Scribd
Upload
38 views6 pages

Maritime Cyber Security

The document discusses the increasing cyber threats faced by the maritime industry due to digitalization, highlighting significant incidents such as the NotPetya attack on Maersk and breaches at the Port of Antwerp. It emphasizes the need for robust cybersecurity frameworks, advanced threat detection systems, and industry-wide collaboration to protect maritime infrastructure from cyber threats. The paper concludes that addressing human factors and implementing best practices are crucial for ensuring the security of global supply chains and the economy.

Uploaded by

samsonstephano554
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
38 views6 pages

Maritime Cyber Security

The document discusses the increasing cyber threats faced by the maritime industry due to digitalization, highlighting significant incidents such as the NotPetya attack on Maersk and breaches at the Port of Antwerp. It emphasizes the need for robust cybersecurity frameworks, advanced threat detection systems, and industry-wide collaboration to protect maritime infrastructure from cyber threats. The paper concludes that addressing human factors and implementing best practices are crucial for ensuring the security of global supply chains and the economy.

Uploaded by

samsonstephano554
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

International Research Journal on Advanced Engineering and e ISSN: 2584-2854

Management Volume: 03
Issue:02 February 2025
https://goldncloudpublications.com Page No: 167-172
https://doi.org/10.47392/IRJAEM.2025.0029

Maritime Cybersecurity
Dr. S. Gopinath1, Mr. M. Hemanand2, Mr. P. Arunprasath3, Mr. M. Vivek4, Mr. P. Balaji5, S.S. Leena Charan6
1
Professor, Department of Marine Engineering, Coimbatore Marine College, Coimbatore, Tamil Nadu, India.
2,3,4,5
Assistant Professor, Department of Marine Engineering, Coimbatore Marine College, Coimbatore, Tamil
Nadu, India.
6
UG Scholar, Department of Marine Engineering, Coimbatore Marine College, Coimbatore, Tamil Nadu,
India.
Emails: sgopy.suresh@gmail.com1, hem_mariner@yahoo.in2, me.arunprasath@gmail.com3,
viveksss2020@gmail.com4, balaji.pacet@gmail.com5, leenacharan2004@gmail.com6

Abstract
As the maritime industry continues to digitalize in pursuit of efficiency and connectivity, it increasingly opens
itself up to growing cyber threats, which may very seriously hamper operations, cause huge financial losses,
or even result in environmental disasters. Specifically, this paper investigates the important aspects of
maritime cybersecurity about protecting infrastructure from cyber threats. The paper points to the weaknesses
brought about by the integration of IT and OT systems in the maritime sector, illustrated with high-profile
incidents like the NotPetya attack on Maersk and the cyber breach at the Port of Antwerp, and calls for the
establishment of sound cybersecurity frameworks in maritime operations. Advanced threat detection systems,
network segmentation, data encryption, and human factors all play key roles in mitigating such risks. The
paper concludes by calling for industry-wide collaboration in implementing good practices to ensure that
global supply chains and the wider economy are safe and secure from the threat of cyber-attacks.
Keywords: Maritime cybersecurity; NotPetya attack; Threat detection systems; Cyber-attacks.

1. Introduction
On efficiency and connectivity, the industry has discusses the development of robust cybersecurity
really moved toward digitalization; it has placed itself frameworks for securing operations.
firmly at the very core of worldwide trade. This shift 2. Case Studies of Cyber-Attacks Within the
toward the digital future, however, has dramatically Maritime Industry
increased the cyber threat against maritime In view of the high publicity accrued to some of the
operations. The interlinking of IT and OT systems cyber-attacks that have targeted the maritime
exposed vulnerabilities within these synergies that industry, associated case studies underline potential
cybercriminals could identify very fast. Such impact and reiterate the need for robust measures
breaches can have devastating consequences in terms against cyber threats.
of operational disruption, financial losses, and 2.1 Maersk and the Not-Petya Attack
environmental disasters. [2] This paper presents the In 2017, Maersk, a giant in the global shipping
critical dimensions of maritime cybersecurity related industry, was hit by one of the most devastating
to protecting the infrastructure from cyber threats. It cyber-attacks in maritime history when NotPetya
reviews some key case studies on cyber-attacks, ransomware struck. Believed to be state sponsored,
assesses vulnerabilities in maritime systems, and the chain of attacks had a very devastating impact on

