Maritime

The explosion in the trade of goods by sea, the increase in carrier capacity, and industrial digitization have increased the complexity of the maritime industry environment. Operational needs for competitiveness have pushed ships and ports towards automation of systems and integration of IT with OT. Yet, by connecting these two models, the maritime industry has expanded the surface, while neglecting cybersecurity investments.

The COVID 19 pandemic by inducing travel restrictions forced original equipment manufacturers (OEMs) to connect standalone systems to the internet, making them vulnerable. These OEMs have also asked port personnel to establish brief connections between the terrestrial network and their OT system in order to perform security updates. These connections, by creating entry points, expose already permeable OT systems.

The first half of the year 2020, marked by the COVID-19 pandemic, has exponentially increased the cyber risk on maritime transport. In fact, over this period, attempted attacks increased by 400%. Over the three years prior to the pandemic, cyberattacks targeting ships and port systems had surged by nearly 900 percent. In 2021, the Port of Houston was the victim of a cyberattack, carried out by advanced threat actors, creating a sense of security urgency among shipping stakeholders.

The blocking of the Suez Canal by the Ever Given cargo ship symbolizes the potential damage of a cyber attack on a ship’s navigation system, resulting in the daily loss of $10 billion in trade. While an intrusion on the IT system can result in financial losses as well as reputational damage, the compromise of the OT system can have consequences on the physical safety of a ship and its crew. By taking control of a ship containing sensitive products (vaccines, liquid energy supply), an attacker has a major destructive potential that may appeal to certain malicious actors.