The maritime industry is a vital sector of the global economy, as it facilitates the movement of people and goods across the oceans and seas. According to the United Nations Conference on Trade and Development (UNCTAD), maritime transport accounts for over 80% of the volume of international trade in goods, and even higher for most developing countries. The industry encompasses various activities, such as shipping, navigation, marine engineering, offshore oil exploration and production, and cruise tourism.
Rapid digital transformation and technological innovation are pushing barriers to what is possible in every industry, and the maritime industry is no exception. As vessels become smarter and more digitized, remote control and monitoring of fleets of ships becomes possible from anywhere in the world. Accompanying these exciting developments, however, is cybersecurity risks.
Cybersecurity is essential for ensuring maritime operations’ safety, security, and efficiency and complying with the relevant regulations and standards. Neglecting this puts the bulk of the world trade at risk of jeopardy. Maritime cybersecurity protects the information and operational systems of vessels, ports, and other maritime entities from cyber threats and vulnerabilities.
This blog aims to provide an overview of maritime cybersecurity’s current state and prospects and help you understand some key cybersecurity issues in the domain and the possible ways to overcome them.
Let’s get into it!
The maritime industry is a vital sector of the global economy, as it facilitates the movement of people and goods across the oceans and seas. According to the United Nations Conference on Trade and Development (UNCTAD), maritime transport accounts for over 80% of the volume of international trade in goods, and even higher for most developing countries. The industry encompasses various activities, such as shipping, navigation, marine engineering, offshore oil exploration and production, and cruise tourism.
Rapid digital transformation and technological innovation are pushing barriers to what is possible in every industry, and the maritime industry is no exception. As vessels become smarter and more digitized, remote control and monitoring of fleets of ships becomes possible from anywhere in the world. Accompanying these exciting developments, however, is cybersecurity risks.
Cybersecurity is essential for ensuring maritime operations’ safety, security, and efficiency and complying with the relevant regulations and standards. Neglecting this puts the bulk of the world trade at risk of jeopardy. Maritime cybersecurity protects the information and operational systems of vessels, ports, and other maritime entities from cyber threats and vulnerabilities.
This blog aims to provide an overview of maritime cybersecurity’s current state and prospects and help you understand some key cybersecurity issues in the domain and the possible ways to overcome them.
Let’s get into it!
Networks and Technological Systems in Maritime
IT networks are used for connectivity, communication, and data exchange for the crew, passengers, and other stakeholders. They enable access to the internet, email, voice calls, video conferencing, entertainment, and other online services. They also support administrative and management functions, such as billing, accounting, payroll, inventory, and reporting.
OT networks are used to manage critical ship systems, such as engine, propulsion, power, steering, navigation, safety, and security. They enable these systems’ monitoring, control, and automation through sensors, actuators, controllers, and software. They also support operational and technical functions, such as fuel efficiency, route optimization, maintenance, and troubleshooting.
IT and OT networks are interconnected and interdependent in the maritime industry. This means that data and information can flow between them, and changes or disruptions in one network can affect the other. For example, a ship’s navigation system (OT) may rely on GPS signals (IT) to determine its position and course.
The interconnection and integration of IT and OT networks create additional challenges and risks for cybersecurity in the maritime industry. These include the increased complexity and diversity of the network architecture and devices, increased exposure to external threats, increased potential for human error or insider threat, and difficulty detecting and responding to cyber incidents.
The maritime industry relies on various components and systems that depend on IT and OT networks for their functionality and performance. Some of the key components and systems are:
- Navigation systems: These are systems that provide information and guidance for the ship’s movement and direction. They include electronic chart display and information system (ECDIS), automatic identification system (AIS), radar, compass, gyrocompass, speed log, echo sounder, global navigation satellite system (GNSS), differential global positioning system (DGPS), long-range identification and tracking (LRIT), voyage data recorder (VDR), etc.
- Crew management systems: These are systems that facilitate the administration and coordination of the ship’s crew. They include crew scheduling, payroll, training, certification, health, safety, welfare, etc.
- Safety management systems: These are systems that ensure the protection of the ship’s crew, passengers, and cargo and their compliance with international safety guidelines.
Networks and Technological Systems in Maritime
The maritime industry relies on various networks and systems to support its operations and activities. These networks and systems can be broadly classified into information technology (IT) networks and operational technology (OT) networks.
IT networks are used for connectivity, communication, and data exchange for the crew, passengers, and other stakeholders. They enable access to the internet, email, voice calls, video conferencing, entertainment, and other online services. They also support administrative and management functions, such as billing, accounting, payroll, inventory, and reporting.
