This overlooked cybersecurity risk could create an ocean of trouble for us all

This overlooked cybersecurity risk could create an ocean of trouble for us all

Home Innovation Security
This overlooked cybersecurity risk could create an ocean of trouble for us all
Global supply chains rely on the smooth running of shipping and ports, but maritime cybersecurity is too often a low priority.
Sept. 6, 2022
Image: Getty/Sven Hansche
One of the key components of global trade is also one of the most vulnerable to cybersecurity threats – and if such an attack was successful, it would cause huge disruption with knock-on effects for people around the world. 
According to the United Nations Conference on Trade and Development (UNCTAD), over 80% of the volume of international trade in goods is carried by sea and that percentage is even higher for developing countries. 
The whole industry is reliant on a series of complex, 'just in time' supply chains. if just one element is disrupted, it can have massive repercussions. 
High-tech computer digital technology, global surveillance
","tags":[],"size":438466,"width":1366,"height":768,"author":,"dateUpdated":,"ursId":"25524844979454957457847746312360","roles":[,,],"profiles":,"dateUpdated":,"language":"en","title":"Managing Editor","byline":"Aly is a managing editor at ZDNET based in Winston-Salem, N.C.","bureau":"US","authorBio":"Aly has worn many hats since joining ZDNET in 2014. She is currently a managing editor, leading ZDNET's Advice team, and is based in Winston-Salem, North Carolina.","expertise":null,"awardsAndCredentials":null,"education":"B.A. in English, Creative Writing","authorDisclosure":"Aly does not have financial holdings that would influence how or what she covers.","typeName":"user_user_profile"}],"paging":},"profile":,"dateUpdated":,"language":"en","title":"Managing Editor","byline":"Aly is a managing editor at ZDNET based in Winston-Salem, N.C.","bureau":"US","authorBio":"Aly has worn many hats since joining ZDNET in 2014. She is currently a managing editor, leading ZDNET's Advice team, and is based in Winston-Salem, North Carolina.","expertise":null,"awardsAndCredentials":null,"education":"B.A. in English, Creative Writing","authorDisclosure":"Aly does not have financial holdings that would influence how or what she covers.","typeName":"user_user_profile"},"socialProfileIds":,"suppressProfile":false,"editions":[],"defaultTimezone":"America/New_York","cmsDisplayName":"Alyson Windsor","authorBlogs":[],"language":"en","title":"Managing Editor","byline":"Aly is a managing editor at ZDNET based in Winston-Salem, N.C.","bureau":"US","authorBio":"Aly has worn many hats since joining ZDNET in 2014. She is currently a managing editor, leading ZDNET's Advice team, and is based in Winston-Salem, North Carolina.","expertise":null,"awardsAndCredentials":null,"education":"B.A. in English, Creative Writing","authorDisclosure":"Aly does not have financial holdings that would influence how or what she covers."},"dateCreated":,"dateUpdated":,"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"Getty Images/iStockphoto","alt":"spy-big-brother-digital-surveillance-istock.jpg","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"Surveillance apps are becoming more advanced. Here's what to do if you think you're being tracked.","promoTitle":null,"slug":"how-to-find-and-remove-spyware-from-your-phone","title":"How to find and remove spyware from your phone","topic":]},]}],"descendantCount":0,"type":,"authors":},"editions":},"id":"031e73d9-b911-4809-8ec4-774466c92aec","typeName":"content_topic_edition"},},"id":"2181cc70-f3e2-4021-b6e6-ab8a67ef674b","typeName":"content_topic_edition"},},"id":"24a46875-e41b-4444-a278-ae0ccff93c3b","typeName":"content_topic_edition"},},"id":"7a0c3d44-3af2-4f0a-a596-01547037930d","typeName":"content_topic_edition"},},"id":"d778f4ad-c28d-4080-b073-703d627601a0","typeName":"content_topic_edition"},},"id":"ec62fbfa-4bc1-4a62-8400-3d9bf06d032c","typeName":"content_topic_edition"}],"paging":},"languages":],"paging":},"name":"Cyber Threats","description":null,"slug":"cyber-threats","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"},},"image":,"dateUpdated":,"ursId":"27051783234840286590268119258902","roles":[,],"profiles":,"dateUpdated":,"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer's guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles -- including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content -- for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"}],"paging":},"profile":,"dateUpdated":,"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer's guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles -- including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content -- for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"},"socialProfileIds":,"suppressProfile":false,"editions":[],"defaultTimezone":"America/New_York","cmsDisplayName":"Elyse Betters Picaro","authorBlogs":[],"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer's guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles -- including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content -- for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose."