DNV: Connectivity Means Cyber Attacks Are Likely to Disrupt Shipping
Maritime industry professionals believe that cyber-attacks are likely to disrupt elements of global shipping and even likely to threaten physical health and safety according to a new report from DNV. The classification society and analysts explored the changing attitudes and approaches to cyber security warning that as the maritime industry is becoming more connected the dangers are increasing and evolving from the traditional IT security to encompass operational technology.
“The maritime industry is still thinking IT in an era of connected systems and assets,” says Svante Einarsson, Head of Maritime Cyber Security Advisory at DNV. “With ship systems being increasingly interconnected with the outside world, cyber-attacks on OT are likely to have a bigger impact in the future.”
DNV surveyed 800 industry professionals in March and April and reports that three-quarters believe that OT cyber security is a significantly higher priority than it was just two years ago. The report highlights the industry’s experiences ranging from Maersk to MSC, COSCO, CMA CGM, and even the IMO and DNV’s servers for its Ship Management software as being disrupted by cyber attacks. They quote the Port of Los Angeles which said that it is now experiencing twice as many attacks with as many as 40 million ransomware, malware, and spear-phishing incidents each month.
Three-quarters of the professionals responded in the survey that they believe a cyber incident is likely to force the closure of a strategic waterway within the next two years. More than six-in-ten industry professionals expect that cyber attacks will contribute to groundings or collisions.
DNV writes in the report that maritime companies have been safeguarding their data and IT environments in which data is stored and transferred but that the risk is evolving to operational technology which controls physical assets including sensors, switches, safety and navigation systems, and vessels. Until relatively recently vessels were not connected to IT environments providing them protection but the increase in networking and connectivity is raising the risks.
Only a third of respondents to the survey are confident that their organization’s OT cyber security is as strong as its IT security reports DNV. They are saying that there is a need for greater investments in cyber security in the era of connectivity. Yet the report shows that only 40 percent of maritime professionals think their organization is investing enough in cyber security.
“As recognition grows of cyber security’s role as an enabler of digital transformation and decarbonization, it’s particularly important that we explore the state of cyber security in the maritime industry,” writes DNV. In DNV’s assessment, there is still a gap in maturity in how the industry manages the risks of IT and OT security.
CEO Maritime at DNV, Knut Ørbeck-Nilssen said “Cyber security is a growing safety risk, perhaps even ‘the’ risk for the coming decade. But crucially, it is also an enabler of innovation and decarbonization.”
The report points to pending regulations saying that tighter regulation of maritime security will provide a strong motivator to unlock funding for cyber security. While just over half of the survey respondents are confident in the effectiveness of cyber security regulation and their ability to meet requirements, organizations must and are preparing to comply with the new rules spurring a greater focus on the dangers.