OT networks are used to manage critical ship systems, such as engine, propulsion, power, steering, navigation, safety, and security. They enable these systems’ monitoring, control, and automation through sensors, actuators, controllers, and software. They also support operational and technical functions, such as fuel efficiency, route optimization, maintenance, and troubleshooting.
IT and OT networks are interconnected and interdependent in the maritime industry. This means that data and information can flow between them, and changes or disruptions in one network can affect the other. For example, a ship’s navigation system (OT) may rely on GPS signals (IT) to determine its position and course.
The interconnection and integration of IT and OT networks create additional challenges and risks for cybersecurity in the maritime industry. These include the increased complexity and diversity of the network architecture and devices, increased exposure to external threats, increased potential for human error or insider threat, and difficulty detecting and responding to cyber incidents.
The maritime industry relies on various components and systems that depend on IT and OT networks for their functionality and performance. Some of the key components and systems are:
- Navigation systems: These are systems that provide information and guidance for the ship’s movement and direction. They include electronic chart display and information system (ECDIS), automatic identification system (AIS), radar, compass, gyrocompass, speed log, echo sounder, global navigation satellite system (GNSS), differential global positioning system (DGPS), long-range identification and tracking (LRIT), voyage data recorder (VDR), etc.
- Crew management systems: These are systems that facilitate the administration and coordination of the ship’s crew. They include crew scheduling, payroll, training, certification, health, safety, welfare, etc.
- Safety management systems: These are systems that ensure the protection of the ship’s crew, passengers, and cargo and their compliance with international safety guidelines.
Key Cybersecurity Concerns in the Maritime Industry
The maritime industry has experienced several cybersecurity incidents demonstrating the impacts and consequences of cyberattacks on maritime operations. In 2017, Maersk Line was hit by a global ransomware attack, NotPetya, which affected its IT systems across 600 locations in 130 countries. The attack disrupted its booking system and terminal operations for several weeks. The company estimated that the attack cost between $250 million and $300 million in lost revenue.
In 2018, COSCO Shipping Lines was hit by a ransomware attack that affected its IT systems in North America. The attack disrupted its email system and website for several days. The company had to use alternative methods of communication, such as telephone or social media, to maintain its operations.
Likewise, on July 4th, 2023, Japan’s Nagoya seaport fell victim to a ransomware attack by LockBit 3.0, a pro-Russian ransomware group. This attack caused a failure in the Nagoya Port Unified Terminal System (NUTS), leading to operations suspension for two days.
Cybersecurity is an increasingly important issue for the maritime industry, as it affects the safety, security, and efficiency of maritime operations, as well as the protection of the environment and the interests of the stakeholders. The maritime industry faces various cybersecurity concerns that are specific to its domain, such as:
- Securing IT systems: IT systems are used for connectivity, communication, and data exchange for the crew, passengers, and other stakeholders. They enable access to the internet, email, voice calls, video conferencing, entertainment, and other online services. They also support administrative and management functions, such as billing, accounting, payroll, inventory, and reporting. IT systems are vulnerable to cyberattacks that compromise confidentiality, integrity, and availability. For example, cyberattackers can use phishing, malware, social engineering, or brute force techniques to access IT systems and steal sensitive data, disrupt communication, or demand ransom.
- Protection of critical systems: Critical systems are essential for the safe and efficient operation of the ship, such as engine, propulsion, power, steering, navigation, safety, and security systems. They enable these systems’ monitoring, control, and automation through sensors, actuators, controllers, and software. They also support operational and technical functions, such as fuel efficiency, route optimization, maintenance, and troubleshooting. Critical systems are vulnerable to cyberattacks that can compromise their functionality and performance. For example, cyberattackers can use malware, denial of service, or remote access techniques to tamper with critical systems and cause physical damage, loss of control, or operational disruption.
- Risks associated with increased digitization and remote control/monitoring of ships: Digitization and remote control/monitoring of ships are trends that aim to improve the efficiency and sustainability of maritime operations by using advanced technologies such as cloud computing, artificial intelligence (AI), internet of things (IoT), or blockchain. They enable collecting and analyzing large amounts of data from various sources onboard and ashore. They also enable the remote control or monitoring of ships by shore-based operators or third-party service providers. However, these trends also introduce new risks and challenges for cybersecurity in the maritime industry. For example, cyberattackers can exploit the increased connectivity and complexity of the network architecture and devices to gain unauthorized access or interfere with the data flow or system operation.
