{"id":12190,"date":"2022-09-28T17:00:12","date_gmt":"2022-09-28T17:00:12","guid":{"rendered":"http:\/\/TheNextWeb=1391493"},"modified":"2022-09-28T17:00:12","modified_gmt":"2022-09-28T17:00:12","slug":"securing-the-seas-when-the-maritime-industrys-drowning","status":"publish","type":"post","link":"https:\/\/www.londonchiropracter.com\/?p=12190","title":{"rendered":"Securing the seas when the maritime industry\u2019s drowning"},"content":{"rendered":"\n<p><span>Over the last decade, the maritime industry has undergone a digital transformation to increase efficiencies, save money, gain greater insights into vessels and cargo, and develop new business models. But digitization has created a playground for cybercriminals who are benefiting from the industry\u2019s security shortfalls across cargo ships, cruisers, boats, <\/span><a href=\"https:\/\/thenextweb.com\/news\/sailing-fans-will-be-able-to-form-their-own-sailgp-dao\" target=\"_blank\" rel=\"noopener noreferrer\"><span>yachts<\/span><\/a><span>, and passenger ferries \u2013 and their infrastructure.&nbsp;<\/span><\/p>\n<p><span>Historically, ship owners protected themselves from pirates with weapons. Today, criminals also use an arsenal of digital weapons to attack. And globally, the maritime industry is struggling to keep up as cybercriminals get faster and smarter.&nbsp;<\/span><\/p>\n<p><span>Fortunately, Europe is leading in the effort to bring cybersecurity to the forefront of an industry that has traditionally been resistant to change. A key example is La Marina de Val\u00e8ncia, <\/span><a href=\"https:\/\/thenextweb.com\/valencia\" target=\"_blank\" rel=\"noopener noreferrer\"><span>home of TNW\u2019s first conference in Spain in March 2023<\/span><\/a><span>. It operates as a Port 4.0 testbed and the world\u2019s first cybersecurity Living Lab for the maritime industry.&nbsp;<\/span><\/p>\n<div class=\"inarticle-wrapper shift channel-cta hs-embed-tnw\">\n<div id=\"hs-embed-tnw\" class=\"channel-cta-wrapper\" readability=\"6\">\n<div class=\"channel-cta-img\"><img decoding=\"async\" class=\"js-lazy\" src=\"https:\/\/thenextweb.com\/news\/martime-industry-drowning-from-cybercriminal-threat\"><\/div>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/thenextweb.com\/news\/src=''\"><\/noscript><\/p>\n<div class=\"channel-cta-input\" readability=\"7\">\n<h2 class=\"channel-cta-title\">Hi there, EV nerd!<\/h2>\n<p class=\"channel-cta-tagline\">Subscribe now for a weekly recap of our favorite mobility stories<\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><span>A look at the current status of maritime cybersecurity reveals an industry slow to prevent cyberattacks and struggling to keep up with the technical advances of cyber criminals. While cybercrimes present a number of unique challenges for the industry, Europe is leading the way as a valuable testbed to secure the seas by identifying cybersecurity vulnerabilities and preventing future attacks.&nbsp;<\/span><\/p>\n<h2><strong>Cybersecurity and industry 4.0 at&nbsp; La Marina de Val\u00e8ncia<\/strong><\/h2>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391501 size-featured_img js-lazy\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-796x560.jpeg\" alt=\"The maritime Port 4.0 project is the brainchild of the Valencia 2007 Consortium and Telefonica Tech.\" width=\"796\" height=\"560\" sizes=\"(max-width: 796px) 100vw, 796px\" data-srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-796x560.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-280x197.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-192x135.jpeg 192w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-384x270.jpeg 384w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea.jpeg 1181w\"><figcaption><a href=\"https:\/\/thenextweb.com\/news\/martime-industry-drowning-from-cybercriminal-threat#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: The Port 4.0 project includes a cybersecurity Living Lab directed by the Innovation and Cybersecurity &amp; Cloud Lab at Telef\u00f3nica Tech. Image credit: La Marina de Val\u00e8ncia\" data-title=\"Share The Port 4.0 project includes a cybersecurity Living Lab directed by the Innovation and Cybersecurity &amp; Cloud Lab at Telef\u00f3nica Tech. Image credit: La Marina de Val\u00e8ncia on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share The Port 4.0 project includes a cybersecurity Living Lab directed by the Innovation and Cybersecurity &amp; Cloud Lab at Telef\u00f3nica Tech. Image credit: La Marina de Val\u00e8ncia on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"><\/i><\/a>The Port 4.0 project includes a cybersecurity Living Lab directed by the <span>Innovation and Cybersecurity &amp; Cloud Lab at Telef\u00f3nica Tech. Image credit: <a href=\"https:\/\/www.lamarinadevalencia.com\/news\/1\/430\/la-marina-de-valncia-concluir-su-proyecto-urbanstico-ms-ambicioso-con-la-humanizacin-del-entorno-del-tinglado-2.