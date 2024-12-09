Awareness of cyber risk and investment in cybersecurity have grown rapidly.

THE RATE OF ATTACKS IS INCREASING RAPIDLY

Cyber criminals have the maritime industry in their sights. DNV’s new survey of industry professionals finds that one in three (31%) experienced at least one infiltration by attackers in the 12 months leading up to October 2024. In our 2023 study, just 17% had had a serious breach over the course of five whole years.

The real number could be even higher. “An average shipping company will experience somewhere between 65 and 80 incidents a year,” says Daniel Ng, CEO of cyber analytics business CyberOwl, a DNV company,

a global expert in cyber risk monitoring and threat management onboard maritime vessels. “But if you ask them how many incidents they have had, they might tell you that it was none. That’s because the immediate outcome was a malfunctioning computer that they replaced without understanding the root cause, and that means the underlying issue is still in their system and still causing problems.”

According to the Netherlands’ NHL Stenden University of Applied Sciences, the industry in 2023 experienced 64 cyber events on a scale to create media-worthy disruption. A decade earlier, there were just three such events; none at all were registered in 2003.1 Across the industry, problems are mounting up, including a string of attacks on European ports in 2023 by hackers associated with Russia.2

Against this backdrop, our survey of almost 500 mari- time professionals confirms that the maritime industry needs to strengthen its commitment to cyber resilience. This means embracing security by design – engaging cyber professionals throughout the development and procurement of new software, technology, technology components and infrastructure. Doing so is more important than ever. With 61% of industry professionals accepting a rise in cyber risk as the price of innovation, the industry needs to manage cyber risk to experiment, gain competitive advantage, and take a lead in ensuring the resilience of businesses and societies.

LEADERS SEE CYBER AS THEIR BIGGEST RISK

The cyber threat is causing concern at the highest levels of the maritime industry. Seven in 10 professionals (71%) say that their leaders consider cybersecurity to be the greatest risk their organization faces. The proportion is higher among cyber professionals (80%) than it is among senior leaders themselves (70%), but the trend is clear and reflects broad industry concerns: 80% of all executives say their business has started taking cybersecurity more seriously in the wake of rising geopolitical tensions in the last year.

The prospect of an attack on the organization’s IT domain is their top concern – probably because many of the highest-profile incidents to hit vessel operators and ports, such as NotPetya, have targeted these systems.3 But the security of operational technology (OT), which are the industrial control systems that govern many types of physical assets, is also growing in importance. In our survey, 71% believe their organi- zation is more vulnerable to cyber attacks on its OT today than at any other time in its history.

As ship-to-shore connectivity has advanced, so too has the use of internet of things (IoT) devices that connect physical assets to both the wider network and remote navigation and safety systems. With at least 42,000 ships worldwide already connected to satellite services,4 companies have to accept that the ‘air gap’ that once protected their vessels and physical infrastructure from attack has now closed.

ACTIVITY IS GROWING IN LINE WITH INVESTMENT

Maritime organizations are acting on their concerns and improving their security. More than six in 10 (61%) maritime professionals say their organization is invest- ing more in OT cybersecurity than they were a year ago, and the proportion increases to 68% when it comes to IT environments. This compares favourably with the situation in our 2023 survey, when just 40% felt they were investing enough in OT security.

But will this be enough? Svante Einarsson, Head of Maritime Cybersecurity at DNV Cyber, says that greater leadership awareness of and support for cybersecurity is just the start. The next step is implementing a workable response, which is far less straightforward – as we discuss later in this report.

“Most leadership discussions in shipping touch on cyber risks, but the question is whether they can form a strategy to resolve and mitigate those risks,” says Einarsson. “That is where more work is needed because cyber often sits within IT, and IT in shipping has tradition- ally been viewed as a back-office function rather than as a strategic enabler. CISOs have an uphill battle to be heard and to make sure cybersecurity is front of mind.”

A MULTIPLICITY OF THREAT ACTORS

The cybersecurity threat is now coming from all sides, and maritime professionals are more concerned about every potential threat actor than they were in 2023.