Key Cybersecurity Concerns in the Maritime Industry
The maritime industry has experienced several cybersecurity incidents demonstrating the impacts and consequences of cyberattacks on maritime operations. In 2017, Maersk Line was hit by a global ransomware attack, NotPetya, which affected its IT systems across 600 locations in 130 countries. The attack disrupted its booking system and terminal operations for several weeks. The company estimated that the attack cost between $250 million and $300 million in lost revenue.
In 2018, COSCO Shipping Lines was hit by a ransomware attack that affected its IT systems in North America. The attack disrupted its email system and website for several days. The company had to use alternative methods of communication, such as telephone or social media, to maintain its operations.
Likewise, on July 4th, 2023, Japan’s Nagoya seaport fell victim to a ransomware attack by LockBit 3.0, a pro-Russian ransomware group. This attack caused a failure in the Nagoya Port Unified Terminal System (NUTS), leading to operations suspension for two days.
Cybersecurity is an increasingly important issue for the maritime industry, as it affects the safety, security, and efficiency of maritime operations, as well as the protection of the environment and the interests of the stakeholders. The maritime industry faces various cybersecurity concerns that are specific to its domain, such as:
- Securing IT systems: IT systems are used for connectivity, communication, and data exchange for the crew, passengers, and other stakeholders. They enable access to the internet, email, voice calls, video conferencing, entertainment, and other online services. They also support administrative and management functions, such as billing, accounting, payroll, inventory, and reporting. IT systems are vulnerable to cyberattacks that compromise confidentiality, integrity, and availability. For example, cyberattackers can use phishing, malware, social engineering, or brute force techniques to access IT systems and steal sensitive data, disrupt communication, or demand ransom.
- Protection of critical systems: Critical systems are essential for the safe and efficient operation of the ship, such as engine, propulsion, power, steering, navigation, safety, and security systems. They enable these systems’ monitoring, control, and automation through sensors, actuators, controllers, and software. They also support operational and technical functions, such as fuel efficiency, route optimization, maintenance, and troubleshooting. Critical systems are vulnerable to cyberattacks that can compromise their functionality and performance. For example, cyberattackers can use malware, denial of service, or remote access techniques to tamper with critical systems and cause physical damage, loss of control, or operational disruption.
- Risks associated with increased digitization and remote control/monitoring of ships: Digitization and remote control/monitoring of ships are trends that aim to improve the efficiency and sustainability of maritime operations by using advanced technologies such as cloud computing, artificial intelligence (AI), internet of things (IoT), or blockchain. They enable collecting and analyzing large amounts of data from various sources onboard and ashore. They also enable the remote control or monitoring of ships by shore-based operators or third-party service providers. However, these trends also introduce new risks and challenges for cybersecurity in the maritime industry. For example, cyberattackers can exploit the increased connectivity and complexity of the network architecture and devices to gain unauthorized access or interfere with the data flow or system operation.
Implementing Effective Maritime Cybersecurity
- Conducting a thorough risk assessment for maritime operations: This means identifying and analyzing the cyber threats and vulnerabilities that affect the IT and OT systems onboard and ashore; assessing the likelihood and impact of cyber incidents on the safety, security, and efficiency of maritime operations; and prioritizing the risks according to their severity and urgency.
- Developing and implementing cybersecurity plans and strategies: This means establishing and documenting the policies, procedures, standards, and guidelines for managing cyber risks; defining the roles and responsibilities of the stakeholders involved in cybersecurity; allocating the resources and budget for cybersecurity; and implementing the appropriate cybersecurity measures and controls to prevent, mitigate, or reduce cyber risks.
- Importance of training and awareness among maritime personnel: This means providing regular and relevant training and education programs for the crew members, shore staff, and other stakeholders on cybersecurity best practices, such as using strong passwords, avoiding phishing emails, updating software patches, etc.; raising awareness and promoting a culture of cybersecurity among the maritime community; and testing and evaluating the knowledge and skills of the personnel on cybersecurity.
- Collaboration with cybersecurity experts and service providers: Engaging with external experts and service providers who can offer specialized knowledge, skills, tools, or solutions for maritime cybersecurity; establishing clear communication channels and information-sharing mechanisms with them; and ensuring that they comply with the relevant regulations and standards for cybersecurity.
- Integration of cybersecurity technologies and tools for enhanced protection: Adopting and applying advanced technologies and tools that can improve the security posture of the IT and OT systems onboard and ashore, such as encryption, firewalls, antivirus software, intrusion detection systems, etc.; monitoring and auditing the performance and effectiveness of these technologies and tools; and updating or upgrading them as needed to keep pace with the evolving cyber threats.
