Like every other industry, the shipping industry is under an ever-growing siege of cyber attacks as it becomes more and more digitized. Henry Clack, a solicitor at HFW with a focus on cyber incidents, tells The Loadstar that many global shipping firms are particularly worried. Recent advancements in communication technologies, particularly Elon Musk’s Starlink satellite service, have enhanced connectivity for vessels, but they have opened new avenues for cybercriminals.
Considering that about 80% of global trade moves by water, any hiccups lead to huge spikes in shipping prices. Taking action to mitigate a cyber attack has an enormous cost associated. The financial burden has increased immensely, averaging $550,000 (£410,000) from 2022 to 2023. This alarming trend is underscored by a sharp rise in cyber incidents, with reported attacks climbing from 10 in 2021 to at least 64 last year.
The majority of these events are attributed to state-sponsored threat actors from Russia, China, North Korea, and Iran. Criminal organizations — particularly those originating in Nigeria — play a key role as well. According to Clack, “Of the cases which HFW have been involved in, the most common counterparties that we’ve encountered are Nigerian organised criminal organisations.”
For example, in 2021, the International Maritime Organization (IMO) recognized these threats. They responded by including cyber security measures into their international code of safety for merchant shipping. These enacted provisions with the intent to improve overall risk management practices and acknowledge the intentionality of cyber threats.
As the maritime industry has been forced to keep up with the latest technology, the maritime sphere has become an easily exploitable environment for cybercriminals. Shipping has recently moved up to the tenth most important target of these sorts of attacks worldwide. John Stawpert, another expert in maritime law, notes, “Cyber security is a major concern for the shipping industry, given how interconnected the world is.”
The widening number of potential attack routes adds exposure and risk for international shipping companies. GPS spoofing incidents present important threats to navigational technologies. One striking example is the grounding of the container ship MSC Antonia in the Red Sea. Ark Diamant explains, “GPS spoofing means sending the navigation system a false location, and this means that the ship takes a completely different route – it can even be damaged physically if it gets into shallow waters.”
In the cocoon of a cyber crisis, communication quickly breaks down and gets scattered. In Clack, she demonstrates how we typically converse via digital chat programs. They do this by communicating with one another in fast-paced exchanges of no more than one or two sentences daily. “When it does happen, it is more often than not in the context of ransomware ransom negotiations,” he adds.
The growing dependence on technology for operational efficiency across the shipping industry adds to these vulnerabilities. For that reason, shipping companies are starting to embrace artificial intelligence and machine learning to improve communication internally and externally. This creates new access points for cyber adversaries.
The maritime industry’s capacity to pivot has been impressive—even more so than in prior years. Stawpert believes that “the industry is in a good place to deal with the threat – certainly compared with six or seven years ago.” Experts are not letting up in pressing for a cautious approach – and one that embraces preventive action.
The IMO’s amended regulations aim to bolster shipping operations’ infrastructure against cyber threats. They will need certain risk management protocols to be developed and embedded within safety management systems. These provisions are extremely important steps toward ensuring our merchant fleet is equipped to resist focused cyber attacks.
Jeroen Pijpker highlights the real-world implications of these threats: “What we saw with one example was that equipment was being shipped to Ukraine, and then on a Telegram channel we see people giving information about what kind of targets to attack to get some kind of disruption in the logistical chain [of that delivery].” Protecting the United States against the effects of damaging global supply chains. Cyber attacks have a pronounced negative effect on global trade.
Despite these difficult obstacles the industry must chart, it is critical for companies to continue prioritizing investments in strong cybersecurity infrastructure. The rapidly changing environment of digital threats calls for ongoing adaptation and innovation in strategies to manage risk.