Attackers are equally capable of wreaking havoc whether their target is based on land or sea. Considering that more than 70 percent of the earth is covered by water, and an expanding attack surface for the vessels journeying across those waters, and cybercriminals have no shortage of maritime targets that they can aim to exploit. Credit: Thinkstock If there is one universal truth we’ve learned from developments on the cybersecurity landscape in recent years, it’s that none of us are free from cyberthreats. Attackers identify and exploit vulnerabilities wherever they might exist, regardless of the target’s geographic location, whether the target is an individual or an enterprise, or which industry sector the target represents.By the same token, attackers are equally capable of wreaking havoc whether their target is based on land or sea. Considering that more than 70 percent of the earth is covered by water, and an expanding attack surface for the vessels journeying across those waters, and cybercriminals have no shortage of maritime targets that they can aim to exploit.Unlike many of the modern sectors of our digital economy on which cybercriminals have set their sights, the maritime industry has been around for centuries. Ships and other seafaring vessels might not seem like natural targets for cybercriminals, but the array of potential access points on modern vessels – such as internet connectivity, the use of industrial control systems and satellite and radio communication systems – present growing opportunities for cybercriminals to pursue. Expect the maritime attack surface to continue to expand given momentum toward a future in which autonomous ships will be a prominent piece of the maritime landscape, underscoring the growing reliance on interconnected information systems. New methods of attack on the high seasA wide range of methods exist for those who seek to target maritime vessels, including:Extortion/ransomware for allowing the vessel to restore operationsDigital piracy by shutting down the vesselEspionage for obtaining sensitive information that can be used by competitionDefamation/litigation by causing ISPS Code incompliance/delaying the vessel/causing disruptionTerrorism causing vessel collision/hazard to ports/other ships(H)Activism for conveying a messageThese possibilities are not merely theoretical. The US Coast Guard recently warned that unidentified hackers attempted to gain access to ships’ electronic systems to steal sensitive information and disrupt ships’ computer systems. The impact of these kinds of attacks can be enormous. Consider such disturbing possibilities as attackers manipulating passenger lists to allow for illegal transports, illegally leaking data about sensitive cargo transports and potentially even causing engines to explode or vessels to shut down by manipulating industrial control systems. When it comes to maritime threats, not only are sensitive digital assets at risk, but the possibility exists of cyberattacks leading to physical security incidents that could lead to large-scale losses of life.Needless to say, these are sobering scenarios. Just as pirates have been a feared threat to ship personnel for centuries, now and in the future, those in the maritime industry have to worry about attackers who are equally menacing but can imperil their missions and safety without risking a physical confrontation.A shift in mindsetA recent article published by the Center for International Maritime Cybersecurity shined a spotlight on shortcomings in the US Navy’s cybersecurity posture, drawing upon an independent review that was completed in March. Essentially, it was noted that a shift in mindset is required to direct more attention and resources toward preparedness for cyberwar. The article states that:“Ultimately, the objective should be a Sailor who understands cyber hygiene and proper use of the network as a primary on-the-job tool, just as well as any Soldier or Marine knows his or her rifle. Sailors go to sea aboard complex warships with integrated networked systems that run everything from Hull, Mechanical, and Electrical (HM&E) systems to combat systems and weapons employment. The computer is our rifle, why shouldn’t we learn how to use it more safely and effectively?”Given the considerable resources available to the US military, it is fair to assume that many of the world’s smaller nations face an even more glaring challenge in readying their navies and maritime operations for the emerging threats they face at sea.Fortunately, there are many avenues available to those in the maritime sector to safeguard the people, cargo and other resources on which they depend. After first taking stock of the organization’s cybersecurity capabilities and gaps in preparedness, some of the most important next steps should include devising an updated ship security plan, appropriate training of the crew and employees and tracking implementation progress through periodic audits. It is essential that all entities that operate in the maritime sector – whether private organizations or military units – commit themselves to taking stock of their cybersecurity maturity and then putting the policies and procedures in place to address their vulnerabilities. This is an overlooked component of the cybersecurity ecosystem that is in urgent need of greater attention in both the public and private sectors.There may be nothing new about the need for ships to deliver cargo or patrol their country’s coasts, but the threats they are increasingly likely to encounter, invisible to any telescope, have placed the age-old maritime sector in uncharted waters. Related content opinion The race to secure 5G The arrival of 5G technology introduces a new era of digital transformation. Security can't be an afterthought. By Chris Dimitriadis Mar 26, 2021 4 mins IoT Security Telecommunications Networking opinion 3 ways to speak the board's language around cyber risk Framing the cyber risk conversation in ways that resonate with the board will help close the chasm between cyber risk and enterprise objectives. By Chris Dimitriadis Feb 05, 2021 4 mins IT Governance Risk Management Security opinion SolarWinds hack is a wakeup call for taking cybersecurity action Many questions are yet to be answered as the investigation and response continues, but one thing is clear: managing supply chain risks requires a level of sophistication similar to that of the attackers. By Chris Dimitriadis Jan 06, 2021 5 mins Advanced Persistent Threats Network Security Security opinion Protecting the supply chain in an era of disruptions Supply chain problems encountered during the COVID-19 pandemic brought continuity planning out of the shadows and into the boardroom. By Chris Dimitriadis Dec 07, 2020 5 mins Business Continuity Risk Management Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe