Ports and ships — the maritime industry — are vital points in the global supply chain for food, medicine, consumer goods, fuel and many other products. Most of the world’s globally traded goods travel by sea. That’s why maritime security is key for supply chain security. Meanwhile, maritime cybersecurity faces threats at multiple places, including ports, communications systems and ships themselves.

Potential cyber attacks on maritime infrastructure are familiar types: phishing, malware, social engineering, brute force, denial of service, ransomware and others. What’s different is the unique placement of the targets.

Ships Rely on Digital Tools

Ships often rely on digital tools to function, many of which are automated. Even ship compasses are digital and depend on a mix of gyroscopes and GPS. All these systems could be at risk for a digital attack. Dependence on GPS puts shipping at risk because attackers can spoof or jam GPS signals.

More than most industries, maritime infrastructure tends to be old and complicated, further hampering marine cybersecurity.

Is There an IT Worker on the Ship?

Another risk factor people don’t talk about enough is the absence of IT people on ships. A ship is like a building packed with computer systems, servers and electronics. Yet, out at sea, the crew is on their own in managing these systems and dealing with breaches.

A digital attack could control or shut down a ship or drive it off-course, causing a crash. Some ships have dangerous cargo, such as explosive fuel, in large quantities.

Ports are also heavily dependent upon complex digital network logistics management systems. Some of these systems track every container on every ship. In the past, attackers have been able to delay, erase the knowledge of, redirect and steal actual cargo. They could abuse access to data on the location of cargo in a ransomware attack, or lock records.

The most likely risk is that digital attacks, through any number of possible attack types, delay shipping. That costs millions or billions of dollars to shipping companies, ports or shipping customers.

Maritime Cybersecurity Attacks Increasing

Attacks targeting maritime information systems are on the rise. In the first few months of the pandemic, attempted cyber attacks rose by 400%. We can expect this trend to continue, with rising attacks on ships and ports.

Attackers targeted the Port of Houston this year in a suspected nation-state attack, an event that raised the urgency level of maritime security infrastructure. The port is 25 miles long and handles a quarter of a billion tons of cargo every year.

The attack involved a password management program that contained a formerly unknown vulnerability. The attackers exploited that to install malicious code that granted access to the networks, which they used to exfiltrate log-in credentials needed to control network access. Luckily, “no operational data or systems were impacted,” according to a statement issued by Port authorities.

How To Handle Maritime Cybersecurity Risks

The need to address maritime cybersecurity is urgent. Here are some general approaches for how to address it:

  • Pinpoint specific possible threats. Understand what cyber criminals and nation-state actors might want from an attack. Pay special attention to the risk of ransomware. Consider attacks that could shut down the flow of goods, take ports offline and bring ships off course. Run red-team exercises and hire ethical hackers to help find likely attack points and methods.
  • Identify digital vulnerabilities. Inventory all systems and figure out what are unpatched, unpatchable, legacy or problematic in any way from a cybersecurity perspective. Think through the implications of existing physical security, and figure out how unauthorized people could gain access to digital systems. Consider how rogue or disgruntled employees could threaten security.
  • Initiate a maritime cybersecurity action plan. Address all vulnerabilities correctly, by patching or replacing problematic systems. Work with managers, leaders and stakeholders to develop these plans, then brief all concerned on how to use the plans in the event of an attack.
  • Install smart detection tools. For example, network detection and response tools use artificial intelligence (AI) to find odd and potentially malicious behavior on maritime networks. Have your software working 24/7 to watch for possible emerging attacks.
  • Launch new crew and employee cybersecurity training programs. Focus on phishing attacks, physical security and social engineering.
  • Establish contingency or continuity plans. For each possible attack scenario, develop a detailed plan for running your business through it, and also what the recovery processes are.

A threat to maritime information systems is a threat to global trade. Therefore, supply chain cybersecurity is one of the world’s most urgent business priorities.

More from Incident Response

Cybersecurity crisis communication: What to do

4 min read - Cybersecurity experts tell organizations that the question is not if they will become the target of a cyberattack but when. Often, the focus of response preparedness is on the technical aspects — how to stop the breach from continuing, recovering data and getting the business back online. While these tasks are critical, many organizations overlook a key part of response preparedness: crisis communication. Because a brand’s reputation often takes a significant hit, a cyberattack can significantly affect the company’s future…

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today