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">La Marina de Val\u00e8ncia<\/a><\/span><\/figcaption><noscript><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391501 size-featured_img\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-796x560.jpeg\" alt=\"The maritime Port 4.0 project is the brainchild of the Valencia 2007 Consortium and Telefonica Tech.\" width=\"796\" height=\"560\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-796x560.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-280x197.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-192x135.jpeg 192w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-384x270.jpeg 384w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea.jpeg 1181w\"><\/noscript><\/figure>\n<p><span>The Port 4.0 project is the brainchild of the Valencia 2007 Consortium and Telefonica Tech. La Marina is home to around 1,000 recreational boating moorings previously managed manually (think wet paper and clipboards). Now there\u2019s an app that allows boat owners to manage their vessels and bookings remotely and in real-time.&nbsp;<\/span><\/p>\n<p><span>The owners of the moored boats now also enjoy digitised electricity and water supply services. This tests 5G communications, signature and certification platforms, proprietary identity systems, blockchain, and cloud repositories. Anonymized data is generated and made accessible to select scientific and technical communities through an API for R&amp;D purposes. And it\u2019s a powerful way of testing the level of security of new tech in the wild.<\/span><\/p>\n<p><span>According to Sergio de Los Santos, Director of Innovation and Cybersecurity &amp; Cloud Lab at Telef\u00f3nica Tech, \u201cbeing able to test our technology in real use cases, solving complex and specific problems thanks to our innovation, is a unique opportunity.&nbsp;<\/span><\/p>\n<blockquote readability=\"9\">\n<p><span>The consequences can be dire if the logistics of these operations, already digitalised, can be compromised by an attacker who gains access to the protocols. This threat poses a real and costly risk to the industry.<\/span><\/p>\n<\/blockquote>\n<p><span>Maritime organisations\u2019 distributed and global nature makes them an appealing target for cybercriminals. Vessel downtime is expensive. This increases the likelihood of a ransomware payout to avoid disruption. And the problem is only getting bigger.<\/span><\/p>\n<h2><strong>Maritime digitisation expands the attack vector&nbsp;<\/strong><\/h2>\n<p><span>As ships get bigger, with more automation, fewer crew members, and more connectivity, the attack surface expands. A modern maritime vessel involves a complex plethora of digital and hardware devices. This opens <\/span><a href=\"https:\/\/thenextweb.com\/news\/welp-even-ships-are-hackable-now#.tnw_rzradAiT\" target=\"_blank\" rel=\"noopener noreferrer\"><span>the potential for cyber attacks<\/span><\/a><span> both onshore and offshore.<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-1391503 js-lazy\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg.png\" alt width=\"1014\" height=\"1000\" sizes=\"(max-width: 1014px) 100vw, 1014px\" data-srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg.png 1014w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-213x210.png 213w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-137x135.png 137w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-96x96.png 96w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-274x270.png 274w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-796x785.png 796w\"><figcaption><a href=\"https:\/\/thenextweb.com\/news\/martime-industry-drowning-from-cybercriminal-threat#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: The impact of manipulated loading data can be devastating. Image source: Pentest Partners\" data-title=\"Share The impact of manipulated loading data can be devastating. Image source: Pentest Partners on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share The impact of manipulated loading data can be devastating. Image source: Pentest Partners on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"><\/i><\/a><span>The impact of manipulated loading data can be devastating. <\/span><span>Image source: <\/span><a href=\"https:\/\/www.pentestpartners.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>Pentest Partners<\/span><\/a><\/figcaption><noscript><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-1391503\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg.png\" alt width=\"1014\" height=\"1000\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg.png 1014w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-213x210.png 213w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-137x135.png 137w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-96x96.png 96w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-274x270.png 274w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-796x785.png 796w\"><\/noscript><\/figure>\n<p><span>For example, manipulating loading data so that the actual cargo weight is inaccurate can potentially damage a boat or cause it to tip \u2013 particularly perilous if it is carrying cargo such as explosives.