},"dateCreated":,"dateUpdated":,"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"(Image: Unsplash)","alt":"Best VPN service","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"What is the best VPN overall? Our top pick is ExpressVPN because of its performance. We researched and analyzed the top VPN services -- with a focus on the number of servers in the network, level of encryption, ability to unlock streaming services, and compatibility with phones, computers, and TVs.","promoTitle":null,"slug":"best-vpn","title":"The best VPN services: How do the top 5 compare?","topic":]},]}],"descendantCount":0,"type":,"authors":},"editions":},"id":"0c9a94e0-e9e7-4f3b-aef7-035ce925d60f","typeName":"content_topic_edition"},},"id":"2f79772a-d51a-4d75-b4c9-64a8044bdaf6","typeName":"content_topic_edition"},},"id":"a2d884ae-87aa-4157-8a4f-96f2a6ab39c4","typeName":"content_topic_edition"},},"id":"a8227a14-763a-4cd8-a8d3-fdb50ee0edab","typeName":"content_topic_edition"},},"id":"af43c63e-fdc2-46eb-a079-de9d1ec0afa5","typeName":"content_topic_edition"},},"id":"d96dc21f-cf67-4fb3-b017-a21f3aa71489","typeName":"content_topic_edition"}],"paging":},"languages":],"paging":},"name":"VPN","description":null,"slug":"vpn","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"},},"image":,"dateUpdated":,"ursId":"29886494492950911926330498836435","roles":[,,],"profiles":,"dateUpdated":,"language":"en","title":"Editor","byline":null,"bureau":null,"authorBio":null,"expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":null,"typeName":"user_user_profile"}],"paging":},"profile":,"dateUpdated":,"language":"en","title":"Editor","byline":null,"bureau":null,"authorBio":null,"expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":null,"typeName":"user_user_profile"},"socialProfileIds":,"suppressProfile":false,"editions":[],"defaultTimezone":"Europe/London","cmsDisplayName":"Zane Kennedy","authorBlogs":[],"language":"en","title":"Editor","byline":null,"bureau":null,"authorBio":null,"expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":null},"dateCreated":,"dateUpdated":,"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"By Photon photo -- Shutterstock","alt":"data breach","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"Here's a guide highlighting the tools you can use to determine if your account is at risk.","promoTitle":null,"slug":"how-to-find-out-if-you-are-involved-in-a-data-breach-and-what-to-do-next","title":"How to find out if you are involved in a data breach -- and what to do next","topic":]}],"descendantCount":6,"type":,"authors":},"editions":},"id":"02f76cc8-60a7-42e3-b095-85d5fceb201e","typeName":"content_topic_edition"},},"id":"177e0dd2-ef13-4119-a775-e123c25752d7","typeName":"content_topic_edition"},},"id":"26f2f74b-8aea-4cb8-8ad7-98ea6678f72f","typeName":"content_topic_edition"},},"id":"578b5003-5398-44c2-b340-d94262af8075","typeName":"content_topic_edition"},},"id":"8231dda1-08ca-11e4-9732-00505685119a","typeName":"content_topic_edition"},},"id":"f84de0a6-d156-45c9-9500-543e34cc6419","typeName":"content_topic_edition"}],"paging":},"languages":],"paging":},"name":"Security","description":"Software has holes, and hackers will exploit the new vulnerabilities that appear daily. Keep tabs on the latest threats.","slug":"security","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"},},"image":,"dateUpdated":,"ursId":"27051783234840286590268119258902","roles":[,],"profiles":,"dateUpdated":,"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer's guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles -- including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content -- for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"}],"paging":},"profile":,"dateUpdated":,"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer's guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles -- including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content -- for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"},"socialProfileIds":,"suppressProfile":false,"editions":[],"defaultTimezone":"America/New_York","cmsDisplayName":"Elyse Betters Picaro","authorBlogs":[],"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer's guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles -- including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content -- for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose."