threats from adversary nations like Russia, China, Iran, and North Korea, which have developed significant information warfare capabilities and interested in exploiting the Navy’s networks to conduct espionage operations, either by stealing information and technical data on fleet operations or preventing the Navy from taking advantage. Earlier in 2019 the Journal reported that Chinese hackers have targeted more than two dozen universities in the US and elsewhere in an attempt to steal military secrets, particularly those related to maritime technology.
Secretary of the Navy Richard Spencer launched the recently concluded review in October, warning that “attacks on our networks are not new, but attempts to steal critical information are increasing in both severity and sophistication.” “We must act decisively to fully understand both the nature of these attacks and how to prevent further loss of vital military information,” he added.
Cyber warfare has moved to maritime domain. “The risk of cyber attacks against our ships and submarines is as real a threat as traditional weapons such as rockets, missiles and torpedoes,” Royal Navy says. Navies around the world are now developing new cyber security measures and technologies and carrying out exercises to test the operational effectiveness of warships, submarines and Marines in responding to cyber incidents that may unfold during a real-life crisis.
Players in the shipping industry need to identify the greatest cyber risks and address them in the most cost-effective way. This asks for scalable and data-driven solutions to automatically manage, detect and address risks in a consistent and transparent way.
IMO has issued MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management. The guidelines provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities and include functional elements that support effective cyber risk management.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.