&nbsp;<\/span><\/p>\n<p><span>Hacking can be as simple as bringing onboard an infected USB drive or as complex as an attack on the internet router or satellite modem.&nbsp;<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391495 size-full js-lazy\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1.png\" alt=\"yachts conduit for cyber attack \" width=\"2000\" height=\"1125\" sizes=\"(max-width: 2000px) 100vw, 2000px\" data-srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1.png 2000w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-280x158.png 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-240x135.png 240w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-480x270.png 480w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1536x864.png 1536w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-796x448.png 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1592x896.png 1592w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1200x675.png 1200w\"><figcaption><a href=\"https:\/\/thenextweb.com\/news\/martime-industry-drowning-from-cybercriminal-threat#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: Modern luxury yachts offer multiple points of entry and attack for enterprising cybercriminals. Image source: Stefan Gerling, Hack the Sea, DEFCON 2021\" data-title=\"Share Modern luxury yachts offer multiple points of entry and attack for enterprising cybercriminals. Image source: Stefan Gerling, Hack the Sea, DEFCON 2021 on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share Modern luxury yachts offer multiple points of entry and attack for enterprising cybercriminals. Image source: Stefan Gerling, Hack the Sea, DEFCON 2021 on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"><\/i><\/a>Modern luxury yachts offer multiple points of entry and attack for enterprising cybercriminals. Image source: <a href=\"https:\/\/github.com\/ObiWan666\/maritime\/blob\/master\/HackTheSeaVillage-DEFCON28-swiming-ITandOT.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Stefan Gerling<\/a>, Hack the Sea, DEFCON 2021<\/figcaption><noscript><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391495 size-full\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1.png\" alt=\"yachts conduit for cyber attack \" width=\"2000\" height=\"1125\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1.png 2000w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-280x158.png 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-240x135.png 240w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-480x270.png 480w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1536x864.png 1536w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-796x448.png 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1592x896.png 1592w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1200x675.png 1200w\"><\/noscript><\/figure>\n<p><span>The opportunities are huge. And there are a variety of different methods. Here are some of the most common:<\/span><\/p>\n<h2><strong>Ransomware: Give me all your money<\/strong><\/h2>\n<p><span>Ransomware is malware that threatens to publish or block access to data and computer systems until a ransom fee is paid. The maritime industry has been no stranger to ransomware attacks. The world\u2019s largest shipping and logistics companies have suffered ransomware attacks, including <\/span><a href=\"https:\/\/www.presstelegram.com\/2018\/07\/24\/long-beach-port-terminal-hit-by-ransomware-attack\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>COSCO<\/span><\/a><span> from China and <\/span><a href=\"https:\/\/www.freightwaves.com\/news\/cma-cgm-cargo-flowing-despite-ransomware-attack\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>CMA CGM<\/span><\/a><span> from France.&nbsp;<\/span><\/p>\n<p><span>In February this year, port facilities in Belgium, Germany, and the Netherlands were targeted by <\/span><a href=\"https:\/\/www.euronews.com\/2022\/02\/03\/oil-terminals-disrupted-after-european-ports-hit-by-cyberattack\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>a large-scale ransomware cyberattack<\/span><\/a><span> that delayed operations at oil terminals and crippled their loading and unloading systems.<\/span><\/p>\n<p><span>Even passenger vessels aren\u2019t immune. In June 2021, the largest <\/span><a href=\"https:\/\/thenextweb.com\/news\/hydrofoil-tech-could-help-ferries-go-electric\" target=\"_blank\" rel=\"noopener noreferrer\"><span>ferry<\/span><\/a><span> service to Martha\u2019s Vineyard island in the US was targeted by <\/span><a href=\"https:\/\/www.yahoo.com\/entertainment\/ferry-marthas-vineyard-targeted-ransomware-211300775.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>a ransomware attack<\/span><\/a><span> affecting the ticket booking service and website.