},"dateCreated":,"dateUpdated":,"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":null,"alt":"Brave","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"What is the best browser for privacy? Brave browser is ZDNet's top choice. We analyzed specs such as cookies stored, privacy settings, and speed of the top browsers below.","promoTitle":null,"slug":"best-browser-for-privacy","title":"The 5 best browsers for privacy: Secure web browsing","topic":]}],"descendantCount":16,"type":,"authors":},"editions":},"id":"3b89b412-4197-4c0e-8efc-adc1ed34c324","typeName":"content_topic_edition"},},"id":"439ffcd3-b1d2-4ba3-bd3e-3a8a3a14b877","typeName":"content_topic_edition"},},"id":"7f8132dc-66e4-4f0c-9926-da32896f9819","typeName":"content_topic_edition"},},"id":"a7006afb-8079-4b3c-b7d9-84ef90a8050e","typeName":"content_topic_edition"},},"id":"e69b578c-37aa-435b-9e42-12a533a9806d","typeName":"content_topic_edition"},},"id":"f7bff5b1-8feb-436c-a042-f7539003e29d","typeName":"content_topic_edition"}],"paging":},"languages":],"paging":},"name":"Services & Software","description":null,"slug":"services-software","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"},},"image":,"dateUpdated":,"ursId":"25524844979454957457847746312360","roles":[,,],"profiles":,"dateUpdated":,"language":"en","title":"Managing Editor","byline":"Aly is a managing editor at ZDNET based in Winston-Salem, N.C.","bureau":"US","authorBio":"Aly has worn many hats since joining ZDNET in 2014. She is currently a managing editor, leading ZDNET's Advice team, and is based in Winston-Salem, North Carolina.","expertise":null,"awardsAndCredentials":null,"education":"B.A. in English, Creative Writing","authorDisclosure":"Aly does not have financial holdings that would influence how or what she covers.","typeName":"user_user_profile"}],"paging":},"profile":,"dateUpdated":,"language":"en","title":"Managing Editor","byline":"Aly is a managing editor at ZDNET based in Winston-Salem, N.C.","bureau":"US","authorBio":"Aly has worn many hats since joining ZDNET in 2014. She is currently a managing editor, leading ZDNET's Advice team, and is based in Winston-Salem, North Carolina.","expertise":null,"awardsAndCredentials":null,"education":"B.A. in English, Creative Writing","authorDisclosure":"Aly does not have financial holdings that would influence how or what she covers.","typeName":"user_user_profile"},"socialProfileIds":,"suppressProfile":false,"editions":[],"defaultTimezone":"America/New_York","cmsDisplayName":"Alyson Windsor","authorBlogs":[],"language":"en","title":"Managing Editor","byline":"Aly is a managing editor at ZDNET based in Winston-Salem, N.C.","bureau":"US","authorBio":"Aly has worn many hats since joining ZDNET in 2014. She is currently a managing editor, leading ZDNET's Advice team, and is based in Winston-Salem, North Carolina.","expertise":null,"awardsAndCredentials":null,"education":"B.A. in English, Creative Writing","authorDisclosure":"Aly does not have financial holdings that would influence how or what she covers."},"dateCreated":,"dateUpdated":,"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"Getty Images/iStockphoto","alt":"istock-incognito.jpg","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.","promoTitle":null,"slug":"how-to-delete-yourself-from-internet-search-results-and-hide-your-identity-online","title":"How to delete yourself from search results and hide your identity online","topic":]}],"descendantCount":6,"type":,"authors":},"editions":},"id":"02f76cc8-60a7-42e3-b095-85d5fceb201e","typeName":"content_topic_edition"},},"id":"177e0dd2-ef13-4119-a775-e123c25752d7","typeName":"content_topic_edition"},},"id":"26f2f74b-8aea-4cb8-8ad7-98ea6678f72f","typeName":"content_topic_edition"},},"id":"578b5003-5398-44c2-b340-d94262af8075","typeName":"content_topic_edition"},},"id":"8231dda1-08ca-11e4-9732-00505685119a","typeName":"content_topic_edition"},},"id":"f84de0a6-d156-45c9-9500-543e34cc6419","typeName":"content_topic_edition"}],"paging":},"languages":],"paging":},"name":"Security","description":"Software has holes, and hackers will exploit the new vulnerabilities that appear daily. Keep tabs on the latest threats.","slug":"security","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"}],"title":"Security","view":"pinbox_text_list"}" class="c-shortcodePinbox-textList c-shortcodePinbox-textList_floating g-border-thin-light-bottom g-outer-spacing-top-medium g-outer-spacing-bottom-medium">
Security
How to delete yourself from search results and hide your identity online
One example: the disruption to supply chains around the globe in 2021 when Ever Given, one of the largest container ships in existence, was grounded in the Suez Canal, blocking one of the world's busiest shipping channels and forcing many other ships to take much longer journeys around the Cape of Good Hope, severely delaying shipments of electronics, machinery, furniture, household goods, and more.  
