The murky waters of maritime cybersecurity

In an increasingly digital world where data is a precious commodity, no industry is safe from the lurking threats of cyberattacks, including the maritime sector. 

A panel of industry experts sat down at London International Shipping Week (LISW) to give insights on the current state of cybersecurity in the marine sector and the challenges it faces. 

Sir Clive Johnstone KBE CB, retired RN Vice Admiral and Director of Strategy for BMT Group, believes the maritime sector's vulnerability to cyber threats extends far beyond traditional concerns. 

"We're not just talking cyberattacks on ships today. The proliferation of offshore wind and fixed and now floating blue and green hydrogen - and all the rest of that - means there is a huge investment offshore and even further offshore, and a huge investment in vessels that need to be connected to service those. This will only blossom,” he explained. 

Further, as fish stocks get scarce, there are more and more floating and data-connected fish stocks in the most remote locations. “So, we're not talking about your good old container ship going from A to B - we're talking about a whole plethora of risk,” he concluded. 

Expanding horizons equates to more risk 

As the marine sector expands its horizons, in comes an array of new cyber vulnerabilities.  

Øyvind Berget, CTO at NORMA Cyber, highlighted a fundamental issue: "When it comes to the maritime sector, it's a lot about the data they have or don't really know that they have." 

The challenge of understanding the extent of stored data and potential consequences with a breach is not unique to the marine sector.  

Raf Sanchez, Global Head of Cyber Services at Beazley, likened the situation to a cluttered drawer: "I think data in organisations is a bit like that drawer in the kitchen you have where you leave all the cables and things you think you might need at some point. Many, many organisations don't understand what the impact [of a breach] is going to be until they've opened that drawer and realised, ‘Oh, that database that we migrated into the cloud, we kept a copy, just in case.’ 

“And in fact, that copy has all records going back 20 years. The impact that was initially thought to be 15,000 records in the cloud, is now 100,000. In maritime, physical security is probably fairly well understood, but this idea of data, it's not tangible." 

Kelly Malynn, Product Lead Cyber Physical Damage for the marine, aviation, and political risk divisions at Beazley, emphasised a complex regulatory landscape that adds to the marine sector's cybersecurity challenges: "When it comes to a data event with a loss of 20 years’ worth of personnel records, the impact of that breach typically means that you have to undergo a significant amount of forensics and there's regulatory requirements in terms of notifications.” 

For shipping companies that typically operate globally, there could be complexities of operating in Europe with European regulation in flag state nations that are different from where the main operations are, and with US and Filipino personnel on board, for example.  

“What's the complexity when it comes to those notifications and what sort of costs might be involved?" she asked. 

A unique environment with unique threats 

As the maritime sector grapples with these data-related issues, the spectre of cyberattacks looms. Berget of NORMA Cyber highlighted a unique aspect of threats in the maritime sector, which could have dire consequences. 

Although NORMA Cyber had not yet seen any targeting of maritime targets specifically on vessels’ operational technology, Berget warns: “If you start hitting the operational technology, people will get hurt and, in the end, you're no longer just a criminal, you have made a terrorist threat." 

Regardless, the potential consequences of cyberattacks on maritime operations are real, as outlined by Stephen Deutsch, former Global Lead, Managed Detection and Response at Lodestone.  

"The targeting of critical infrastructure has led to there being more of a government response to what was historically seen as a creative problem to be dealt with law enforcement. We also see a lot of fraud and the extent to which AI is enabling that. You can no longer trust what you hear and see,” he said. 

And it's not just sophisticated cyber threats that pose a danger. Berget pointed out that even old-fashioned methods can have a significant impact: "Vessels are often hit by old-fashioned viruses and worms. Just because the sailors are good at sailing, they're probably not the best computer engineers." 

Sanchez echoed this sentiment, stressing the need to address the broader spectrum of risks: "Hacking, threat actors - these words make it sound like this risk is some kind of Mr. Robot-Jason Bourne scenario. 

“The reality is there are lots of young [people] who make mistakes. There are lots of people who don't read the policies. There are lots of suppliers who service in the cheapest way possible. There are gate guards who you wouldn't want to introduce to your mum. There's a lot of background noise risk that is ignored. That could be simply accessing your wi-fi device inappropriately and bringing on a piece of malware that is actually quite dangerous." 

The maritime sector's continuing journey through the digital age brings with it unprecedented challenges in cybersecurity. Marine operators are being reminded of data understanding, preparing for the worst, and fostering a cybersecurity-aware culture, something which the International Maritime Organization (IMO) are supporting. 

As vessels and marine structures become more automated and interconnected, the need to address these challenges becomes increasingly urgent. The message is clear: in the marine world, it's not just the waves you need to watch out for, it’s the digital tides as well. 

Main image: The panel discuss cybersecurity at London International Shipping Week (LISW); Credit: LISW