&nbsp;<\/span><\/p>\n<p><span>Notably, most ransomware attacks go unreported, with companies opting to pay the money (which leaves no guarantee attackers will release their data or resist the urge for a future attack). There is no formal legal requirement to<\/span><a href=\"https:\/\/us-cert.cisa.gov\/forms\/report\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"> <span>report ransomware attacks<\/span><\/a><span> increasing the challenge of preventing further attacks by monitoring cybergangs.&nbsp;<\/span><\/p>\n<p><span>In addition to a paid ransom\u2019s financial gain, criminals may steal data they can sell on the black market:<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391499 size-featured_img js-lazy\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-796x607.webp\" alt=\"maritime data for sale by hackers on the dark web\" width=\"796\" height=\"607\" sizes=\"(max-width: 796px) 100vw, 796px\" data-srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-796x607.webp 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-276x210.webp 276w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-177x135.webp 177w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-354x270.webp 354w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb.webp 1000w\"><figcaption><a href=\"https:\/\/thenextweb.com\/news\/martime-industry-drowning-from-cybercriminal-threat#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: Data from a shipping company is available for sale on the dark web. Source: Flashpoint\" data-title=\"Share Data from a shipping company is available for sale on the dark web. Source: Flashpoint on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share Data from a shipping company is available for sale on the dark web. Source: Flashpoint on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"><\/i><\/a>Data from a shipping company is available for sale on the dark web. Source: <a href=\"https:\/\/flashpoint.io\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Flashpoint<\/a><\/figcaption><noscript><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391499 size-featured_img\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-796x607.webp\" alt=\"maritime data for sale by hackers on the dark web\" width=\"796\" height=\"607\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-796x607.webp 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-276x210.webp 276w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-177x135.webp 177w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-354x270.webp 354w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb.webp 1000w\"><\/noscript><\/figure>\n<h2><strong>Obfuscate or conceal your vessel\u2019s identity&nbsp;<\/strong><\/h2>\n<p><a href=\"https:\/\/www.marinetraffic.com\/blog\/ais-faq\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>Automatic Identification Systems<\/span><\/a><span> (AIS) enable ships to transmit small parcels of data such as a vessel\u2019s type, identity, position, course, speed, and navigational status to improve maritime safety and avoid collisions. It provides a means to detect and prevent illicit activities at sea. AIS hacking also can misrepresent a ship\u2019s location.&nbsp;<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391500 size-featured_img js-lazy\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-796x478.jpeg\" alt=\"AIS tracker \" width=\"796\" height=\"478\" sizes=\"(max-width: 796px) 100vw, 796px\" data-srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-796x478.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-280x168.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-225x135.jpeg 225w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-450x270.jpeg 450w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22.jpeg 1354w\"><figcaption><a href=\"https:\/\/thenextweb.com\/news\/martime-industry-drowning-from-cybercriminal-threat#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: An example of an AIS tracker in action. Credit: Marine Insight\" data-title=\"Share An example of an AIS tracker in action. Credit: Marine Insight on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share An example of an AIS tracker in action. Credit: Marine Insight on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"><\/i><\/a>An example of an AIS tracker in action. Credit: <a href=\"https:\/\/www.marineinsight.com\/marine-navigation\/automatic-identification-system-ais-integrating-and-identifying-marine-communication-channels\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Marine Insight<\/a><\/figcaption><noscript><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391500 size-featured_img\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-796x478.jpeg\" alt=\"AIS tracker \" width=\"796\" height=\"478\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-796x478.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-280x168.