647
Views

Shipboard Cyberattack Risks are Increasing, U.S. Coast Guard Warns

Cyber imge
iStock

Published May 20, 2025 8:19 PM by The Maritime Executive

 

The U.S. Coast Guard's cybersecurity report card for the American maritime industry is out for 2024, and the service is happy to report that the sector's security posture is better than it was in 2023. Risks have not gone away, but U.S. stakeholders are taking steps to address the threat. 

"Widespread adoption of Multi-Factor Authentication and technical improvements against phishing have helped drive this change, but there is still much more work to do," Coast Guard Cyber Command said. 

Cyberattack risks for maritime stakeholders remain serious. The Coast Guard responded to 36 reported cyber incidents in 2024, and the average cost per breach for victims came to about $4.9 million. 70 percent of incidents resulted in significant or very significant disruption for the targeted organization. 

Phishing remains the most common vulnerability for hackers' initial point of entry, and financial gain - using coercive techniques like ransomware - remains a primary motivator for attackers. 

The risks of an attack spreading from shoreside IT networks to vessel computer systems is increasing, the service warned. In years past, ships were air-gapped, but with the advent of inexpensive satellite broadband and cloud computing, that is changing rapidly. "Cyberattacks impacting a company’s enterprise network are now far more likely to impact shipboard Information Technology (IT) systems and potentially impact vessel operations," the service warned. 

The agency devoted special attention to the risks associated with ZPMC's ship-to-shore cranes. These Chinese-built cranes dominate the world market for STS equipment, but they run on digital systems that are filled with security gaps, the Coast Guard warned - including operating systems and comms protocols that are outdated and are known to be vulnerable. 

The most concerning elements, though, are certain crane models' built-in cellular modems and remote-access contract clauses, which could allow unwanted remote monitoring or control. (ZPMC is owned by the Chinese state, and is subject to Chinese intelligence-collection laws.) No such unauthorized activity has been detected, but neither has the service been focused on efforts to detect it; to date it has put staff time towards vulnerability identification rather than counterintelligence, the center said.

The Coast Guard believes that any malicious activity on ZPMC's cranes (if it exists) would be well-concealed within everyday network traffic, and operators will first have to implement cybersecurity best practices before they can root out any unknown intruders. In all events, the service advises minimizing remote access authorization for ZPMC or any other third party. 

"Scrutinize contract language that requires remote access, installation of cellular modems, or other third-party maintenance procedures. Conduct routine physical audits to verify compliance with contractual agreements," the Coast Guard advised terminal operators. "The partners with the best crane security postures have been aggressive in challenging these access requirements
through the contracting process." 

Criminal hackers are becoming more businesslike

On Tuesday, managed satcom service leader Marlink released its own report card for the second half of 2024, and it reported concerning results. Marlink's security centers are now seeing cybercriminals use more advanced, efficient tactics and more AI automation to accelerate their attacks. 

Marlink's security centers dealt with 50 managed major incidents across a global fleet of 2,000 vessels in the second half of the year, along with nearly 11,000 malware incidents and billions of lesser events. AI is powering cyber threat actors' evolutionary process, speeding up phishing campaigns and helping to write new hacking tools. Meanwhile, professional "access brokers" have created a growing hack-for-hire market, selling illegal access to corporate networks for other criminals to exploit. 

"H2 2024 saw a marked evolution in cyber threats, as malicious actors adopted increasingly efficient, structured, and business-like approaches to cybercrime, putting additional pressure on the maritime industry," warned Nicolas Furgé, President, Marlink Cyber.