The maritime sector and shipping industry, and in particular smart ports, are facing a rising threat of sophisticated cyberattacks.
These attacks range from signal spoofing and ransomware to phishing and password intrusions. Smart ports, in particular, are at risk due to the widespread availability of Information and Communication Technology (ICT) systems, the interconnectivity of the global maritime industry and logistics centres and the decentralised anonymity of the Internet.
Smart ports are modernised ports that use advanced technologies such as artificial intelligence (AI), blockchain, big data, and the Internet of Things (IoT) to improve day-to-day operations. These technologies enhance efficiency, safety, and sustainability.
When utilised effectively, smart ports can revolutionise shipping supply chains and logistics. However, while they improve accuracy and efficiency, there are risks associated with their implementation.
Perhaps the most notable attack to date, occurred in 2017 when shipping giant Maersk was the victim of a NotPetya virus, causing major disruption to supply chains and millions lost in revenue.
Another attack occurred on 22 July 2021, when the South African state-owned freight transport and handling company Transnet was the victim of a ransomware attack. In the wake of the attack, Transnet declared a force majeure at several container terminals including the Port of Durban, Cape Town, Ngqura and Port Elizabeth.
This attack had significant logistical consequences causing major disruptions to container operations, insofar as several bodies including the Cape Town Harbour Carriers Association declared a moratorium on cargo movements.
In January 2023, the Oslo-based software supplier Det Norske Veritas (DNV) fell victim to a cyberattack, impacting approximately 1,000 vessels. Around the same time, the Port of Lisbon faced an attack by LockBit ransomware. The hackers claimed to have accessed a trove of sensitive information, including cargo details, ship logs, financial records, and email exchanges. LockBit demanded a ransom of $1,500,000 and threatened to leak the stolen data if their demands were not met. Then, in March 2023, the Dutch maritime logistics firm Royal Dirkwager was targeted by the hacker group Play in another ransomware incident. Although the company's operations remained intact, the breach had a significant toll on its employees. Following the attack, the Dutch Data Protection Authority engaged in negotiations with the hackers.
Negotiating with hackers, and worst-case scenario, giving in to their demands, arguably establishes a dangerous precedent for future incidents, potentially encouraging others to employ similar tactics. This vulnerability is compounded by uncertainties surrounding insurance coverage and claims related to cyberattacks on smart ports and shipping operations, as highlighted by Safety4Sea. Furthermore, analysts warn of the possibility of criminals exploiting port data to steal cargo or aid in illicit trafficking, underscoring the risks associated with such breaches.
Cybersecurity plays a vital role in enhancing maritime security, yet the cyber-maritime nexus presents a dual challenge. Beyond the risks to smart ports, it's essential to recognise the vulnerabilities in communication networks between vessels, relay centres, and logistics operations. These vulnerabilities are evident in the aftermath of both cyber and physical attacks or disruptions.
On 15 April 2024, a vessel sailing off Tombula, Angola received a call from a supposed fishing vessel claiming to be in distress, however, the genuineness of the call could not be confirmed by the local maritime authority. Such incidents demonstrate how pirates may pose a threat by transmitting false distress signals or spoofing vessel signals to lure and trap unsuspecting ships.
The potential risks of the cyber-maritime nexus are indeed significant, but they do not necessarily outweigh the established benefits. Instead of framing this issue as a trade-off between security and efficiency, it might be more constructive to view it as a conflict that requires reconciliation. The maritime industry should not feel compelled to choose between security and efficiency, as both can coexist.
States and shipping companies need to adopt more robust preemptive and preventative measures. Strengthening cyber defences should extend beyond enhancing surveillance capabilities and integrating technologies like AI or radars to detect dark vessels (ships involved in illicit activities or those that have disabled their Automatic Identification Systems). Initiatives aimed at enhancing maritime cybersecurity should also focus on building the capacity and resilience of coastal communities, in addition to fostering better information sharing among stakeholders.
No country or part of the maritime industry is immune to cyberattacks, and as hackers become increasingly sophisticated, states and shipping companies must prepare for the potential execution of catastrophic maritime cyberattacks.