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-225x135.jpeg 225w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-450x270.jpeg 450w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22.jpeg 1354w\"><\/noscript><\/figure>\n<p><a href=\"https:\/\/thenextweb.com\/news\/the-us-navy-is-investigating-possibility-of-cyber-attack-in-latest-collision\" target=\"_blank\" rel=\"noopener noreferrer\"><span>Naval vessels<\/span><\/a><span> are extremely attractive to cybercriminals. In June 2021, the AIS tracking of two UK and Netherlands Navy ships was <\/span><a href=\"https:\/\/news.usni.org\/2021\/06\/21\/positions-of-two-nato-ships-were-falsified-near-russian-black-sea-naval-base\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>hacked<\/span><\/a><span>. AIS data transmitted that the vessel sailed from Odesa port to Sevastopol, within just <\/span><i><span>two nautical miles <\/span><\/i><span>of the Crimean port \u2013 an aggressive political act that would call for retaliation. But in reality, live camera feeds show that the vessels had never left port. A similar attack affected the <\/span><a href=\"https:\/\/www.dn.se\/sverige\/falska-svenska-marina-fartyg-pa-natet-pekas-ut-pa-positioner-nara-ryssland\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>AIS track of nine vessels<\/span><\/a><span> from the Swedish Navy in February 2021, making it appear that they consecutively left the naval base in Karlskrona late in the evening and sailed south into the Baltic Sea when they did not.&nbsp;<\/span><\/p>\n<p><span>Bizarrely, AIS can also be turned off for vessel obscurity in unsafe areas inhabited by pirates, to mislead Port authorities, or conceal a vessel\u2019s identity or route or criminal activity. This allows vessels to engage in illegal fishing, carry illegal goods, circumvent international sanctions, or gain a financial advantage \u2013 for example, oil traders concealing the oil by switching off AIS. This could affect crude oil prices.&nbsp;<\/span><\/p>\n<h2><strong>State-sponsored attacks&nbsp;<\/strong><\/h2>\n<p><span>As an industry, shipping is subject to state-sponsored attacks, sometimes as an intentional target and sometimes as a victim in a broader cross-industry attack such as the NotPetya attack that the CIA attributes to the <\/span><a href=\"https:\/\/www.washingtonpost.com\/world\/national-security\/russian-military-was-behind-notpetya-cyberattack-in-ukraine-cia-concludes\/2018\/01\/12\/048d8506-f7ca-11e7-b34a-b85626af34ef_story.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>Russian Military<\/span><\/a><span>. Attacks like these are for political gain, whether to gain information illicitly or adversely impact another country\u2019s economy.&nbsp;<\/span><\/p>\n<p><span>For example, in May 2020, Iran\u2019s busy Shahid Rajaee port terminal was <\/span><a href=\"https:\/\/www.aljazeera.com\/news\/2020\/5\/19\/israel-cyberattack-caused-total-disarray-at-iran-port-report\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>hacked<\/span><\/a><span>. Computers regulating vessels, trucks, and goods flow crashed simultaneously. It resulted in a massive blockage of waterways and roads near the facility. It was allegedly by Israeli operatives in response to Iran\u2019s cyberattack against Israeli water supplies.&nbsp;<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391502 size-full js-lazy\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1.jpeg\" alt width=\"877\" height=\"493\" sizes=\"(max-width: 877px) 100vw, 877px\" data-srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1.jpeg 877w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-280x157.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-240x135.jpeg 240w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-480x270.jpeg 480w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-796x447.jpeg 796w\"><figcaption><a href=\"https:\/\/thenextweb.com\/news\/martime-industry-drowning-from-cybercriminal-threat#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: Maritime company Maersk was hit by a lockerware attack that downed the company\u2019s digital infrastructure for over a month\" data-title=\"Share Maritime company Maersk was hit by a lockerware attack that downed the company\u2019s digital infrastructure for over a month on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share Maritime company Maersk was hit by a lockerware attack that downed the company\u2019s digital infrastructure for over a month on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"><\/i><\/a>Maritime company Maersk was hit by a lockerware attack that downed the company\u2019s digital infrastructure for over a month<\/figcaption><noscript><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391502 size-full\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1.jpeg\" alt width=\"877\" height=\"493\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1.jpeg 877w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-280x157.