- Incident response and recovery planning: This means preparing and maintaining an incident response plan that defines the actions to be taken in case of a cyber incident; establishing an incident response team that can coordinate and execute the incident response plan; reporting and escalating the incident to the relevant authorities or parties; containing, analyzing, eradicating, and restoring the affected systems or data; learning from the incident and implementing corrective or preventive actions.
Some other best practices for implementing effective maritime cybersecurity are:
- Aligning the cybersecurity objectives with the business objectives
- Adopting a holistic and integrated approach to cybersecurity
- Applying international standards and Frameworks for cybersecurity
- Benchmarking against industry peers or best practices
- Reviewing and updating the cybersecurity plans and strategies regularly
Implementing Effective Maritime Cybersecurity
Adopting a risk-based approach that follows the principles of identifying, protecting, detecting, responding, and recovering is essential to implement effective maritime cybersecurity. This involves:
- Conducting a thorough risk assessment for maritime operations: This means identifying and analyzing the cyber threats and vulnerabilities that affect the IT and OT systems onboard and ashore; assessing the likelihood and impact of cyber incidents on the safety, security, and efficiency of maritime operations; and prioritizing the risks according to their severity and urgency.
- Developing and implementing cybersecurity plans and strategies: This means establishing and documenting the policies, procedures, standards, and guidelines for managing cyber risks; defining the roles and responsibilities of the stakeholders involved in cybersecurity; allocating the resources and budget for cybersecurity; and implementing the appropriate cybersecurity measures and controls to prevent, mitigate, or reduce cyber risks.
- Importance of training and awareness among maritime personnel: This means providing regular and relevant training and education programs for the crew members, shore staff, and other stakeholders on cybersecurity best practices, such as using strong passwords, avoiding phishing emails, updating software patches, etc.; raising awareness and promoting a culture of cybersecurity among the maritime community; and testing and evaluating the knowledge and skills of the personnel on cybersecurity.
- Collaboration with cybersecurity experts and service providers: Engaging with external experts and service providers who can offer specialized knowledge, skills, tools, or solutions for maritime cybersecurity; establishing clear communication channels and information-sharing mechanisms with them; and ensuring that they comply with the relevant regulations and standards for cybersecurity.
- Integration of cybersecurity technologies and tools for enhanced protection: Adopting and applying advanced technologies and tools that can improve the security posture of the IT and OT systems onboard and ashore, such as encryption, firewalls, antivirus software, intrusion detection systems, etc.; monitoring and auditing the performance and effectiveness of these technologies and tools; and updating or upgrading them as needed to keep pace with the evolving cyber threats.
- Incident response and recovery planning: This means preparing and maintaining an incident response plan that defines the actions to be taken in case of a cyber incident; establishing an incident response team that can coordinate and execute the incident response plan; reporting and escalating the incident to the relevant authorities or parties; containing, analyzing, eradicating, and restoring the affected systems or data; learning from the incident and implementing corrective or preventive actions.
Some other best practices for implementing effective maritime cybersecurity are:
- Aligning the cybersecurity objectives with the business objectives
- Adopting a holistic and integrated approach to cybersecurity
- Applying international standards and Frameworks for cybersecurity
- Benchmarking against industry peers or best practices
- Reviewing and updating the cybersecurity plans and strategies regularly
Cybersecurity Regulatory Framework and Guidelines in the Maritime Industry
The maritime industry is subject to various regulations and guidelines that aim to ensure maritime operations’ safety, security, and efficiency and protect the environment and the stakeholders’ interests. Among these, some are specifically related to maritime cybersecurity compliance.
The International Maritime Organization (IMO) has issued several regulations and guidelines on maritime cyber risk management, such as the Resolution MSC.428(98), MSC-FAL.1/Circ.3, and MSC.1/Circ.1601. These guidelines provide high-level maritime cyber risk management recommendations to safeguard shipping from current and emerging cyber threats and vulnerabilities and encourage administrations to ensure that cyber risks are appropriately addressed in existing safety management systems.
Bimco is the world’s largest international shipping association, representing shipowners, operators, managers, brokers, and agents. Like the IMO, Bimco has issued several guidelines and standards on maritime cybersecurity, such as The Guidelines on Cyber Security Onboard Ships—which provide practical recommendations on protecting ships from cyber incidents, both pre-emptively and reactively; the Cyber Security Workbook for OnBoard Ship Use, which provides a step-by-step guide for identifying cyber risks and implementing relevant measures onboard, and the Ship Cyber Security Clause for Time Charter Parties 2019 which addresses the respective obligations and liabilities of owners and charterers for cyber security issues under a time charter.
