Maritime Cyber Attacks Are A Deadly Threat

Uploaded on 2023-06-21 in FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Services-Financial

New research published by DNV reveals that less than half (40%) of maritime professionals think their organisation is investing enough in cyber security at a time when vessels and other critical infrastructure are becoming increasingly networked and connected to IT systems. 

Maritime professionals are warning of insufficient investment in cyber security as risks escalate in the era of connectivity, with three-quarters believing an incident will force the closure of a strategic waterway and according to DNV, maritime cyber security needs more investment, better regulation, and sharing of incident experiences.

This survey of 801 industry professionals by class society DNV found that more than half also expect cyber incidents to cause ship collisions, groundings, and even result in physical injury or death.

Key Findings

  • Insufficient funding is the maritime sector’s biggest barrier to greater cyber resilience in 2023, as safety-compromising threats to the industry’s operational technology gather pace.
  • Tightening regulation raises hopes for greater investment in cyber security to be unlocked, according to DNV’s survey of more than 800 industry professionals, but concerns are emerging over rulebook effectiveness and companies’ ability to comply.
  • Cyber security is a pre-requisite for progress as more than half of maritime professionals describe digital technology as a key enabler of their decarbonisation plans.  

The majority of maritime professionals expect cyber attacks to disrupt ship operations in the coming years, with more than three quarters believing an incident is likely to force the closure of a strategic waterway.

Although the maritime industry has focused on improving IT security in recent decades, DNV said the security of operational technology (OT), which manages, monitors, controls, and automates physical assets such as sensors, switches, safety and navigation systems, and vessels, is a more recent and increasingly urgent risk.

Three-quarters of those surveyed believe that OT security is a significantly higher priority for their organisation than it was just two years ago; however, just one in three in the industry are confident that their organization’s OT cyber security is as strong as its IT security. “The maritime industry is still thinking IT in an era of connected systems and assets,” said Svante Einarsson, head of maritime cyber security advisory at DNV. “With ship systems being increasingly interconnected with the outside world, cyber attacks on OT are likely to have a bigger impact in the future.”

According to DNV’s analysis, while the age of connection brings new threats, it also brings new opportunities. Almost all maritime professionals agreed the future of the industry relies on an increase in connected networks, and that connected technologies are helping the industry reduce emissions. “Cyber security is a growing safety risk, perhaps even “the risk for the coming decade,” warned Knut Ørbeck-Nilssen, CEO Maritime at DNV. 

Most maritime professionals told DNV that they believe that regulation provides the strongest motivator to unlock much-needed cyber security funding. Majority said that it will drive investment in cyber security, but only just over half are confident in the effectiveness of cyber security regulation and in their ability to meet requirements. 

DNV also found that just 36% of maritime professionals agree that complying with cyber security regulation is straightforward and almost half (44%) say that regulatory compliance requires technical knowledge that their organisation does not possess in-house. 

Seven recommendations were put forward by the report, including considering cyber security as an enabler, treating cyber issues like safety issues, sharing insights across the industry, creating a more effective training strategy, maintaining fallback options for systems, and reframing regulation as a baseline from which to build cyber security. 

The report points to pending regulations saying that tighter regulation of maritime security will provide a strong motivator to unlock funding for cyber security. 

While just over half of the survey respondents are confident in the effectiveness of cyber security regulation and their ability to meet requirements, organisations must and are preparing to comply with the new rules spurring a greater focus on the dangers.  

DNV:       Lloyds List:     Splash 247:    Seatrade-Maritime:     Maritime-Executive:    Port News:  

You Might Also Read: 

Ransomware Trends In The Aviation & Maritime Industries:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Data Sovereignty
What Is The Cybersecurity Maturity Model Certification (CMMC)? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NQA Certification

NQA Certification

NQA provides certification to a range of ISO standards including ISO 27001 for information security management.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

PETRAS IoT Hub

PETRAS IoT Hub

PETRAS is a consortium of 12 research institutions and the world’s largest socio-technical research centre focused on the future implementation of the IoT.

CyberOwl

CyberOwl

CyberOwl builds on cutting-edge research and combines decades of experience in developing, securing and operating large distributed systems.

Zix

Zix

Zix offers secure email encryption, threat protection, archiving, DLP and BYOD security for hospitals, financial services, government, and more.

National Authority for Electronic Certification and Cyber Security (AKCESK) - Albania

National Authority for Electronic Certification and Cyber Security (AKCESK) - Albania

AKCESK ensures security for trusted services, in particular reliability and security in electronic transactions between citizens, businesses and public authorities.

Gita Technologies

Gita Technologies

Gita Technologies works to create integrated solutions to the thorniest problems in the field of intelligence and cyber today.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Curricula

Curricula

Curricula's cyber security awareness training delivers short relatable security stories to your employees. We make learning cyber security simple and fun.

Space ISAC

Space ISAC

Space ISAC is the only all-threats security information source for the public and private space sector.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

Beaming

Beaming

Beaming is an established Internet Service Provider for businesses across the UK. We deliver reliable voice, data and managed services, including cybersecurity.

Sasken Technologies

Sasken Technologies

Sasken’s Cybersecurity Services enables enterprises to develop, maintain, and take digital products to the market with security postures that empower operational excellence.

NST Cyber

NST Cyber

NST Cyber provides comprehensive Threat Exposure Management to Global banks and Forbes 2000 companies.