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-240x135.jpeg 240w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-480x270.jpeg 480w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-796x447.jpeg 796w\"><\/noscript><\/figure>\n<p><span>But perhaps the most infamous example of a state-sponsored attack was NotPetya. This military cyberattack masqueraded as a ransomware attack but, as Daniel Ng, CEO of UK maritime cybersecurity company <\/span><a href=\"https:\/\/cyberowl.io\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>CyberOwl<\/span><\/a><span> explained, was actually a more aggressive lockerware attack, permanently wiping data. And it hit Copenhagen-based shipping giant A.P. Moller-Maersk, which moves about one-fifth of the world\u2019s freight, downing the company\u2019s digital infrastructure for over a month. This resulted in a financial loss between <\/span><a href=\"https:\/\/phys.org\/news\/2017-08-moller-maersk-cyberattack-million.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>$200 to $300 million range<\/span><\/a><span> and forced its IT team to <\/span><a href=\"https:\/\/www.securityweek.com\/maersk-reinstalled-50000-computers-after-notpetya-attack\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>reinstall the software<\/span><\/a><span> on its entire infrastructure, including 45,000 PCs and 4,000 servers.<\/span><\/p>\n<h2><strong>Activists&nbsp;<\/strong><\/h2>\n<p><span>More common in industries like oil and gas and logging, activists can also cause maritime chaos by tweaking navigational data. In February this year, \u200b\u200bhacking group Anonymous renamed Russian president Vladimir Putin\u2019s yacht \u201cFCKPTN\u201d by vandalising maritime tracking data. They also made it look like the <\/span><a href=\"https:\/\/thenextweb.com\/news\/sail-gp-uses-tech-renewables-and-competition-to-become-climate-positive\" target=\"_blank\" rel=\"noopener noreferrer\"><span>yacht<\/span><\/a><span> crashed into Snake Island, Ukraine, with the destination of \u201chell.\u201d<\/span><\/p>\n<blockquote class=\"twitter-tweet\" readability=\"6.8838709677419\">\n<p dir=\"ltr\" lang=\"en\">Now Putin\u2019s yacht is on the right track! \ud83d\ude09 <a href=\"https:\/\/twitter.com\/hashtag\/FckPutin?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">#FckPutin<\/a><\/p>\n<p>with love, <a href=\"https:\/\/twitter.com\/hashtag\/Anonymous?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">#Anonymous<\/a> \u2764 <a href=\"https:\/\/t.co\/3T8BLAcVOA\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">pic.twitter.com\/3T8BLAcVOA<\/a><\/p>\n<p>\u2014 Anonymous (@LatestAnonPress) <a href=\"https:\/\/twitter.com\/LatestAnonPress\/status\/1498451214777921536?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">March 1, 2022<\/a><\/p>\n<\/blockquote>\n<p><span>There are also a plethora of cyberattacks where the potential is less clear. For example, in February this year, the Port of London Authority was hit by a Distributed Denial of Service (DDoS) <\/span><a href=\"https:\/\/insurancemarinenews.com\/insurance-marine-news\/pola-hit-by-cyberattack\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>cyber attack<\/span><\/a><span> by Iranian cybercriminals, <\/span><a href=\"https:\/\/www.hackread.com\/pro-iran-altahrea-hit-port-of-london-website-ddos-attack\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>allegedly<\/span><\/a><span> a politically motivated attack. It oversees the movement of more than 200,000 commercial and leisure vessels annually. It\u2019s unclear whether the act was political or a case of digital vandalism. It could also have been an effort to distract from a sneakier attack. Or the aim to disable systems that might detect such an attack.<\/span><\/p>\n<h2><strong>Why is the maritime industry so slow to act?&nbsp;<\/strong><\/h2>\n<p><span>The maritime industry has undergone a digital transformation for decades but lags behind other sectors when it comes to <a href=\"https:\/\/thenextweb.com\/topic\/cybersecurity\" target=\"_blank\" rel=\"noopener noreferrer\">cybersecurity<\/a> for various reasons.&nbsp;<\/span><\/p>\n<p><span>There\u2019s good old \u2018security by obscurity\u2019, where companies fail at even the most basic inventory of their digital assets. There\u2019s the combinatorial complexity of legacy and modern equipment unable to guarantee security. This is because legacy equipment is out of warranty and cannot be patched.&nbsp;&nbsp;<\/span><\/p>\n<p><span>Unlike the IT infrastructure, not all operational technology (OT) infrastructure has traditionally had a dashboard for operational visibility. Any anomalies, if detected, may be attributed to a system when they represent something more severe that then spreads to the IT network.&nbsp;<\/span><\/p>\n<p><span>Kevin Bielicki, Analyst in Physical Security and Counter-terrorism at <\/span><a href=\"https:\/\/flashpoint.io\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>Flashpoint <\/span><\/a><span>cybersecurity, notes that connectivity may be so perilous that you should \u201cdisconnect nothing unless you know what you do, always ask the captain before you do something.\u201d<\/span><\/p>\n<p><span>The challenge of securing the seas is exacerbated by a lack of reliable end-to-end digitization. Ng shared that, for example, cargo vessels spend most of their time at sea, with only very short windows at port, during which they are otherwise preoccupied with loading and unloading goods.