The maritime industry continues to be a target for cyberattacks. In 2023, the industry witnessed increased cyberattacks, with ransomware and distributed denial of service (DDoS) attacks being the most predominant.
We hope to raise awareness about these threats, focusing on the incidents that occurred in 2023, while providing some insights into effective defense strategies.
Of note, a useful resource to view a record of global maritime cyberattacks is in the NHL Stenden, University of Applied Sciences Maritime Cyberattack Database at http://tinyurl.com/dejyercr. It’s a free resource that was referred to when preparing this article.
Cyberattacks: Financial and Business Consequences
An October 2023 report from analytics firm CyberOwl (https://bit.ly/47uJj5o) observed that the financial cost of a maritime cyberattack can be extreme, with the average incident costing the target organization $550,000—an increase of 200% from 2022.
Ransom demands have increased by more than 350% over the past 12 months, with the average payment now reaching $3.2 million. The costs can be attributed to ransom payments, system recovery and business interruption.
For example, the NotPetya cyberattack in 2017 resulted in Maersk reporting losses of up to $300 million. The economic impact of these attacks extends beyond immediate monetary loss, to include operational disruptions, compromised safety and security, and possible environmental damage and reputational harm.
In a 2022 speech before the U.S. Congress, Department of Homeland Security Secretary Alejandro Mayorkas stated:
“One of the concerns that we have is the cybersecurity threat to ports. We are increasing the level of technology by which our ports operate and that is why not only Customs and Border Protection have a focus on cybersecurity but so does the United States Coast Guard. I would identify, with respect to our ports, cybersecurity, as a significant threat stream and we are of course very focused on defending against it and strengthening our cybersecurity.” (https://bit.ly/44EbnDc)
Events in 2023 validated Mayorkas’ perspective.
Ransomware Attacks: A Rising Threat
Ransomware attacks have become a significant concern for the maritime industry. These attacks involve malicious software that blocks organizations’ access to vital files and even services until a ransom is paid.
Simply stated, ransomware is a type of malicious software that locks a victim’s data or device and threatens to keep it locked unless the victim pays a ransom. In 2023, several major maritime entities fell victim to such attacks.
In March, Dutch shipping giant Royal Dirkzwager was hit by a ransomware attack. Northern German shipyards experienced a similar attack in April, orchestrated by the BianLian APT group. The Port of Nagoya, Japan, was hit by a ransomware attack by the Lockbit Group in July causing operations to halt for at least two days.
In November, logistics company DP World Australia was disrupted by a cyberattack, affecting the Australian ports of Sydney, Melbourne, Brisbane and Fremantle.
Cybersecurity risks are especially problematic to seaports around the globe since docked vessels regularly interact digitally with shore-based operations and service providers.
This digital exchange includes the transmission of shipping documents via email, uploading documents via online portals or other communications with marine terminals, stevedores and port authorities.
In an article published by cybersecurity news site Dark Reading, one survey verified several ship certificates and about 40 different documents required by international maritime authorities and included in mandated port surveys.
These digital documents can easily be used to transmit ransomware and other malicious code and then be activated via “phishing schemes” as unassuming sailors click on malicious links (https://bit.ly/3NR4NCL).
These attacks highlight the maritime industry’s vulnerability and the increasing sophistication of ransomware threats. The CyberOwl report noted that 14% of maritime professionals admitted to paying ransom demands.
DDoS Attacks: An Evolving Challenge
DDoS attacks, which aim to overwhelm a network with traffic to render it inaccessible, have also been a significant threat. Essentially, DDoS attacks can be viewed as a way of overwhelming the data “pipes,” thus preventing outbound or inbound flow.
One “definition” notes that the goal of a DDoS attack is to force a website, computer, or online service offline (https://bit.ly/3vuKbKg).
In April 2023, the Canadian ports of Montreal, Quebec City and Halifax were attacked by a pro-Russian group using DDoS. In June, an attack took down the North Sea Port website, which operates the European ports of Vlissingen, Terneuzen and Ghent. Pro-Russian hackers also targeted the websites of Rotterdam, Amsterdam, Den Helder and Gronigen ports with DDoS attacks.
The complexity and scale of DDoS attacks are increasing, thus making traditional mitigation methods less effective. Attackers now frequently switch attack channels mid-event or use a combination of different techniques, making them more challenging to defend against.
Here are some maritime-related DDoS statistics cited by Cydome, a security solutions company (https://bit.ly/3S7V3Xg):
- The average cost of a DDoS attack to an organization is $50,000.
- The largest DDoS ever reported involved traffic of 3.47 terabytes per second (tbps).
- In 2021, the average DDoS attack lasted 30 minutes; a year later, that increased to almost 50 hours on average.
- The longest DDoS attack on record lasted two weeks.
- Ransom-DDOS is when attackers demand a ransom to stop the DDoS attack. One study found that 25% of DDoS attacks include a ransom.
Environmental Risks
The environmental impacts of a cyberattack on a maritime company or seaport can be significant and extensive. Cyberattacks can lead to loss of control of critical equipment and warning systems, potentially resulting in waste discharges and increased air emissions.
These events can cause fires and other forms of environmental damage, including pollution events.
For instance, modern ships carry multiple “Internet of Things” (IoT) sensors to optimize engine performance, reduce fuel consumption, control emissions and monitor oil spills. Weak cybersecurity measures can compromise the security of these devices, leading to failure of control systems, leading to significant environmental risks and even severe ocean life damage.
The environmental impacts of a cyberattack on a maritime company or seaport extend beyond financial losses. They can lead to significant environmental damage, disrupting critical operations and tarnishing the organization’s reputation.
Therefore, it is crucial for maritime companies to implement robust cybersecurity measures to mitigate these risks and safeguard their operations, reputation and the environment.
Defense Strategies
To combat these threats, maritime entities must prioritize cybersecurity and adopt proactive measures. Making key leaders and managers responsible for cyber security is a good first step.
For ransomware defense, consistently and effectively backing up data to an external hard drive or cloud server is a crucial risk mitigation strategy. In the event of a ransomware attack, the victim can wipe the computer clean and reinstall the backup files.
Network segmentation also can limit the spread of ransomware throughout a network. Implementing strong antivirus software and firewalls and educating staff about basic cybersecurity practices, such as caution with email attachments and web links, can further enhance defense against ransomware.
For DDoS defense, organizations should invest in DDoS protection and mitigation services. These services can help assess, identify and reduce exposure to threats. They also can assist in developing response plans and establishing data protection and recovery strategies.
Conclusion
The maritime industry’s increasing digitalization has made it a prime target for cyber threats. As one observer noted, today’s ships and seaports are more like computers. The 2023 incidents underscore the urgent need for robust cybersecurity measures. By understanding the nature of these threats and implementing effective defense strategies, the maritime industry can enhance its resilience against cyberattacks and minimize potential impacts.
The industry must remain vigilant and proactive in its approach to cybersecurity. As the threat landscape continues to evolve, so must the industry’s defenses. By doing so, it can ensure the security and continuity of its operations, safeguarding the global supply chain upon which so much of the world depends.
About the Author: Ernie Hayden’s background includes management and technical roles focused on cyber and physical security since the 9/11 attacks. He was previously a U.S. Navy Nuclear and Surface Warfare Officer and has published a book entitled “Critical Infrastructure Risk Assessment – The Definitive Threat Identification and Threat Reduction Handbook,” which was named the 2021 ASIS Security Book of the Year. Please send your questions or suggested article ideas to ernie@erniehayden.com.