IRJAEM 167
International Research Journal on Advanced Engineering and e ISSN: 2584-2854
Management Volume: 03
Issue:02 February 2025
https://goldncloudpublications.com Page No: 167-172
https://doi.org/10.47392/IRJAEM.2025.0029

Maersk. The firm underwent a colossal IT recovery the tune of about 300 million dollars as shown in the
effort and reinstalled 4,000 servers, 45,000 figure 1. This incident was a wake-up call; it showed
computers, and 2,500 applications as a means of that maritime companies were exposed to global
recovery to take control of their systems. During that cyber threats, and inadequate cybersecurity could
time, Maersk could not process any order which led lead to disastrous consequences. [3, 4]
to enormous delays with estimated financial losses to

Figure 1 Effect of Cyber-Attacks on Maersk Shares


Source: https://www.slideshare.net/slideshow/maersk-notpetya-crisis-response-case-study/155864831#18

That is an interesting fact: Maersk was not the bad shape. Although this attack did not shut down the
intended victim. The malware NotPetya was just one complete functioning of the port, it brought highly
part of a larger cyber campaign orchestrated by a impactful delays to key administrative functions,
Russian hacker group called Sandworm that had including public safety systems so vital to the running
broken into the Ukrainian government and many of the port. It had to fall back on manual procedures
businesses. The point of entry was this small, local for some days, which, of course, led to inefficiencies
software company, Linkos Group, which developed and slowdowns of operations. The incident proved
software, including M.E. Doc, for use in accounting, how vulnerable port infrastructure can be to cyber-
but it became ubiquitous across Ukraine. In the attacks and how easily such disruptions bring the
beginning of the year 2017, Sandworm leveraged activities of the port to a grinding halt. [5]
M.E. Doc’s updating servers, thereby handing direct 2.3 COSCO Shipping Lines, 2018
access towards thousands of computers using the In July 2018, one of the largest logistics companies
software over to themselves. The breach that felled in the world, COSCO Shipping Lines, was hit by a
Maersk began in Ukraine in the port city of Odessa cyber-attack that hit at the very core of its operating
with just one infected computer. That singular systems across the Americas. It shut down parts of its
infection was enough to spread the ransomware email and IT services to contain the malware that had
through Maersk's entire worldwide network, led to communication breakdowns and delays in
resulting in port operations being locked down cargo handling as shown in the figure 2. Despite the
entirely, with tens of thousands of truckloads refused mayhem, COSCO managed to keep itself going by
as the company, in essence, ground to a halt. falling back on manual processes. The incident itself
2.2 Port of San Diego, 2018 drove home the lesson of putting in place strong
In September 2018, the Port of San Diego was hit by business continuity plans in case of a cyberattack. [6]
a ransomware attack that put its IT systems in very

IRJAEM 168
International Research Journal on Advanced Engineering and e ISSN: 2584-2854
Management Volume: 03
Issue:02 February 2025
https://goldncloudpublications.com Page No: 167-172
https://doi.org/10.47392/IRJAEM.2025.0029

Figure 2. Effect of Cyber-Attacks on Cosmo Shipping Line


Source: https://www.researchgate.net/figure/Cyberattacks-in-maritime-transportindustry_tbl1_342167733

2.4 Port of Antwerp Drug Smuggling, 2013 3. A Critical Vulnerability: Dynamic


In 2013, the Port of Antwerp was the scene of a Positioning Vessels
cyber-attack that revealed how some hackers are still Dynamic Positioning Systems are state-of-the-art
fueled by criminal motives beyond demands for computerized systems that keep a vessel on its
ransom. Hackers attacked the port's systems using position and heading automatically using propellers
spear-phishing and malware attacks against port and thrusters as shown in the figure 3. Such systems
authority staff and shipping companies. They bring great benefits during operations, but they also
infiltrated the systems to preprogram the movement pose a cyber security threat due to the requirements
of containers to conceal drug shipments, after which for interconnected digital networks and complex
smugglers would collect the respective containers computerized components. Such interconnectivity
before the arrival of legitimate haulers. [1] creates numerous potential entry points for hackers.