Externally, geopolitical tensions are motivating state- backed cyber incidents and there has been a rise in opportunistic criminal activity.5 Internally, there is the possibility of human error.

Although well-trained crew members are vital to a vessel’s cyber defence and response, the unintentional threat they create in an industry that relies on USB drives and large crews of international workers is significant. The threat is magnified as these crews work closely with onshore staff and with third parties, such as manufacturers’ service engineers, all of whom can inadvertently introduce viruses or malicious code into operational systems.

Criminal enterprises

There is a notable increase in concern about criminal gangs, which are realizing how profitable ransomware attacks can be – ransomware attackers across all indus- tries collected some USD 1bn in cryptocurrency payments in 2023.6 Eight in 10 (79%) maritime professionals are concerned about this threat, up from 56% in 2023.

‘’Cyber crime is a growing business in many countries. Criminals have realized that they can do this from home and make more money than they could from doing anything else.’’

Matti Suominen, Director of Maritime Cyber Security at Wärtsilä

They don’t necessarily have an interest in shipping specifically. They just understand that there is a huge cost attached to disrupting that activity,” says Matti Suominen, the Director of Maritime Cyber Security at Finnish technology major Wärtsilä.

The scale of the cost – which can run to tens of millions of dollars each day – is one reason why ransomware attacks are becoming more common. Since the NotPetya attack on Maersk in 2017, for example, which caused a total shutdown of the shipping company’s systems and cost it some USD300m,7 there has been a string of similar attacks. An attack on Voyager World- wide, a manufacturer of navigation systems, disabled the company’s systems,8 and several major ports experienced disruptions to their operations – causing delays, misrouted cargo and heightened safety risks– following a ransomware incident in April 2024.

Attackers linked to geopolitical tensions

Geopolitical tensions increase the possibility of nation-state sponsored attacks on high-profile critical infrastructure. The 2023 distributed-denial-of-service attacks on Dutch ports, which aimed to paralyse them, were attributed to pro-Russia hacker groups and were widely interpreted as a backlash against the Nether- lands’ support for Ukraine.

The economic importance of the maritime industry, at a time of conflict and unease, makes the sector vulnera- ble to attacks. Disrupting critical trading routes is seen as a major victory by terrorist organizations, which have already claimed responsibility for a recent rise in kinetic attacks on vessels, including the Iran-backed Houthi attacks on Maersk and CMA CGM in the wake of tensions in the Middle East.

Crew and other accidental threat actors

Alongside human errors such as software misconfigura- tion, crew members and other staff such as service engineers can introduce viruses to onboard systems through USB drives. These drives remain in common use in the maritime industry. In July 2024, USB sticks contain- ing malware were found plugged into computers on vessels in Norway, Greece and the Netherlands.14 Although it is not uncommon for infected USBs to be discovered on ships, this instance is notable because the same malware code was found at different places onboard vessels at different locations over a course of several months.

“Around eight in every 10 incidents are still delivered via the USB sticks that are necessary for vessel opera- tions,” says CyberOwl’s Ng. “One of the worst cases we saw recently involved a port where the same USB stick spread malware linked to espionage on to eight vessels. A threat starts on one ship or terminal and can quickly spread across multiple fleets.”

Better training would help to address this human threat, as would more user-friendly interfaces for cybersecurity-related systems across the industry. “It’s important to recognize that staff will be crucial responders to any attack,” says DNV Cyber’s Einarsson. “This further emphasizes the need for continuous training programs that recognize that portable data devices are useful tools for the industry but also carry risks that need to be managed carefully.”

OPPORTUNITY AND MOMENTUM

The threat to the maritime sector is unlikely to ease off any time soon. More than a third of maritime professionals in our survey (37%) expect to face more cyber attacks in the next 12 months than in the past 12 months, despite the sector’s plans to increase investment in cybersecurity.

Just 11% predict that incidents will become less common.

Businesses are starting to frame cybersecurity as a prerequisite for era-defining innovation, and cyber- security investment is becoming as much about enabling opportunity as it is about managing risk.

