By: Avital Sincai – COO & Co-founder Cydome
Digitalisation within the maritime industry has flourished over the past couple of years, with the pandemic providing the perfect opportunity for the growth of digital solutions. In a recent report by Inmarsat, it showed that during the pandemic the average daily data consumption nearly tripled, from 3.4 to 9.8 gigabytes per vessel, and in a further significant shift, it is projected that the global maritime digital products and services market in 2021 was worth $159bn – 18% ahead of pre-pandemic forecasts. Asa result of this however, we have also seen the birth of a new risk to the supply chain – cybercrime. The rate of cybercrime has been rapidly increasing over the past few years, with ransomware attacks up 150% in 2021, and set to further increase in 2022. For every digital solution that increases workflows or allows for constant connectivity within the global supply chain, there is an increased possibility for cybercriminals to attack.
The pandemic has presented many issues for crews on board vessels. Due to global travel restrictions, crews can be on board vessels for as long as a year at a time, simply due to countries not allowing crews to land on shore and restrictions on crew changes. A combination of brutal conditions at sea and the grueling work hours, can lead to fatigue and consequently mistakes that cost the global economy. This was seen in a recent incident in 2020, when the Japanese bulk carrier Wakashio ran aground and resulted in a severe oil leak. This was due to crew members wanting to sail close to shore so that they could use their mobiles to contact their families. This had implications both environmentally, in relation to the large oil leak, but also economically due to the loss of the ship and its cargo.
One solution to the problem of the effects of workers’ fatigue on the global supply chain is autonomous and semi-autonomous vessels. With the first fully- autonomous cargo ship setting sail in November 2021 this is set to be a key trend in the development of the global supply chain. As the development of fully autonomous ships is still ongoing, the use of semi-autonomous ships strikes a happy medium between the two, and is set to continue to feature in our oceans throughout2022.
The increase of digitalisation and the development of autonomous/semi-autonomous ships transforming the maritime sector, also presents a new challenge in terms of securing ships against cyberattacks. Vessels of the future, particularly unmanned,will have a complex network of systems, all of which will have a significant level of connection and interdependence. This increases the risk of ransomware or malware taking the vessel hostage, or even just basic tampering with software.
To avoid these potentially perilous scenarios involving autonomous/semi-autonomous ships, ship owners need to ensure that their whole ship is protected. It cannot be assumed that partial or fragmented cybersecurity is enough: if there are any weaknesses within the cybersecurity of onboard systems, they will be exploited as weak spots by hackers and cyber criminals.. Because of the now interconnected nature of ships, a cybercriminal is able to enter through a seemingly harmless network, but quickly penetrate through to areas of the ship which, if tampered with, could be catastrophically damaging.
With cybercriminals getting smarter, and continuously looking to exploit the maritime sector, ports and their facilities are expected to become regular targets for cyberattacks. Ports are potentially even more vulnerable to cyberattacks than vessels at sea because of increased points of attack provided by the additional shore-based IT and comms, and the large number of people with access to those systems.
We recently witnessed a large scale cyberattack on a number of ports across Europe, including in Belgium, Germany and the Netherlands. The coordinated attack targeted oil terminals and disrupted oil tankers’ delivery of vital energy supplies. In any normal circumstances, this would be alarming, but it is particularly concerning due to the current surging in energy prices, and the worry that this could lead to future “extortions” of oil operators.
The growth in digitalisation, accelerated by the pandemic, has seen a rise in the interconnection of software between vessels and the shore. More recently, we have seen a dangerous new development where IT systems within a port are infected by a hack from a ship at sea, with the attack subsequently spreading to infect other vessels and fleets connected to the port. This would not be the first time a port was attacked through a vessel, and demonstrates the large-scale damage that can be caused. We have long spoken about needing to protect the entire supply chain ecosystem, and in 2022 the need for cybersecurity for both fleets and ports is expected to rise dramatically.
The trend in increased digitalisation and connectivity within commercial fleets and facilities, has been mirrored by private and personal vessels in the last couple of years. Superyacht owners and clients, particularly since the pandemic, now expect the same level of connectivity and range of applications that they would normally enjoy on land, wherever they are at sea. As with the two examples above, this ultimately leaves superyachts highly vulnerable to cyberattacks and presents its own set of new and unique challenges to overcome in 2022.
The superyacht industry is still coming to terms with the danger weak cybersecurity poses, and is yet to fully understand the actions that need to be taken to overcome this. There is a vast contrast in the protection needed for the average commercial ship, and it is not just a matter of protecting the IT and communications onboard the vessel. The various devices and applications a superyacht client requires also need to be guarded to ensure full protection. Another scenarioto consider is the interchange of crew members who embark and disembark at various stages, carrying individual electronic and communication devices, all posing potential vulnerabilities for a cybercriminal to exploit. As with regular commercial/merchant ships and ports, the monetary value of a superyacht and its cargo are remarkably high and therefore a key target for criminals for ransomware. However, unlike regular cargo, the fact that superyachts are home to wealthy individuals, also makes operating the vessel highly sensitive and private, adding a further incentive for criminals to target superyachts for ramson.
Due to the maritime industry only recently fully understanding the need for superyacht cybersecurity, the IMO regulations are in the early stages of addressing these relatively new risks. IMO 2021 regulations were introduced in January 2021 and are required as part of the compliance for superyachts. The United States Coast Guard (USCG) announced shortly after the introduction of these regulations that it will start enforcing the universal requirement for a cybersecurity plan for all commercial yachts and ships over 500GT visiting US ports, regardless of flag. These regulations are expected to continue to be updated and evolve in 2022 as the industry understands more about the need for cybersecurity for superyachts.
The growth in digitalisation, especially in light of the pandemic, has further increased the need for full and complete cybersecurity for vessels and maritime facilities in 2022. Whether that is for private vessels such as superyachts, or commercial vessels and port facilities, high level cybersecurity coverage is a necessity to protect the wider maritime ecosystem. As the industry navigates through the next couple of years, we expect the cybersecurity landscape to continue to evolve, and pose different obstacles for each sector. However, what we don’t expect to change, is the vast number of cyberattacks that will unfortunately continue to grow over the coming years.