Ports and shipping are becoming increasingly connected to the internet and  that's making them a tempting target for hackers , especially when much of the sector is simultaneously reliant on legacy technology that can be decades old . 
And the prospect of disruptive cyberattacks against shipping and ports isn't just theoretical – they're already happening.
In 2017, shipping giant Maersk had to deal with a backlog at ports when it was hit as part of the global NotPetya cyberattack . The company had to reinstall thousands of servers and tens of thousands of PCs to get back up and running again. 
In 2021, a major cyberattack disrupted container operations at the South African port of Cape Town, restricting the movement of cargo until systems were restored. Both incidents, alongside the grounding of the Ever Given, demonstrate how disruption to shipping can have big consequences for the global supply chain, businesses and individuals. 
Despite this, the maritime industry remains underprepared for cyberattacks.
"It's a really big area measured in the trillions of dollars – but it's also a bit sort of old guard in the sense of nothing happens, nothing changes very quickly," says Kevin Jones, professor of computer science at the University of Plymouth and lead on the institution's Maritime Cyber Threats Research Group. 
"And there's a mindset in the sector of 'Once I leave port...nobody can touch me, I don't need to worry about anything until I come back'. Those things were sort of true 30 or 40 years ago but they're not true anymore."
That sort of approach means that the industry has struggled to keep pace with cybersecurity threats, with legacy IT systems and a lack of visibility into networks making it a prime target for hackers – and that could have far-reaching consequences.
SEE:  A winning strategy for cybersecurity  (ZDNET special report)
In a project  alongside the Bank of England designed to test how insurance companies would react to such an incident, Plymouth's Maritime Cyber Threats Research Group developed a scenario where attackers secretly gain control of ship controls and use this to crash them into ports and cranes, damaging ships and infrastructure, and losing cargo.
In this fictional scenario, the attackers also threaten to cause further accidents, unless the five biggest shipping companies pay a ransom of $50 million each. In order to prevent further attacks, much of the world's shipping stops for days, crippling the global supply chain.
It's an imagined event, but one based on worst-case scenarios of what attackers could achieve by targeting an industry that is struggling to keep up with cybersecurity – at a time when US Coast Guard Cyber Command has warned of a  68% rise of reported cyber incidents against the sector  during the last year alone.
Part of the problem is the unusual nature of the operating environment: managing the technology on a vast container ship is a very different situation to sorting out the PCs in an office. When a vessel can be on the oceans for weeks or months at a time, it's not as if a full IT refresh can be made at short notice – and a lack of connectivity can make it difficult to download security patches and software updates, even critical ones.  
"The current state of the maritime industry from a cybersecurity point of view is pretty poor and that's not solely down to owners and operators in the industry, it's because of the complexity," says Tom Scriven, principal consultant at cybersecurity company Mandiant, who previously spent eight years in the navy. 
There are the issues of legacy systems, he notes, but also of new ships coming online that have increased connectivity that brings new problems, such as a lack of segmentation across internal networks, an increased threat surface from third parties and suppliers, and customers connecting in and out, he says.
All of these factors help to make maritime a prime target for hackers, with many different motives ranging from cyber espionage to general profiteering from cyber crime.  
Scriven points to a hacking group Mandiant, tracked as APT40 , which is a cyber espionage operation linked to the Chinese state that  targets the engineering, transportation, and defence industries , especially where the sectors overlap with maritime technologies. The group has conducted operations since at least 2013 in what researchers say are a means of supporting China's efforts to modernise its navy by examining systems and stealing sensitive blueprints. 
Mandiant has also detailed attacks against the Israeli shipping sector by cyber attackers . They are suspected to be the work of hackers operating out of Iran with the intention of conducting espionage and collecting intelligence in support of Iranian interests. The attacks include masquerading as legitimate cloud services to steal usernames and passwords, alongside attempts to trick victims into downloading malware . 
Then there's cyber criminals who are out for financial gain. These hackers want to make as much money as they can with as little effort as possible – and targeting the maritime industry could provide them with a big payday due to the combination of old, insecure networks and the fact that port infrastructure is vital to so many industries.

Images Powered by Shutterstock

Thank you for your referral

Please list your name and e-mail and we’ll contact you shortly

  • This field is for validation purposes and should be left unchanged.