Figure 3 Dynamic Positioning Systems


Source: https://www.abs-group.com/Knowledge-Center/Insights/Hacking-the-Ship-Scenario-An-Offshore-
Supply-Vessels-Dynamic-Positioning-System/

IRJAEM 169
International Research Journal on Advanced Engineering and e ISSN: 2584-2854
Management Volume: 03
Issue:02 February 2025
https://goldncloudpublications.com Page No: 167-172
https://doi.org/10.47392/IRJAEM.2025.0029

A cyber incident on a DP system could be due to the events, filtering out suspicious activities for response
loss of communication between the operator control before major damages are caused. This means
stations and the sensors and actuators that control segregating and isolating critical systems from less
vessel movement. For instance, this could be initiated secure networks to minimize the effect of potential
by a disgruntled administrator who plugs an cyber-attacks. For instance, OT networks responsible
unscanned USB device with a virus, such as a botnet, for controlling vessels and physical processes in the
into the DP system to do an update using specialized ports need to be separated from IT networks used in
software. Once the botnet is inside, it can infect all administrative functions. This would thereby
the systems connected to the network within a very complicate the possibilities for lateral movement
short time, and each of the infected workstations within a network to gain access to important systems
becomes a "zombie workstation." Once the botnet by attackers. Enhancing and improving data
activates and there are DP operations currently encryption is quite necessary to protect sensitive
underway on board the vessel, it can unexpectedly information that may be transmitted through these
engage the thrusters through the control unit, networks. Even if cybercriminals intercept the data
manipulate rudders, or surge the engines in such a and it is encrypted, they will not be able to easily
way that the vessel moves suddenly without control. decrypt it or make any other use of that information.
This results in the loss of equipment, lives in danger, To this end, implement secure protocols for
and is bound to spark off environmental disasters. communication, such as SSL/TLS, in every case of
[11] remote access or data transfer. [7, 8, 9]
4. Protecting Maritime Infra Structure from 6. Human Factor and Manual Control
Cyber Threats: Building Resilient Cyber As said by Pen Test Partners “A Ponemon data
Security Frame Works breach report in 2017 showed that it took US
The study above clearly indicates that cybersecurity organization’s an average of 206 days to detect a data
is highly relevant to maritime infrastructure, breach. That’s a statistic from shore-based
especially with the growing reliance by the industry organizations, where IT and IT security personnel
on sophisticated technologies. Digital systems being and expertise are usually available. So how does a
at the core of everything from navigation to cargo ship’s crew, where perhaps one person on the crew
handling these days, new vulnerabilities have has a small amount of basic IT skill, detect a breach
emerged that set the scene for the protection of of a vessel? If you don’t know, you can’t act. At what
maritime infrastructure. The growing cyber threats to point do you decide that the navigation systems are
the maritime sector put a demand for urgent no longer trustworthy? Who makes that decision?
development and effective implementation of The inexperienced third officer? Do they wake the
appropriate cybersecurity frameworks exclusively in captain? Who decides to take the vessel out of track
the maritime domain, able to provide broad coverage control mode? Remember, security isn’t binary –
of both information technology and operational something is a bit odd, but all the digital systems
technology systems for a full security environment of seem to agree with each other.”, it is evident that the
all aspects related to maritime activities. human factor in responding to a cyberattack is by far
5. Threat Detection and Response Systems the greatest vulnerability that hackers can exploit.
In contemporary maritime operations, threat “Imagine a junior officer having to cope with failing
detection and response systems are the mainstream of navigation systems, all bridge sensors offline,
effective cyber threat identification and steering gear not responding, and engine levers
neutralization in real time. In this view, technologies inoperative. Manual control is an option, but I know
like Intrusion Detection Systems, Intrusion only too well, as a pilot, how quickly one can be
Prevention Systems, and Security Information and overloaded by information and become incapable of
Event Management tools are very vital. These are dealing with a situation. Fixation on a single error
tools that 'watch over' the network traffic and security rapidly brings loss of the wider picture.” [10] “An

