Cyber security threats to the maritime industry

The technological advancements that defined the last decade are not slowing down. Within the maritime sector, an influx of tech start-ups and ventures are capitalising on these trends, driving change in everything from port logistics to navigation on the high seas. Along with other essential technologies, such as robotics and data analytics, the ability to connect systems and devices to the internet is driving innovation. With all progress comes new challenges, and at the forefront of these challenges today is how to secure this new digital landscape, according to pwc.co.uk.

With all the new maritime tech, traditional threats are changing in response. Piracy and smuggling of goods, people and weapons have long been challenges within the maritime industry, and an increased reliance on port and ship technology provides new opportunities for malicious actors to exploit vulnerabilities, causing organised criminals to turn to the digital world.

To date, the majority of incidents recorded have been non-targeted malware and as a result, most boards within the industry do not consider cyber security to be a top risk. Despite this, there are many potential attack vectors within the maritime industry which could be used to get a foothold in a network. Examples include targeting propulsion systems on board ships in order to disable a vessel’s ability to control its speed. GPS and AIS spoofing threaten the safety of both personnel and cargo if the crew cannot reliably determine their exact location. Additionally, due to multiple interconnected networks and systems at ports, there are avenues for threat actors to compromise or disrupt operational technology using indiscriminate attacks such as WannaCry, Petya and NotPetya which have previously affected the maritime industry.

Examples of how the maritime industry is being targeted

There are a number of real world examples of how these systems can be exploited for criminal gain within the industry. For example modern day pirates no longer need to roam the seas to find high value targets. Instead they employ ‘hackers for hire’ to specifically target shipping companies’ networks and locate shipping routes and on-board cargo manifests. Once the CMS (Content Management System) is compromised, the exact container location of valuable cargo can be obtained. Armed with this intelligence, pirates can choose the point when the ship is closest to shore to attempt boarding and go directly to the container’s location. This reduces the time spent on-board and greatly increases the profitability of such attacks.

Controlling the movement and location of shipping containers once at port is a key element for organised crime gangs. The port of Antwerp was targeted in 2011, again by ‘hackers for hire’. The gang maintained access to the system managing containers’ locations whilst on shore for approximately two years. This allowed for the concealment of banned substances amongst legitimate cargo and prevented customs officials from searching for specific containers.

As the industry becomes increasingly interconnected, stakeholders need a plan for responding to cyber incidents in a proportionate and appropriate way. Additionally, from design to operation and their use of third parties, security due diligence should be at the forefront of boards’ agendas when acquiring new businesses, systems or software in order to minimise the impact of allowing threat actors to compromise or disrupt their critical services. It might not yet be time to batten down the hatches, but organisations within the maritime industry should act sooner rather than later if they are to avoid a potentially devastating incident, according to pwc.co.uk.