A study published by Plymouth University’s Maritime Cyber Threats Research Group indicates that maritime vessels are at risk for cyber-attacks as many have outdated software and are not designed with cybersecurity in mind.
A cyber-attack on a vessel could target the navigation and propulsion systems and the cargo-related functions. The results of a cyber-attack could be devastating to the shipping company, particularly since 90 percent of world trade occurs over the ocean. The consequences of a successful cyber-attack includes business disruption, financial loss, brand damage, damage to goods and the environment, incident response and mitigation costs and legal fines and lawsuits.
The study outlines different scary scenarios of how possible attacks could occur and examples of successfully carried out attacks have occurred.
According to the study “In an increasingly connected and technologically dependent world, new areas of vulnerability are emerging. However, this dependency increases the vessel’s presence in the cyber domain, increasing its chances of being targeted and offering new vectors for such attacks. Longer term, there needs to be a fundamentally different approach to security of the entire maritime infrastructure meaning there is great need for specific cyber security research programmes focused on the maritime sector.”
Finally, the paper states “As things stand, there are fundamental issues with securing technology used in the maritime industry and the sector is probably the most vulnerable aspect of critical national infrastructure. Both security firms and hackers have found both general flaws and specific, real-world, flaws within the navigation systems of ships, and it seems plausible that similar outdated systems for propulsion and cargo handling may also be compromised and abused by cyber-attackers.”
The maritime industry is a significant part of critical infrastructure in world trade and updating security systems, designing ships with security in mind and training crew members should be considered, as in every other critical infrastructure industry.