Maritime Cyber Attacks Are A Deadly Threat

New research published by DNV reveals that less than half (40%) of maritime professionals think their organisation is investing enough in cyber security at a time when vessels and other critical infrastructure are becoming increasingly networked and connected to IT systems. 

Maritime professionals are warning of insufficient investment in cyber security as risks escalate in the era of connectivity, with three-quarters believing an incident will force the closure of a strategic waterway and according to DNV, maritime cyber security needs more investment, better regulation, and sharing of incident experiences.

This survey of 801 industry professionals by class society DNV found that more than half also expect cyber incidents to cause ship collisions, groundings, and even result in physical injury or death.

Key Findings

  • Insufficient funding is the maritime sector’s biggest barrier to greater cyber resilience in 2023, as safety-compromising threats to the industry’s operational technology gather pace.
  • Tightening regulation raises hopes for greater investment in cyber security to be unlocked, according to DNV’s survey of more than 800 industry professionals, but concerns are emerging over rulebook effectiveness and companies’ ability to comply.
  • Cyber security is a pre-requisite for progress as more than half of maritime professionals describe digital technology as a key enabler of their decarbonisation plans.  

The majority of maritime professionals expect cyber attacks to disrupt ship operations in the coming years, with more than three quarters believing an incident is likely to force the closure of a strategic waterway.

Although the maritime industry has focused on improving IT security in recent decades, DNV said the security of operational technology (OT), which manages, monitors, controls, and automates physical assets such as sensors, switches, safety and navigation systems, and vessels, is a more recent and increasingly urgent risk.

Three-quarters of those surveyed believe that OT security is a significantly higher priority for their organisation than it was just two years ago; however, just one in three in the industry are confident that their organization’s OT cyber security is as strong as its IT security. “The maritime industry is still thinking IT in an era of connected systems and assets,” said Svante Einarsson, head of maritime cyber security advisory at DNV. “With ship systems being increasingly interconnected with the outside world, cyber attacks on OT are likely to have a bigger impact in the future.”

According to DNV’s analysis, while the age of connection brings new threats, it also brings new opportunities. Almost all maritime professionals agreed the future of the industry relies on an increase in connected networks, and that connected technologies are helping the industry reduce emissions. “Cyber security is a growing safety risk, perhaps even “the risk for the coming decade,” warned Knut Ørbeck-Nilssen, CEO Maritime at DNV. 

Most maritime professionals told DNV that they believe that regulation provides the strongest motivator to unlock much-needed cyber security funding. Majority said that it will drive investment in cyber security, but only just over half are confident in the effectiveness of cyber security regulation and in their ability to meet requirements. 

DNV also found that just 36% of maritime professionals agree that complying with cyber security regulation is straightforward and almost half (44%) say that regulatory compliance requires technical knowledge that their organisation does not possess in-house. 

Seven recommendations were put forward by the report, including considering cyber security as an enabler, treating cyber issues like safety issues, sharing insights across the industry, creating a more effective training strategy, maintaining fallback options for systems, and reframing regulation as a baseline from which to build cyber security. 

The report points to pending regulations saying that tighter regulation of maritime security will provide a strong motivator to unlock funding for cyber security. 

While just over half of the survey respondents are confident in the effectiveness of cyber security regulation and their ability to meet requirements, organisations must and are preparing to comply with the new rules spurring a greater focus on the dangers.  

DNV:       Lloyds List:     Splash 247:    Seatrade-Maritime:     Maritime-Executive:    Port News:  

You Might Also Read: 

Ransomware Trends In The Aviation & Maritime Industries:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Data Sovereignty
What Is The Cybersecurity Maturity Model Certification (CMMC)? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

Cimcor

Cimcor

Cimcor’s flagship software product, CimTrak, helps organizations to monitor and protect a wide range of physical, network and virtual IT assets in real-time.

VIPRE Security Group

VIPRE Security Group

VIPRE Security Group is an award-winning global cybersecurity, privacy and data protection company.

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

Sentrium Security

Sentrium Security

Sentrium is committed to helping organisations protect their technology, information and people. Our range of bespoke services provide solutions to tackle a broad range of cyber security challenges.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

Cyber Crucible

Cyber Crucible

Cyber Crucible is a cybersecurity Software as a Service company definitively removing the risk of data extortion from customer environments.

Techsolidity

Techsolidity

Techsolidity is an emerging e-learning platform that offers a wide range of upskilling programs worldwide in areas including cybersecurity.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.