Mir Munes Ifty
- Introduction
Historically, pirates have attacked ships with swords and other weapons; while such physical attacks still occur today, the attacks have expanded into the digital domain where computers are used instead of weapons. In the contemporary digital world, attackers can hack a ship’s navigation system, access sensitive information without authorization, alter cargo routes or even completely disrupt port operations by exploiting vulnerabilities in digital navigation and port management systems, often from thousands of miles away. It is not only a single ship or a single company that is under threat from these attacks; a cyber-attack can disrupt the entire global maritime trade chain. It may cause a ship to lose its navigational bearings and deviate from its intended route due to hacked navigation systems, shut down port operation via ransomware or can delay the shipment across industries. This indicates that maritime security concerns extend not only to the safety of the vessel itself but also to the security of computer networks that ships and ports depend on.
The modern shipping industry is highly digitalized as they use advanced digital technology to enhance their efficiency. The Maritime Autonomous Surface Ships (MASS) and the development of advanced automation are transforming operations from human-centered control into complex, networked environments, which require advanced protective approaches. However, this interdependence of systems has also increased cyber threats that need to be addressed immediately. Maritime cybersecurity is also vital to the stability of the global economy as it supports approximately 80% of global trade. Cybersecurity has therefore emerged as a major concern and essential consideration within modern ocean governance and maritime policy discussions.
This article argues that cybersecurity has become a critical and inseparable dimension of modern ocean governance due to the growing digitalization of maritime operations and the increasing convergence of information technology (IT) and operational technology (OT) systems. The first part of the article examines why, how, and to what extent the maritime sector has become vulnerable to cyber–attacks, using real-world incidents to illustrate these risks. The second part discusses technological and policy-based approaches to addressing maritime cyber threats and strengthen the protection of maritime domains.
- Cyber Vulnerability of the Maritime Industry
The sea is the most important route for carrying goods from one part of the world to another. About 80% of all global trade relies on maritime transport. To make shipping faster and cheaper, modern ships use digital technologies. This is a great improvement, but it also creates huge cyber risks.
The initial weakness is the interconnectedness of two systems, namely information technology (IT) and operational technology (OT). IT performs office related functions such as emails and data management, and remote access tools and operational technology (OT), such as engines and navigation, are now interconnected through shared networks, remote access tools, and IoT interfaces. If a pirate sends a harmful email to the office computer (IT), that digital danger can jump over to the engine control system (OT) due to their connectedness. Because of this, as technology has advanced rapidly, the ‘cyber risks associated with modern systems have increased’ a lot. This occurs primarily through shared networks, remote maintenance access, and unsecured interfaces that allow malware to move laterally from office systems to shipboard control systems.
If an attack succeeds, it can cause huge financial losses or even result in environmental disasters through accidents or damage. The problem is getting increasingly severe every day. Reports show that digital attacks on the shipping industry have gone up by 400 percent since February 2020, coinciding with increased remote work during the COVID-19 pandemic. These attacks cost a lot of money. When a company is affected by a cyberattack, the average cost is about US$550,000, including recovery efforts, operational downtime, and legal fees. The ransom money these digital pirates demand can be as high as US$3.2 million. Experts agree that to fight this growing threat, the whole shipping business must quickly raise the bar for safety or face financial losses, environmental disaster and threats to human life.
In 2017, a large-scale cyber–attack targeted one of the largest shipping companies in the world, Maersk, by installing malware that rapidly disseminated by unsegmented networks encrypting files and shutting down over 45,000 PCs and 1,200 servers halting operations of 600 offices in 130 countries and costing the company an estimated 300 million dollars in earnings and recovery efforts in the aftermath of the cyber–attack. In 2018, COSCO Shipping Lines was the victim of a cyber–attack that experienced its email and online systems down in the United States, which led to the employees having to use manual work for almost a week.
Cyber manipulation has also been used to perpetrate organized crimes, exemplified by the 2018 Port of San Diego ransomware attack and the Port of Antwerp incident. These demonstrate that the issue of maritime cyber threats is expanding. Since global trade is interconnected, any cyber incident in a single port/vessel can have a ripple effect on the whole chain, jeopardizing the safety of the global economy.
