Cybersecurity in the maritime industry is becoming increasingly important as ships, ports and supply chains embrace digitalisation. With the integration of Internet of Things (IoT) devices, automation, and interconnected systems, the sector faces increasing threats, including risks such as data breaches, ransomware attacks, and sabotage.
aAccording to the European Union Cybersecurity Agency, this change has been accompanied by a notable increase in cyber-attacks targeting critical maritime infrastructure such as ports and shipping companies, highlighting the need for increased focus and action on maritime cybersecurity. ing.
This report utilizes the ENISA Cybersecurity Threat Landscape methodology to analyze a total of 98 publicly reported incidents within the specified time period. Data collection mainly focuses on his EU member states and also extends to global events affecting the EU. The critical incident was identified through open source intelligence (OSINT) and cyber threat intelligence capabilities.
ENISA highlights that the main threats identified for the period January 2021 to October 2022 include:
- Ransomware attack (38%): A type of attack in which an attacker takes control of a target's assets and demands a ransom in exchange for restoring the asset's availability.
- Data-related threats (30%): Sources of data are targeted for unauthorized access and disclosure, as well as data manipulation to disrupt system operation.
- Malware (17%): Malware is an umbrella term used to describe software or firmware that is intended to run unauthorized processes that adversely affect the confidentiality, integrity, or availability of a system.
- Denial of Service (DoS), Distributed Denial of Service (DDoS), and Ransom Denial of Service (RDoS) attacks (16%): Availability is the target of numerous threats and attacks, of which DDoS stands out. DDoS attacks target system and data availability, and while not a new threat, they play an important role in the transportation sector's cybersecurity threat landscape.
- Phishing/spear phishing (10%): Social engineering includes a wide range of activities that seek to exploit human error or human behavior to gain access to information or services.
- Supply chain attacks (10%): Supply chain attacks target the relationship between an organization and its suppliers.
During the reporting period, the threat actors that had the greatest impact on this sector were state-sponsored actors, cybercriminals, and hacktivists. The following trends were observed:
- In 2022, ransomware attacks became a prominent threat to this sector. Ransomware is steadily increasing, and the transportation sector is being affected just like other sectors.
- Cybercriminals are responsible for the majority (54%) of attacks on the transportation sector, with all sub-sectors targeted.
- Threat actors increasingly carry out ransomware attacks for more than just financial motivations.
- The increase in hacktivist activity targeting the transportation sector is likely to continue.
- The proportion of DDoS attacks targeting the transportation sector is likely to continue to increase.
- The main targets of DDoS attacks by hacktivists are airports, railways, and transport authorities in Europe.
- During this reporting period, no reliable information was available regarding cyber-attacks affecting transport security.
- The majority of attacks against the transportation sector target information technology (IT) systems. Although operational disruption can occur as a result of these attacks, operational technology (OT) systems are rarely targeted.
- Ransomware groups may target and disrupt OT operations in the near future.
According to the report, ransomware attacks have emerged as the leading threat to the sector in 2022, surpassing the data-related threats that dominated in 2021. Despite this, ransomware groups are still considered opportunistic and do not specifically target the transportation sector more than other ransomware groups. Recent trends show that ransomware attacks targeting transportation have not shown a significant increase compared to other sectors. Ransomware incidents are on the rise across the board, impacting the transportation sector as well as other industries.
Key challenges for managing cybersecurity
According to DNV, effectively managing cybersecurity in the dynamic and complex energy sector is no small feat. The sector is experiencing significant digitization, innovation and a transition to cleaner energy sources, as changes in global demand and the impact of the European conflict impact global energy prices and distribution patterns.
#1 The “wait and see” effect is holding back progress. For example, 6 in 10 C-suite respondents acknowledge that their organization is more vulnerable to attacks than ever before, but are willing to make urgent improvements in the coming years to prevent attacks. Far fewer (44%) expect to do so.
#2 Air gap is closing rapidly: When considering the risk of cyberattacks on industrial control systems, energy companies take some comfort in knowing that their OT platforms have traditionally had an “air gap” that isolated them from the IT network.
#3 Lack of global expertise: In a cyber incident, where a hacker has infiltrated your network and must be stopped, every second counts. Therefore, only 31% of potential cyber respondents confidently assert that they know exactly what to do if they are concerned about the risk or the development of an attack. That is a concern.
#4 Complex supply chains hide critical vulnerabilities. Supply chains in the energy sector are increasingly complex on a global scale, relying on third and fourth parties whose cybersecurity systems and processes are difficult to assess reliably. As a result, cybersecurity across the supply chain is an area where many respondents are less confident than necessary to protect critical systems and data.
where we stand
The Navigation Vessel Inspection Notice (NVIC) issued by the United States Coast Guard (USCG) in March 2024 emphasizes the importance of cybersecurity in the maritime sector. As highlighted in the Allianz Risk Barometer 2024, cyber incidents such as ransomware attacks, data breaches and IT disruptions are a key concern for businesses around the world, and the maritime industry is not immune to these threats. .
The maritime sector is becoming more vulnerable to cyber threats as it becomes increasingly reliant on digital technologies for navigation, communication and operational efficiency. Cybersecurity breaches can not only disrupt operations, but also compromise the safety of ships, crew, and cargo.
Furthermore, in the broader context outlined in the Global Risks Report, rapid technological change brings both opportunities and challenges. While technological advances improve efficiency and connectivity, they also introduce new vulnerabilities and risks. The situation is further complicated by factors such as geopolitical tensions and climate change, which are exacerbating economic uncertainty.
In conclusion, the transportation sector faces an evolving cyber threat landscape characterized by the rise of ransomware and the use of geopolitically motivated DDoS attacks by hacktivists. As cyber threats become more complex and targeted, reducing risk and ensuring the resiliency of critical transportation infrastructure requires proactive cybersecurity measures and the involvement of transportation stakeholders and cybersecurity professionals. Cooperation is essential.