IRJAEM 170
International Research Journal on Advanced Engineering and e ISSN: 2584-2854
Management Volume: 03
Issue:02 February 2025
https://goldncloudpublications.com Page No: 167-172
https://doi.org/10.47392/IRJAEM.2025.0029

offset being injected into an ECDIS by Pen Test need for custom-tailored cybersecurity frameworks.
Partners as shown in the figure 4. Note the vessel has A fully feasible way to tackle this fast-growing cyber
moved from one side of a breakwater to the other.” In threat is through adoption of best practices, frequent
the end, the training of crew members and building a risk assessments, and cross-industry stakeholder
system to detect these cyberattacks is the most engagement. It is not just about the secure operation
important step in protecting cyberthreats in the of ships and ports; when it comes to maritime
maritime industry. [Pen Test Partners: “Ships can’t be infrastructure, it provides security for supply chains
hacked. Wrong”]. globally and the world's economy at large.
References
[1]. CNBC Hackers can bring ships and planes to
a grinding halt. And it could become much
more common. (https:// www. cnbc. Com/
2022/06/27/ hackers-can-now-bring-cargo-
ships-and-planes-to-a-grinding-halt.html)
[2]. International Maritime Organization (IMO):
Guidelines on Maritime Cyber Risk
Management.(https://www.imo.org/en/OurW
ork/Security/Pages/Cyber-security.aspx)
[3]. The New York Times, "The Untold Story of
NotPetya, the Most Devastating Cyberattack
in-History” (https: // www. nytimes. com/
2018/08/22/magazine/ notpetya cyberattack
ukraine russia-code.html)
[4]. Wired, "Inside the Cyberattack That Shocked
the US, " (https:/ /www. wired.com /story/
notpetya cyber-attack-ukraine-russia-code-
crashed-the-world/)
[5]. Port of San Diego Press Release, "Port of San
Diego Responding to Cybersecurity
Incident,". (https: //www. portofsandiego.
org/press releases/general-press-
releases/port-san-diego responding
cybersecurity-incident)
[6]. Maritime Executive, "COSCO Shipping Hit
by Cyber Attack,
Figure 4 Human Factor and Manual Control "(https://www.maritimeexecutive.com/article
Source: https://www.pentestpartners.com/security- /cosco-shipping-hit-by-cyber-attack)
blog/ships-cant-be-hacked-wrong/ [7]. National Institute of Standards and
Technology (NIST): Cyber security
Conclusion Framework.(https://www.nist.gov/cyberfram
Cybersecurity is a growing concern with the increase ework)
in the use of digital technology in the maritime [8]. European Union Agency for Cybersecurity
industry. Cyber-attacks are disruptive and can (ENISA): Port Cybersecurity - Good
facilitate crime. Such vulnerabilities in the system of practices for cybersecurity in the maritime
shipping, for example, in Dynamic Positioning and sector. (https:// www. enisa.europa.eu/
satellite communication terminals, raise an urgent publications/ port-cybersecurity-good-

IRJAEM 171
International Research Journal on Advanced Engineering and e ISSN: 2584-2854
Management Volume: 03
Issue:02 February 2025
https://goldncloudpublications.com Page No: 167-172
https://doi.org/10.47392/IRJAEM.2025.0029

practices-for-cybersecurity-in-the-maritime-
sector)
[9]. Maritime Transportation System Information
Sharing and Analysis Center (MTS-ISAC).
(https://www.mtsisac.org/)
[10]. Pen Test Partners: “Ships can’t be hacked.
Wrong”. (https://www.pentestpartners.com/
security-blog/ ships-can’t-be-hacked-wrong/)
[11]. ABS Group: Hacking the Ship Scenario: An
Offshore Supply Vessel's Dynamic
Positioning System. (https:// www.abs-
group.com/ Knowledge-Centre/ Insights/
Hacking- the- Ship- Scenario -An-Offshore
Supply- Vessels- Dynamic- Positioning-
System/)

IRJAEM 172

You might also like