Cybersecurity Regulatory Framework and Guidelines in the Maritime Industry
The maritime industry is subject to various regulations and guidelines that aim to ensure maritime operations’ safety, security, and efficiency and protect the environment and the stakeholders’ interests. Among these, some are specifically related to maritime cybersecurity compliance.
The International Maritime Organization (IMO) has issued several regulations and guidelines on maritime cyber risk management, such as the Resolution MSC.428(98), MSC-FAL.1/Circ.3, and MSC.1/Circ.1601. These guidelines provide high-level maritime cyber risk management recommendations to safeguard shipping from current and emerging cyber threats and vulnerabilities and encourage administrations to ensure that cyber risks are appropriately addressed in existing safety management systems.
Bimco is the world’s largest international shipping association, representing shipowners, operators, managers, brokers, and agents. Like the IMO, Bimco has issued several guidelines and standards on maritime cybersecurity, such as The Guidelines on Cyber Security Onboard Ships—which provide practical recommendations on protecting ships from cyber incidents, both pre-emptively and reactively; the Cyber Security Workbook for OnBoard Ship Use, which provides a step-by-step guide for identifying cyber risks and implementing relevant measures onboard, and the Ship Cyber Security Clause for Time Charter Parties 2019 which addresses the respective obligations and liabilities of owners and charterers for cyber security issues under a time charter.
Other cybersecurity frameworks and guidelines in the maritime industry include the Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) and the Guidelines for Addressing Cyber Risks at MTSA Regulated Vessels from the US Coast Guard (USCG).
The Future of Maritime Cybersecurity
- Emerging trends and challenges in maritime cybersecurity: These include the increasing use of autonomous vessels, artificial intelligence, cloud computing, big data analytics, internet of things, and blockchain in the maritime industry; the growing sophistication and diversity of cyber threats and actors; the rising complexity and interdependency of IT and OT systems onboard and ashore; the expanding regulatory and legal landscape for cybersecurity; and the changing expectations and demands of the customers and stakeholders for cybersecurity.
- Evolving regulations and guidelines in response to cyber threats: These include the development and implementation of new or revised regulations and guidelines by international, regional, or national authorities or organizations to address the cyber risks and challenges in the maritime industry; the harmonization and alignment of these regulations and guidelines across different jurisdictions and sectors; the enforcement and compliance of these regulations and guidelines by the maritime industry; and the evaluation and feedback of these regulations and guidelines for continuous improvement.
- Collaboration and information-sharing within the industry: It is imperative to establish and maintain effective communication channels and information-sharing mechanisms among the various stakeholders involved in maritime cybersecurity, such as shipowners, operators, managers, crew members, shore staff, regulators, authorities, service providers, experts, researchers, etc.; the development and promotion of common standards or frameworks for cybersecurity; the creation and participation in networks or platforms for cybersecurity cooperation or coordination; and the building and strengthening of trust and mutual understanding among the stakeholders.
The Future of Maritime Cybersecurity
Maritime cybersecurity is a dynamic and evolving field that faces various trends and challenges in the future. Some of these are:
- Emerging trends and challenges in maritime cybersecurity: These include the increasing use of autonomous vessels, artificial intelligence, cloud computing, big data analytics, internet of things, and blockchain in the maritime industry; the growing sophistication and diversity of cyber threats and actors; the rising complexity and interdependency of IT and OT systems onboard and ashore; the expanding regulatory and legal landscape for cybersecurity; and the changing expectations and demands of the customers and stakeholders for cybersecurity.
- Evolving regulations and guidelines in response to cyber threats: These include the development and implementation of new or revised regulations and guidelines by international, regional, or national authorities or organizations to address the cyber risks and challenges in the maritime industry; the harmonization and alignment of these regulations and guidelines across different jurisdictions and sectors; the enforcement and compliance of these regulations and guidelines by the maritime industry; and the evaluation and feedback of these regulations and guidelines for continuous improvement.
- Collaboration and information-sharing within the industry: It is imperative to establish and maintain effective communication channels and information-sharing mechanisms among the various stakeholders involved in maritime cybersecurity, such as shipowners, operators, managers, crew members, shore staff, regulators, authorities, service providers, experts, researchers, etc.; the development and promotion of common standards or frameworks for cybersecurity; the creation and participation in networks or platforms for cybersecurity cooperation or coordination; and the building and strengthening of trust and mutual understanding among the stakeholders.