Cargo port in Hong Kong at night showing maritime cyber attacks

Maritime Cyber Attacks Are Among the Greatest Unknown Threats to the Global Economy

Chances are, you haven’t thought much about the maritime industry recently. Everyone has a passing awareness that a lot of the goods they use are shipped from around the world, but you really don’t often see the full scope of the maritime industry firsthand.

The fact is, if the maritime industry suddenly disappeared without a trace, the economic, social, and political impacts would be devastating. Billions of tons of vital products like food, medicine and oil are shipped around the world every year, and if these goods stopped flowing, billions of people would suffer the consequences. We saw a taste of this devastation early this year, when a ship lodged itself in the Suez Canal, blocking other ships from getting through. The incident cost the world nearly $10 billion in trade each day it was stuck.

This is only a fraction of the damage that could be caused by cyber attacks in the maritime industry.

There are various vectors for hackers to attack which could result in taking full control over a vessel or fleet, creating damage to critical systems on board or it could just be ransomware or a malicious virus attempting to take control. In one of the cases, we have seen that hackers took control of the pipeline and essentially held it hostage until they were transferred a certain amount of money they requested. In the end, faced with no other option, the pipeline company paid $4.4 million in ransom to the foreign hackers, according to the Colonial Pipeline CEO.

The hackers then reopened the pipeline, but the damage had already been done. The Colonial pipeline transferred huge amounts of oil across the country, and the shutdown caused massive shortages and panic buying. Gas prices went up across the country as a result of just a few hackers managing to exploit a vulnerability in the pipeline’s system. It’s easy to see from this one incident, how cyber attacks can affect much more than your personal computer.

Now, it is evident that the greatest cyber threat lies in the maritime industry. The COVID-19 pandemic sped up the already occurring digitization of the world, as a result of guidelines that required people to work from home over the internet. As such, the maritime industry also had to rely more heavily on the internet than ever before. You may not think of vessels and fleets as deeply connected with technology, but vessels are constantly connected to the internet.

Here’s where the real problem lies: some of the systems and computers on these vessels often use incredibly complicated and old systems.  This makes it much harder to protect them from cyber attacks. The systems that these ships use are so complexly intertwined that there are many blind spots that are virtually unknowable.

Since the maritime industry is shifting into the digital age, and since the pandemic has forced it to rely even more heavily on the internet, there have verifiably been more cyber attacks on vessels recently. In only the first few months of the pandemic alone, attempted cyber attacks on maritime vessels shot up by 400%. This dramatic increase has truly sent a shockwave through the maritime community. The industry is one of the oldest industries in the world, and so it was surprising to some, how much they could be affected by just a few hackers.

Imagine if a hacker took control of a ship that was carrying something truly vital, like COVID vaccines. At this point, the internet is so deeply integrated with maritime systems, it would be impossible to switch to a manual system, so hackers would have full control.The hacker could shut down the ship for as long they wanted to, and as in the case of the Colonial pipeline, there is nothing the owner of the vessel could do but give them whatever it is they were asking for.  Significant delays could cause millions, even billion dollars in economic damage, and have even more social and political effects.

Imagine if a hacker with malevolent intent took control of an oil tanker, containing millions of gallons of flammable liquid, and decided to do something terrible with it? We’ve seen oil spills before, but LNG tankers are so dangerous that even a small amount of damage could cause an explosion on the scale of a nuclear bomb. So what can we do?

The first thing is being aware of the potential for destruction and the likelihood in which these types of events may occur.

The second thing is taking action and conducting assessments and cross checks to make sure the vessel and fleet are not exposed to cyber threats. The maritime industry now has to become more proactive in order to make sure its operation is not interrupted in any way and that no hacker is taking advantage of its shipping lines.

It is a bliss that countries are taking these seriously now, like the new executive order from President Biden aimed at preventing and protecting against these cyber threats. The directive requires pipeline companies to report any cyber incidents to federal authorities, which will hopefully further educate the people in power as to the massive scale of this threat.

We can also research and invest in greater cybersecurity measures, specifically made for the maritime industry. There are already some cybersecurity products that have been adapted to work on vessels, but the types of systems used in the maritime industry are they merit their own solution. There have been some comprehensive solutions to crop up recently, like Cydome, but quality cyber security systems are few and far between.

Ship systems often use incredibly complicated and old systems that are so complexly intertwined that there are many blind spots that are virtually unknowable which makes it much harder to protect them from #cyberattacks. #cybersecurity #respectdataClick to Tweet

The most frightening thing in the world is the unknown, and the scale on which cyber attacks could affect the world is still very much unknown. All we know is that there is a significant danger that has yet to be addressed, and we should address this problem sooner rather than later.