Written by Bradley Butler.
The maritime industry, a cornerstone of global trade, has long faced threats ranging from age-old piracy to modern cyber attacks. Drawing from real-life experiences of Somali piracy and a decade in maritime cybersecurity, this blog explores how these threats have evolved and the strategies that are essential to safeguarding the global shipping industry.
About the Author
The author’s career in security began in 2007 as a Royal Marines Commando, where they served in Afghanistan and on various deployments with the Royal Navy. After leaving the military, they became an armed private anti-piracy officer, conducting over 40 ship security engagements in high-risk waters around the Indian Ocean. In the last decade, they transitioned into cyber security consultancy, working in both the UK and Australia. Their unique background includes conducting onboard cyber assessments for ships, bridging the gap between physical maritime threats and the emerging risks of the digital age.
The Global Scale of Shipping
To appreciate the importance of maritime security, it's crucial to understand the scale of the shipping industry. In Australia, 98% of all trade passes through ports, equating to billions of dollars each day. On a global scale, more than 80% of trade is conducted by sea, with over 11 billion tons of goods transported annually. This immense volume highlights the need for robust security measures to protect critical trade routes and ensure the uninterrupted flow of goods.
The History of Piracy
Piracy has been a threat to maritime trade for millennia. Historical records from ancient Egypt mention the 'Sea Peoples' attacking ships as early as the 14th century BCE. The problem persisted into the classical era, where pirates in Greece and Rome plundered merchant vessels and captured people for ransom or slavery. The "Golden Age of Piracy" in the late 17th and early 18th centuries saw figures like Blackbeard make piracy infamous. These centuries-old practices remind us that maritime security has always been a priority, with lessons that remain relevant even today.
The Rise of Somali Piracy
In the early 2000s, piracy in the Gulf of Aden and Indian Ocean emerged as a significant threat, particularly as Somalia’s collapse into civil war left its waters ungoverned. Somali pirates targeted international shipping lanes, demanding ransoms for hijacked vessels. As a response, shipping companies turned to Private Maritime Security Companies (PMSCs) to provide armed guards and security personnel to protect their vessels. The author, working with companies like Shell and Maersk, was at the forefront of this effort.
When a ship was scheduled to transit through high-risk areas (the Gulf of Aden and areas of the Indian Ocean), it would request armed security support. Small teams of formal Royal Marines or UK Armed Forces, would board the ship, often in dangerous circumstances such as transferring heavy equipment from a small boat to a 300-meter container ship in rough seas. Once onboard, they would conduct security assessments, run drills with the crew, and set up physical defences, including razor wire and CCTV. The aim was to deter pirate attacks and ensure that crew members were prepared for any attempted hijackings.
The high point of piracy in these waters has since passed, thanks to a combination of naval patrols, physical security measures, and the presence of armed guards. Although piracy incidents have decreased significantly, they haven’t disappeared altogether. In the first quarter of 2024, the ICC International Maritime Bureau reported 33 incidents of piracy worldwide, a reminder that this centuries-old threat still persists.
The Shift to Cyber Threats
While piracy continues to pose a threat, modern ships now face a new adversary: cyber attacks. As the maritime industry becomes increasingly reliant on digital systems, it has opened itself up to cyber risks. The 2017 NotPetya attack on Maersk, a state-sponsored cyber attack, caused massive disruptions to the company’s IT systems and crippled operations for weeks. Although cyber attacks on ships themselves are still rare, the potential consequences are severe.
The integration of IT (Information Technology) and OT (Operational Technology) systems on ships, while beneficial for operational efficiency, also creates new vulnerabilities. Ships rely on four layers of technology:
1. Marine Systems: AIS, GPS, ECDIS, GMDSS
2. OT Systems: Engine Management, Telemetry
3. Back Office Systems: Administrative functions
4. Crew Infotainment: Internet and network for crew use
Systems like AIS (Automatic Identification System) and ECDIS (Electronic Chart Display and Information System) are critical for navigation and safety. However, these systems are also vulnerable to cyber attacks. A theoretical attack on ECDIS could allow hackers to manipulate a ship’s navigation data, as demonstrated by a Brazilian Navy test.
Theoretical ECDIS Attack Scenario
In this scenario (credit A Triggering Mechanism for Cyber-Attacks in Naval Sensors and Systems), malware is injected into a ship’s AIS system via removable media or a supply chain compromise. The attacker then sends a crafted message to the AIS system, which is processed and integrated into the ship’s ECDIS. This could alter navigational information or freeze critical systems, putting the ship and its crew at risk.
Such attacks highlight the vulnerabilities in modern maritime systems, and the potential for cyber disruptions to cause physical harm, financial losses, or environmental damage. For instance, disrupting the refrigeration of perishable goods like medicines could lead to health risks, while manipulating the loading of a ship could destabilise it and cause a catastrophic event at sea.
Cybersecurity Assessments for Ships
Recognising these risks, some shipping companies have started conducting onboard cyber assessments to identify vulnerabilities and improve their defences. The author has firsthand experience conducting such assessments, which involve reviewing a ship’s security posture while it is at sea. These assessments typically cover:
Ship’s Safety Management System review: Ensuring that cyber risk management is incorporated into the ship’s overall safety protocols.
Technical Testing: Conducting light-touch tests to avoid disrupting operations while identifying weaknesses in the ship’s systems.
Security Controls Review: Review of procedural and technical controls on a ship against the BIMCO’s Guidelines on Cyber Security Onboard Ships.
One key takeaway from these assessments is the difference between older ships, which often have fewer interconnected systems, and newer, more digitised vessels. For example, an older container ship with minimal digital systems was found to have malware lying dormant, but the limited connectivity prevented it from spreading. In contrast, a newer vessel, heavily reliant on digital navigation and open USB ports, was far more exposed to cyber risks.
Strategies and Technologies for Cyber Protection
From these assessments, several critical strategies and technologies have emerged to protect ships from cyber threats:
Establishing Robust Cybersecurity Standards: High-level guidance on cyber risk management in the maritime sector is insufficient. The industry needs specific, actionable standards to effectively safeguard ships such as the International Association of Classification Societies’ (IACS) new unified requirements (URs) for cyber security.
Fostering a Cybersecurity Culture: Building a cybersecurity-aware culture among crew members is essential. Comprehensive training on cyber best practices, including the risks of removable media, can help reduce vulnerabilities.
Learning from Other Industries: The maritime sector can adopt proven cybersecurity practices from industries like aviation and energy to enhance its defences.
Key Technologies:
IT and OT Segmentation: Separating IT and OT systems can reduce the risk of lateral movement during a cyber attack.
Encrypted Communication Technologies: Implementing encryption, such as protected AIS (pAIS), ensures message integrity and authenticity.
Security Tooling and Monitoring: Tooling that provides comprehensive security monitoring and protection for ship IT and OT systems.
Conclusion
As maritime threats evolve, it is clear that cyber risks pose serious consequences for global shipping. While the industry has been slow to adapt, it must now take urgent steps to strengthen its cybersecurity posture. Learning from other industries, establishing robust standards, and fostering a cybersecurity-aware culture among crew members are essential steps to safeguard the future of maritime trade.