&nbsp;<\/span><\/p>\n<p><span>Ng explains, \u201cOften the ship managers will decide, they\u2019re just not even going to fix it. Or there\u2019s just not enough time to do it.\u201d And a vessel may get dry docked, in a position to dig deep into repair and updates, only every three years. This is due to waiting queues at docks. That\u2019s a long time between in-depth security updates.&nbsp;<\/span><\/p>\n<h2><strong>Insider jobs are also part of the mix<\/strong><\/h2>\n<p><span>Insiders can also aid cybercriminals. A 2019 <\/span><a href=\"https:\/\/red-goat.com\/wp-content\/uploads\/2022\/06\/Red-Goat-Insider-Threat-Report-2019.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>study<\/span><\/a><span> by Red Goat Cybersecurity surveyed thousands of people across industry verticals and found a wealth of underreporting of suspicious activity. One shipping company employee recalled:&nbsp;<\/span><\/p>\n<blockquote readability=\"10.25386996904\">\n<p><span>I\u2019ve seen Captains and others stealing, photographing documents, and selling them. I have even seen people get paid to try and plug little boxes into the<\/span> <a href=\"https:\/\/en.wikipedia.org\/wiki\/Electronic_Chart_Display_and_Information_System\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>Electronic Chart Display and Information System<\/span><\/a><span> (ECDIS). Thankfully nothing bad happened, but I\u2019m on a ship \u2013 if I report someone, I am stuck with them for months!<\/span><\/p>\n<\/blockquote>\n<p><span>Then, there\u2019s plain old reluctance. de Los Santos, asserts:<\/span><\/p>\n<blockquote readability=\"11\">\n<p><span>Established models have been in operation for years, and change implies uncertainty as well as potential shutdowns that are unaffordable for industries in which every minute is translated into millions of euros loss. There\u2019s also a feeling that the introduction of new elements, even if they are to improve cybersecurity, means more uncertainty or potential points of failure (it goes against safety).<\/span><\/p>\n<\/blockquote>\n<h2><strong>Cyber-SHIP Lab<\/strong><\/h2>\n<p><span>In 2019, the University of Plymouth launched <\/span><a href=\"https:\/\/www.plymouth.ac.uk\/research\/cyber-ship-lab\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>Cyber-SHIP Lab<\/span><\/a><span>, a national centre for research into maritime cybersecurity. It is developed in partnership with equipment manufacturers, solution developers, shipping and Port operators, shipbuilders, classification agencies, and insurance companies.<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391505 size-featured_img js-lazy\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-796x534.jpeg\" alt width=\"796\" height=\"534\" sizes=\"(max-width: 796px) 100vw, 796px\" data-srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-796x534.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-280x188.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-201x135.jpeg 201w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-402x270.jpeg 402w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship.jpeg 943w\"><figcaption><a href=\"https:\/\/thenextweb.com\/news\/martime-industry-drowning-from-cybercriminal-threat#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: The Cyber-SHIP Lab, is a UK center for research into maritime cybersecurity. that includes a unique hardware-based configurable test bed platform to replicate and risk-assess vulnerabilities.\" data-title=\"Share The Cyber-SHIP Lab, is a UK center for research into maritime cybersecurity. that includes a unique hardware-based configurable test bed platform to replicate and risk-assess vulnerabilities. on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share The Cyber-SHIP Lab, is a UK center for research into maritime cybersecurity. that includes a unique hardware-based configurable test bed platform to replicate and risk-assess vulnerabilities. on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"><\/i><\/a>The Cyber-SHIP Lab, is a UK center for research into maritime cybersecurity. that includes <span>a unique hardware-based configurable test bed platform to replicate and risk-assess vulnerabilities.<\/span><\/figcaption><noscript><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-1391505 size-featured_img\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-796x534.jpeg\" alt width=\"796\" height=\"534\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-796x534.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-280x188.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-201x135.jpeg 201w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-402x270.jpeg 402w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship.jpeg 943w\"><\/noscript><\/figure>\n<p><span>Their audience extends from students and government to manufacturers and companies who have experienced or are anticipating an attack. She explained, \u201cWe look at systems currently deployed, but also next-generation technology that hasn\u2019t hit shelves yet.