Protecting maritime data: the next frontier for cybersecurity in shipping

The shift towards the digitalisation of shipping operations is changing the maritime industry’s risk landscape. While technologies – such as blockchain-based shipping documents, e-navigation, and Internet of Things-enabled sensors – improve efficiency and transparency, they also introduce new vulnerabilities and widen the industry’s attack surface. 

As shipping undergoes this rapid digitalisation, protecting maritime data has become a top priority. From cargo manifests and navigation records to electronic bunker notes, vast amounts of sensitive data are now stored and transmitted digitally, making them prime targets for cybercriminals. 

Like many other industries, shipping faces both indiscriminate and targeted cyberattacks, including ransomware, competitive intelligence gathering and social engineering. However, the technology it uses is far less common and concentrated into smaller logistical areas than many other potential targets. This, according to Campbell Murray, CEO of the International Maritime Cyber Security Organisation (IMCSO), can make the threat surface attractive and unique for rogue agents. 

Beyond securing IT and operational systems, maritime cybersecurity must prioritise data integrity. Compromised cargo manifests, tampered electronic logs, or falsified Automatic identification system (AIS) data can disrupt entire supply chains and lead to financial or reputational losses. Cybercriminals are increasingly targeting data at rest and in transit, leveraging ransomware and phishing attacks to gain access to sensitive operational records. 

Over recent years there have been many cyberattacks that have hit the industry. The Port of Antwerp made headlines due to organised criminal gangs infiltrating the port’s IT system to manipulate container data, allowing them to smuggle illegal drugs unnoticed between 2011-2013. 

The Maersk NotPetya ransomware attack in 2017 was another wake-up call for the industry, as this caused an estimated $300m in losses and brought shipping operations to a standstill at 76 port terminals worldwide. 

With digitalisation impacting a wide number of shipping systems, there’s a lot of data to secure. Cargo manifest systems are of particular concern, as they hold information considered the highest value to criminal organisations looking to gain access to physical goods or disrupt operations. 

Aside from securing data, engine and propulsion control systems should also be securely protected. This is because a cyberattack on these systems could render a vessel inoperable or endanger its crew, according to Greig Ferguson, senior lead consultant at IT security firm Bridewell.  

He adds that communication networks, including satellite and IT systems, are also high value targets and navigation technologies such as Electronic Chart Display and Information System (ECDIS), GPS, and AIS have also become increasingly vulnerable to cyber threats. 

“Cyber interference of these systems has the opportunity to misdirect vessels, cause collisions, or compromise situational awareness. As vessels become more connected, securing all of these systems is essential to preventing severe financial, operational, and safety consequences,” says Ferguson.

While the maritime industry is starting to better secure its infrastructure and data, preparation and countermeasures remain inconsistent. Large shipping conglomerates and port authorities are making strides, yet many smaller operators and older fleets lag behind. 

“Many vessels continue to run legacy IT and operational technology systems that lack built-in security controls, leaving them exposed to even basic cyber threats,” says Julian Brownlow Davies, Global VP of advanced services at crowdsourced cybersecurity platform Bugcrowd. “Cyber hygiene among crew members is another challenge. Without proper training, phishing and social engineering attacks remain a persistent risk.” 

To help improve the industry’s cybersecurity, the IMO introduced its Maritime Cyber Risk Management directive. But while compliance is improving, enforcement varies – with many organisations “still treating cybersecurity as an afterthought”, rather than a fundamental part of operational risk management, according to Davies.

Cybersecurity isn’t just about compliance though, it’s also about resilience –  and the maritime industry must shift from reacting to attacks to proactively preventing them. On a positive note, we’re seeing collaboration among stakeholders continue to advance, including private-public partnerships between governments, shipping firms, and cybersecurity experts, such as the Cyber-SHIP Lab at the University of Plymouth. 

“Industry organisations such as BIMCO and ICS collaborate with classification societies, insurers and technology providers to create common standards and threat intelligence,” highlights Colin Robertson, intelligence director at tech firm Roke. “Additionally, certain port authorities and shipping lines engage in maritime information sharing and analysis centres (ISACs) to share real-time information on cyberthreats.” 

At the Port of Rotterdam, work is underway to raise the resiliency of the critical supply chain. 

“Every organisation has its own responsibilities, but what we’re trying to do is also take a look at things from the supply chain point of view,” says Marijn van Schoote, head of the CIO office and CISO at the Port of Rotterdam. “We’re assessing and sharing threat intel and raising awareness.” 

Roughly five years ago the port also began to work with the Netherland’s other seaports including Amsterdam and Antwerp to raise cyber resilience nationally. This has included formalising a national strategy for raising cyber resilience across the country’s ports. 

“We have a collaboration platform for all the seaports, we perform tests, organise training and share knowledge – all manner of things that help us to raise resilience,” adds van Schoote.

Shipping companies are deploying a wide range of technologies and strategies to counter cyber threats and keep their data secure. This includes network segmentation to isolate critical systems from external-facing networks and employing regular patching and vulnerability management to reduce risk vectors. 

The zero-trust principle of never trust, always verify is also gaining a lot of attention within maritime security, with companies implementing strict identity verification for all users and devices accessing networks, such as role-based access controls (RBAC) to ensure only essential personnel can interact with critical systems. 

Then there’s artificial intelligence, which is revolutionising marine cybersecurity through predictive threat intelligence and automated anomaly detection. 

“Machine learning models can analyse navigation patterns, Internet of Things system behaviour and network traffic to identify suspicious activity before it escalates into a full-scale attack,” notes Davies. 

“AI-powered intrusion detection systems (IDS) are already helping ships and port authorities flag unauthorised access attempts, while AI-driven risk assessment tools provide real-time analysis of potential cargo fraud or cyber threats in global supply chains,” he adds.

Over the next decade experts expect to see maritime cybersecurity evolve rapidly. Robertson says that AI-driven security measures will become standard, while Ferguson predicts that the use of quantum-resistant encryption to protect ship-to-shore communication could take place within the next five years. 

Zero-trust frameworks will eventually encompass every sensor, device, and application on board vessels, predicts Robertson, who adds that as cyber threats evolve in complexity, ongoing training for personnel – both at sea and on land – will be vital. 

“Ultimately, those who integrate cybersecurity throughout their operations – human elements, technology and processes – will emerge as leaders in maritime shipping organisations,” he says.