Increasing Autonomy Raises Cyber Risk for the Maritime Industry
The maritime industry is vulnerable to cyber threats. Ships and surrounding infrastructure are becoming increasingly connected and digitaliszd, which is providing more opportunities for cyber attacks.
According to maritime expert Cameron Livingstone of The Nautical Institute, “As ships become more technologically sophisticated, methods an attacker could use to disable ship and shore-based technology are widening. GNSS spoofing, radar jamming, AIS interference and shore-based communication shutdowns are increasingly common.
Livingstone cites the 2019 incident involving the British tanker Stena Impero. The vessel was boarded and detained by Iranian forces after she maneuvered suddenly into Iranian waters due to GNSS spoofing, which caused deliberate interference with her positioning.
There are many ways in which ships could be intercepted, especially as they become more autonomous and remotely operated. As humans are removed from technical processes, problems are less likely to be detected quickly. These technologies could be manipulated by attackers to cause collisions and generally disrupt vessels.
The impact is worsened if problems occur on busy trading routes, as with the Suez Canal crisis early in 2021. Just one impacted ship could create a ripple affect across industry and global trade. Such widespread disruption may motivate some attackers.
This increasing cyber threat requires action now. In response, legal requirements are being increased, such as IMO 2021, a resolution requiring ship owners to invest in cybersecurity.
“Potential cost to vessel owners far outweigh the cost of implementing appropriate cybersecurity protocols. Physical and electronic measures should be considered, as well as appropriate cyber insurance (H&M and P&I)," says Livingstone. "Shipowners globally should heed the lessons learnt from corporate cyber-attacks, costing millions of dollars to rectify and wiping billions off company's share values."
Given the pace of increased automation, maritime cyber resilience needs to grow in order to prevent widespread disruption.
Jessie Hamill-Stewart is a cybersecurity PhD student at University of Bristol and University of Bath.
Andrew Sallay is the CEO and co-founder of cybersecurity company Reperion.
The opinions expressed herein are the author's and not necessarily those of The Maritime Executive.