From the Editor: Maritime Cyberattacks

Although large amounts of news and information have been circulating recently pertaining to the invasion of Ukraine by Russia, there’s one nugget of information that’s flown under the radar so far: potential retaliation against the U.S. maritime transportation sector.

The remarks didn’t receive much media attention, but national Cybersecurity and Infrastructure Security Agency Director Jen Easterly recently said that America’s maritime transportation sector could be an infrastructure soft spot that Russia may try to disrupt via cyberattack.

“Given the vital role of the industry, the importance of securing systems and functions that make up the maritime transportation sector cannot be overstated,” Easterly said in March during “Hack the Port,” a maritime and control systems cybersecurity conference that took place in Florida.

“That said,” she continued, “protecting the industry from cyber threats is really becoming increasingly complex, as connected and often unsecure control systems make maritime organizations a prime target for malicious actors. We expect these types of threat tactics to actually become increasingly prevalent.”

Her remarks were made around the same time that the Biden Administration announced that Russia could be planning a cyberattack against the U.S. in response to sanctions that America has implemented in the wake of the invasion of Ukraine.

Such an attack wouldn’t be unprecedented, as multiple maritime transport companies have been hit by cyberattacks by foreign powers over the past few years. One of the most notorious them was 2017’s NotPetya trojan horse malware attack, which cybersecurity experts blamed on the Russian government.

NotPetya, which spread by tricking computer users within various businesses into downloading and installing malicious software, affected a number of maritime firms, including Maersk Line. Cyberattacks have also impacted terminals at major U.S. ports in recent years, including a 2018 ransomware attack on the China Ocean Shipping Co. terminal at the Port of Long Beach and a June 2017 cyberattack that led to Danish shipper AP-Moller Maersk shutting down its Port of Los Angeles terminal for three days.

That ransomware attack that temporarily crippled Maersk’s operations globally and cost it an estimated $100 million per day in lost productivity.

At “Hack the Port,” Easterly noted that in 2020 alone there were 500 major incidents targeting sensitive operational technology.

Her words serve as a sobering reminder that all within the maritime sector should ensure that they install the latest software security updates on their devices, lest those devices potentially be used against them and/or companies they do business with.

Managing Editor Mark Nero can be reached at

By Mark Edward Nero