- Technological Approach to Maritime Cybersecurity
Securing modern maritime operations needs a comprehensive plan encompassing technology, policy, and human training. In all organizations, an effective system of cyber risk management should be implemented in accordance with the standards, including ISO/IEC 27001 and the NIST Cybersecurity Framework, which deals with identification, protection, detection and recovery of cyber risks. This starts with regular risk assessments to find and understand system weaknesses.
One of the most effective ways to protect systems is network segmentation, which means separating the IT network from the critical operational technology (OT) network so that attackers cannot move easily between them. Another key step is using advanced threat detection tools powered by Artificial Intelligence (AI) and Machine Learning (ML). These technologies can study huge amount of data, detect unusual activities, predict possible attacks, and identify strange patterns in OT sensor data in real time.
Organizations must also perform regular penetration testing to discover weak points and apply software updates and patches on time to close known security gaps. Latest innovations like blockchain technology can further help by making data exchanges and supply chain transactions more secure. All those initiatives need strong cooperation across the entire supply chain, including equipment suppliers, service providers and maintenance teams, to prevent security problems from spreading through connected systems.
- Regulatory Approach to Maritime Cybersecurity
The rules and regulations governing maritime cybersecurity are being developed by international organizations to enhance maritime cyber resilience. Maritime cybersecurity is largely regulated by the International Maritime Organization (IMO), with additional regulatory support and technical standards provided by the International Association of Classification Societies (IACS).
Adopted in 2017, Resolution MSC.428(98) suggests that cyber risk management is supposed to be considered in the existing Safety Management Systems (SMS), in accordance with the International Safety Management (ISM) Code. It asks administrations to make sure that cyber risks are addressed in SMS no later than in the first annual examination of the Document of Compliance (DOC) of the company after 1 January 2021.
The IMO Guidelines on Maritime Cyber Risk Management offer a set of high-level recommendations and best practices in the process of identifying, assessing, protecting against, detecting, responding to, and recovering from cyber risks. They focus on the incorporation of cyber risk management into current procedures and should be used on a wide scale and with vessels of different complexities.
Further strengthening the framework, the International Association of Classification Societies (IACS) is implementing new Unified Requirements (URs) E26 and E27, which compel ship owners, yards and suppliers to build cyber security barriers into new vessels and will require verification by classification societies. IACS Unified Requirements (URs) E26 and E27 become mandatory on new ships contracted to be built on or after 1 July 2024. UR E26 applies to the ship itself, and it needs to be integrated securely with IT and OT systems, equipment inventory, network segmentation/protection, threat detection, response ability, and post-incident restoration. UR E27 concentrates on individual systems and equipment supplied, requiring the built-in security functions (e.g. access controls, hardening) to be verified by the type of approval of classification societies.
These standards go hand in hand: The IMO resolution and guidelines have rendered cyber risk management as a compulsory measure of SMS in existing vessels as of 2021, and the IACS URs have added requirements to assess cyber-resilience design and equipment in new vessels. They both strengthen a multi-layered and risk-based approach to maritime cyber resilience.
- Conclusion
Maritime cybersecurity is not solely a technical issue; it has become a critical component of global economic security and maritime governance. With the sector turning digital, the convergence between IT and OT systems also comes with a set of vulnerabilities that cannot be overlooked. The future of maritime cybersecurity will be determined by how the industry will be able to combine the latest technology with strong governance. AI and machine learning will play a significant role in this fight, where they will detect threats in real-time and respond quickly to both IT and OT systems.
Besides technology, human capacity building is also necessary because human error has been used in most of the cyber breaches. The most important measure is to train both crew and shore-based personnel to enhance cybersecurity awareness across the maritime industry. It is only a concerted international effort through exchange of information and cooperation between shipping firms, governments and maritime bodies that can ensure the security of the sector.
Mir Munes Ifty is pursuing BSc in Nautical Science at Bangladesh Marine Fisheries Academy.