\u201d<\/span><\/p>\n<p><span>Earlier this year, the research department worked with the Bank of England. They wanted to test how some of the world\u2019s leading insurance firms would respond to a maritime cyber attack.<\/span><\/p>\n<p><span>They used a scenario where an individual or organisation gains access to the bridge system of commercial seagoing vessels. This caused physical damage to ships and ports. The maritime supply chain, accounting for 90% of world trade in goods, was heavily disrupted.<\/span><\/p>\n<p><span>Companies are then asked to detail their response and the impact upon their clients across various industries.<\/span> <span>It\u2019s the first time a maritime cyber incident has featured in the General Insurance Stress Test, and Plymouth is the only university credited with helping to pull it together.<\/span><\/p>\n<p><span>In early September, Lloyd\u2019s of London <\/span><a href=\"https:\/\/assets.lloyds.com\/media\/35926dc8-c885-497b-aed8-6d2f87c1415d\/Y5381%20Market%20Bulletin%20-%20Cyber-attack%20exclusions.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>announced<\/span><\/a><span> that their insurance policies would stop covering losses from specific nation-state cyber attacks and those that happen during wars from March 31, 2023. This can massively drive up the cost of insurance policies and leave the shipping industry significantly out of pocket.<\/span><\/p>\n<p><span>As Lisa Forte, an analyst at Red Goat cybersecurity firm, <\/span><a href=\"https:\/\/www.theregister.com\/2022\/09\/06\/lloyds_cyber_insurance_policy\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span>wrote<\/span><\/a><span>, \u201cit\u2019s heinously tricky to definitively attribute attacks to particular groups or provide proof of state sponsors. Is there hope for the ships of the future?\u201d<\/span><\/p>\n<p><span>In the short term, no. I asked Ng if I was a rich person and bought a brand spanking new high-tech boat with the latest software if it would be secure. He laughed, \u201cnot even close.\u201d<\/span><\/p>\n<p><span>But fortunately, the tides are turning. The International Association of Classification Societies has developed two Unified Requirements (URs) on cyber resilience. They are mandatory for vessels constructed from January 2024:&nbsp;<\/span><\/p>\n<p><a href=\"https:\/\/iacs.org.uk\/download\/14104\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><b>UR E26<\/b><\/a><span> aims to secure IT and OT equipment during a ship\u2019s design, construction, commissioning, and operational life. Vessels regulations cover equipment identification, protection, attack detection, response, and recovery.<\/span><\/p>\n<p><a href=\"https:\/\/iacs.org.uk\/download\/14105\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><b>UR E27<\/b><\/a><span> aims to ensure system integrity is secured and hardened by third-party equipment suppliers. This UR provides requirements for cyber resilience of onboard systems, equipment, and the user interface, as well as product design and development requirements for new devices before their onboard implementation ships.<\/span><\/p>\n<p><span>However, as Ng notes, this excludes the 70,000-odd vessels currently operating.&nbsp;<\/span><\/p>\n<p><span>In the US, a reauthorization bill called the \u201c<a href=\"https:\/\/www.congress.gov\/bill\/117th-congress\/house-bill\/6865\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Coast Guard Authorization Act of 2022<\/a>\u201d is currently being pushed, requiring the Coast Guard to massively update their efforts on maritime security. Its focus includes data gathering and management for studying cyber threats. It also calls for limits on the procurement of specific Chinese technologies.<\/span><\/p>\n<p><span>Kimberley Lam is hopeful that we can meet all the threats in the upcoming years head-on and be prepared. However, she remains concerned about the influx of nation-state threats. She asserts: \u201cWe are seeing the start of this, and if this trends to more intelligent attacks in a world with more autonomy and complex systems, this is a danger.\u201d<\/span><\/p>\n<p><span>And in case of the next attack, it\u2019s a matter of when not if.&nbsp;<\/span><\/p>\n<p> <a href=\"https:\/\/thenextweb.com\/news\/martime-industry-drowning-from-cybercriminal-threat\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Over the last decade, the maritime industry has undergone a digital transformation to increase efficiencies, save money, gain greater insights into vessels and cargo, and develop new business models. But digitization has&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/12190"}],"collection":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12190"}],"version-history":[{"count":0,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/12190\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}