Overcoming cybersecurity challenges in maritime operations

Main video supplied by Suphanat Khumsap/Creatas Video+ / Getty Images Plus via Getty Images

Digitisation and integration of new technologies, both onboard and onshore, have expanded the maritime sector’s attack surface, particularly as legacy systems are retrofitted with new technologies.

Each connection in the supply chain adds further risk, while poorly segmented networks onboard allow threats to spread quickly. This has led the sector to become one of the most targeted critical infrastructures, alongside healthcare, aviation and banking.

The biggest threat right now is fragmentation as marine ecosystems are deeply interconnected, but the legacy systems they rely on are not, notes Alexander Styles, Americas general manager at Dutch software company Vinturas.  
 
“These outdated sharing methods and siloed platforms are often still driven by spreadsheets and email, and can’t be paused to modernise, leaving massive blind spots and entry points for cyberattacks,” he says.

Cyberattacks have become more frequent and sophisticated, evolving from isolated incidents targeting single vessels to coordinated attacks on entire fleets, with the perpetrators not just being cybercriminals looking to make a quick buck but also state-sponsored actors – a trend fuelled by growing geopolitical tensions.

There’s also been a change of focus from data theft to operational disruption, with attacks targeting operational systems like navigation, cargo control and port logistics. The most prevalent cyber threats continue to come in the form of ransomware, phishing and social engineering, while GPS and automatic identification system (AIS) spoofing incidents – the state-sanctioned attack of choice – continue to rise.

“Ransomware or encryption malware attacks are disrupting operations and extorting money by encrypting data of both IT and OT systems. Without proper network segregation, these attacks can spread into multiple systems onboard and onshore,” says Svante Einarsson, head of the Maritime Cyber Security Advisory at DNV Cyber.

“GPS spoofing/jamming and AIS manipulation are affecting navigation safety by falsifying location data. This is particularly the case in military active zones like the Black Sea and Red Sea, but also increasingly in the Baltic Sea.

“Phishing and credential theft are used to exploit staff access and gain entry into networks,” Einarsson continues, adding that supply chain risk is growing, not just from unpatched third-party systems, but from the complexity of managing sub-components and software.

Incidents like the Port of San Diego ransomware attack demonstrate how vital secure connectivity is to maritime operations. They also show that the sector can suffer serious disruption not only from direct cyberattacks, but also from broader threats not specifically targeting it – such as the global impact of the NotPetya attack.

One key lesson is that cybersecurity cannot be an afterthought; it must be integrated into the networks that connect ships, ports and supply chains notes Sinem Okman, product manager, Inmarsat Maritime.

“NotPetya, for example, was able to successfully attack maritime targets via out-of-date operating systems. Investing in resilient, secure-by-design connectivity platforms helps ensure that even if one part of the system is compromised, the overall operation can continue safety and efficiently.” 
 
These events also reinforce the need for regular security audits, updated risk management protocols and compliance with international standards like ISO 27002 and the NIST Cybersecurity Framework Okman adds, with Einarsson noting that such approaches are being adopted by larger ports, major shipping companies and OEMs.

Preparedness varies widely across the maritime sector however, with some organisations considered woefully unprepared to detect and respond to cyberattacks. Ports such as Rotterdam and Singapore are leading the way for example, following structured digitalisation roadmaps that have cybersecurity as a core pillar.

Likewise, major operators such as Maersk and MSC have developed in-house capabilities with strong awareness and robust systems in place, says Okman.

“In contrast, smaller ports, shipping companies and shipyards often lack the resources or awareness to go beyond basic regulatory compliance,” says Einarsson.  

“Many are still in the early stages of integrating cybersecurity into OT systems and vessel technologies, and the quality of cyber risk assessments conducted to meet IMO requirements is often limited. Detection and response capabilities remain largely reactive, although an increasing number of vessels are deploying monitoring services to enhance visibility and guide security improvements.”

We’re starting to see the introduction of a number of maritime standards that will provide a level of protection, but it is impossible to protect against every attacker, notes Duncan Duffy, global head of digitalisation at Lloyd’s Register’s Technical Directorate.

“Cyber resilience – the ability to continue operations in the event of an incident – is something the IMO has been emphasising, bringing the focus onto recovery,” he says. 
 
Humans are also hugely important in cybersecurity – both as an attack vector and an organisation’s capability to respond, he continues. “[Therefore], training and operational protocols are key. Basic cyber hygiene like not sharing passwords or leaving screens exposed may seem like common sense, but it still needs to be trained.

And ongoing training is essential adds Dr Gary C Kessler, a researcher, author and consultant specialising in maritime security. “A single, two-hour training session quickly loses its effectiveness and provides limited value over time. Cybersecurity should be treated as a core safety issue, with yearly training supplemented by frequent, targeted follow-up sessions.”

Frontline staff also need to understand their options during an incident, advises Duffy, as sometimes it’s not about dramatic action, but simply knowing how to isolate a system, where the connections are, and how to recover once the threat is contained.

“People are critical to resilience, especially in maritime, where automation isn’t yet widespread and specialist support isn’t always available onboard,” he says.

Several key developments look set to significantly strengthen maritime cyber resilience in the years ahead, including stronger international regulatory enforcement, such as clearer goal-based standards building on the IMO 2021 resolution.

“The International Association of Classification Societies (IACS) only recently introduced common requirements and it’ll take several years to work on applying them, understanding how easy and difficult that is to do and taking action where the particular pain points are,” notes Duffy.

Technical advancements, such as behavioural analytics for anomaly detection across both IT and OT systems will also improve threat detection.

“The introduction of cybersecurity class notations for both newbuilds and existing vessels will also help raise the bar,” Einarsson continues. “Finally, cross-sector collaboration through improved information-sharing among ports, governments, shipping companies, OEMs and shipyards will be essential to strengthening collective resilience.”