The maritime industry is taking important steps to improve cybersecurity, catching up rapidly by introducing other industries' best practices into information technology (IT) and operational technology (OT) onboard vessels. Work remains to be done to ensure a cyber-resilient worldwide fleet of maritime operations. The way forward is through collaboration among all major stakeholders.
Remote-controlled and autonomous ships
In the future, the marine industry will increasingly use remote-controlled and autonomous ships and infrastructure. One can imagine multi-ship, multi-infrastructure hybrid scenarios where a software failure or a cyber-attack could result in widespread damage.
“Protecting this advanced marine industry will drive the need for even higher levels of cybersecurity, reliability, and robustness of marine automation systems and software,” says Svante Einarsson, Head of Maritime Cyber Security Advisory, DNV Cyber.
Cybersecurity insights
CyberOwl complements DNV Cyber with advanced analytics and threat management for maritime vessels
Einarsson shares additional insights into cybersecurity for the maritime industry in our recent interview. DNV expanded its cybersecurity capabilities by acquiring Applied Risk in 2021 and Nixu in 2023, forming DNV Cyber with over 500 experts. This merger enhances maritime cybersecurity by integrating IT and industrial control system security services, offering comprehensive solutions from risk assessment to incident response.
CyberOwl complements DNV Cyber with advanced analytics and threat management for maritime vessels, ensuring real-time threat monitoring and support to sustain regulatory compliance.
Maritimeinformed.com: What are the cybersecurity vulnerabilities in the maritime market? What are the possible consequences and/or worst-case scenarios?
Einarsson: The maritime industry faces several cybersecurity vulnerabilities, including the integration of IT and OT systems, unsecured Internet of Things (IoT) devices, outdated software, weak authentication, and human factors like phishing. The consequences of breaches can be severe, such as operational disruption, data theft, ransomware attacks, cyber-physical attacks, and supply chain disruption.
A worst-case scenario includes hybrid incidents that compromise both IT and OT systems at the same time within highly trafficked areas (such as a port). Depending on the available time and alternative means, the vessel might run aground resulting in major oil spills, environmental disasters, and/or significant loss of life. These vulnerabilities and potential impacts highlight the critical need for robust cybersecurity measures in the maritime sector.
Maritimeinformed.com: What is the role of regulations when it comes to cybersecurity in the maritime market, including IMO, IACS, and critical infrastructure regulations? How do regulations drive better cybersecurity practices?
The EU’s NIS2 directive enforces robust cybersecurity strategies and incident reporting
Einarsson: Regulations play a crucial role in maritime cybersecurity by setting global standards and ensuring compliance. The International Maritime Organisation (IMO) mandates cyber risk management in Safety Management Systems, while the International Association of Classification Societies (IACS) requires cybersecurity integration in systems and ships throughout the lifecycle of a vessel for new builds contracted after July 1, 2024. The EU’s NIS2 directive enforces robust cybersecurity strategies and incident reporting.
These regulations drive better practices by standardising frameworks, holding organisations accountable, promoting holistic risk management, enhancing transparency, and fostering continuous improvement. This comprehensive regulatory approach forces all stakeholders in the industry (yards, vendors, and ship managers) to act and work together to implement effective cyber resilience.
Maritimeinformed.com: How does greater awareness boost cybersecurity? What is the role of near misses in driving cyber awareness and investments?
Einarsson: Greater awareness boosts cybersecurity by educating individuals and organisations about potential threats, leading to better prevention and response strategies. It fosters a culture of vigilance, reducing the likelihood of successful attacks.
Near misses play a crucial role by highlighting vulnerabilities and demonstrating the potential impact of cyber threats without causing actual harm. These incidents drive investments in cybersecurity by showcasing the need for robust defences, and well-planned responses, and encouraging proactive measures to prevent future breaches.
Maritimeinformed.com: What are the pitfalls of over-confidence and under-preparation when it comes to cybersecurity?
Einarsson: Overconfidence in cybersecurity can lead to complacency, ignoring potential threats, and underestimating attackers. For example, relying on boundary protection only, and believing that a system is impenetrable might result in neglecting regular updates and patches, leaving it vulnerable to exploits. Under-preparation, on the other hand, means inadequate de fences, response plans, and drills.
An example is the 2017 Equifax breach, where failure to patch a known vulnerability led to the exposure of sensitive data of 147 million people. Both pitfalls can result in significant financial and reputational damage.
Maritimeinformed.com: What is the role of technology advancements in driving the need and awareness of cybersecurity (e.g., the impact of digitisation, decarbonisation, automation, etc.)?
Digitisation and automation support decarbonisation also increase the need for cybersecurity
Einarsson: Decarbonisation is one of the key shaping factors in maritime today. Technology advancements like digitisation and automation support decarbonisation but also increase the need for cybersecurity by expanding the attack surface and introducing new vulnerabilities. As industries adopt remote maintenance, IoT, artificial intelligence (AI), and other technologies, the complexity and connectivity of systems grow, making them more susceptible to cyber threats.
An example is how scrubber systems with modern technologies such as remote connectivity are retrofitted onboard older vessels today, creating a new and potentially unmanaged gateway to the control systems onboard the vessel. In other words, cybersecurity enables digitisation and decarbonisation.
Maritimeinformed.com: What is the labor situation when it comes to the skillsets needed for cybersecurity excellence? Is there a shortage of expertise and how can it be addressed?
Einarsson: The cybersecurity industry faces a significant skills shortage, with a very large number of positions unfilled globally. This gap is driven by the rapid evolution of cyber threats and the increasing complexity of digital environments. To address this, organisations should adopt skills-based hiring, offer continuous training and upskilling, and create clear career paths. Attracting diverse talent and collaborating with educational institutions can also help bridge the gap.
Emphasising both technical and soft skills is crucial for developing a robust cybersecurity workforce. Many times the best option is to combine different competencies of several people into an aligned team, such as superintendents with OT system and operation expertise with cybersecurity and IT fleet experts.
Maritimeinformed.com: What is the emerging role of AI in cybersecurity, such as the ability to anticipate attacks before they happen?
AI-driven tools can predict and anticipate attacks by recognising early warning signs, allowing teams to address vulnerabilities
Einarsson: AI can significantly enhance cybersecurity teams' effectiveness by providing advanced threat detection and predictive analytics. Machine learning algorithms analyse vast amounts of data to identify patterns and anomalies that may indicate potential cyber threats. AI-driven tools can predict and anticipate attacks by recognising early warning signs, allowing teams to address vulnerabilities proactively.
Additionally, AI automates routine tasks, freeing up human experts to focus on more complex issues. Human teams can assess AI-generated results, ensuring accuracy and context, and make informed decisions. Real-time threat intelligence and automated response systems ensure quicker mitigation of incidents, ultimately strengthening the overall security posture and reducing the likelihood of successful cyber-attacks.
Maritimeinformed.com: What is the impact of geopolitics on cybersecurity? How does the geo-political situation contribute to risks?
Einarsson: Geopolitics significantly impacts cybersecurity by increasing the frequency and severity of cyber-attacks. Conflicts like the Russia-Ukraine war have led to coordinated cyber and hybrid offensives, targeting critical infrastructure globally. Geopolitical tensions contribute to risks by creating an environment where state and non-state actors exploit vulnerabilities and accessible assets for espionage, sabotage, and disinformation.
The most obvious related threat in the maritime domain is GPS and AIS spoofing which is very common in military active areas. Incidents have already happened where the untrained crew has had their ship impounded after being misled into foreign state waters.