{"id":496816,"date":"2022-09-28T20:00:12","date_gmt":"2022-09-28T17:00:12","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/securing-the-seas-when-the-maritime-industrys-drowning\/"},"modified":"2022-09-28T20:00:12","modified_gmt":"2022-09-28T17:00:12","slug":"securing-the-seas-when-the-maritime-industrys-drowning","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/","title":{"rendered":"#Securing the seas when the maritime industry&#8221;s drowning"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a42ca0c80062\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a42ca0c80062\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/#%E2%80%9CSecuring_the_seas_when_the_maritime_industry%E2%80%9Ds_drowning%E2%80%9D\" >&#8220;Securing the seas when the maritime industry&#8221;s drowning&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/#Hi_there_EV_nerd\" >Hi there, EV nerd!<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/#Cybersecurity_and_industry_40_at_La_Marina_de_Valencia\" >Cybersecurity and industry 4.0 at\u00a0 La Marina de Val\u00e8ncia<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/#Maritime_digitisation_expands_the_attack_vector\" >Maritime digitisation expands the attack vector\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/#Ransomware_Give_me_all_your_money\" >Ransomware: Give me all your money<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/#Obfuscate_or_conceal_your_vessels_identity\" >Obfuscate or conceal your vessel\u2019s identity\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/#State-sponsored_attacks\" >State-sponsored attacks\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/#Activists\" >Activists\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/#Why_is_the_maritime_industry_so_slow_to_act\" >Why is the maritime industry so slow to act?\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/#Insider_jobs_are_also_part_of_the_mix\" >Insider jobs are also part of the mix<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/buradabiliyorum.com\/en\/securing-the-seas-when-the-maritime-industrys-drowning\/#Cyber-SHIP_Lab\" >Cyber-SHIP Lab<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CSecuring_the_seas_when_the_maritime_industry%E2%80%9Ds_drowning%E2%80%9D\"><\/span>&#8220;Securing the seas when the maritime industry&#8221;s drowning&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div id=\"article-main-content\">\n                            <span style=\"font-weight: 400;\">Over the last decade, the maritime industry has undergone a digital transformation to increase efficiencies, save money, gain greater insights into vessels and cargo, and develop new business models. But digitization has created a playground for cybercriminals who are benefiting from the industry\u2019s security shortfalls across cargo ships, cruisers, boats, <\/span><span style=\"font-weight: 400;\">yachts<\/span><span style=\"font-weight: 400;\">, and passenger ferries \u2013 and their infrastructure.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Historically, ship owners protected themselves from pirates with weapons. Today, criminals also use an arsenal of digital weapons to attack. And globally, the maritime industry is struggling to keep up as cybercriminals get faster and smarter.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Fortunately, Europe is leading in the effort to bring cybersecurity to the forefront of an industry that has traditionally been resistant to change. A key example is La Marina de Val\u00e8ncia, <\/span><span style=\"font-weight: 400;\">home of TNW\u2019s first conference in Spain in March 2023<\/span><span style=\"font-weight: 400;\">. It operates as a Port 4.0 testbed and the world\u2019s first cybersecurity Living Lab for the maritime industry.\u00a0<\/span><\/p>\n<div class=\"inarticle-wrapper shift channel-cta hs-embed-tnw\">\n<div id=\"hs-embed-tnw\" class=\"channel-cta-wrapper\">\n<div class=\"channel-cta-img\"><img class=\"js-lazy\" https:=\"\"\/><\/div>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/thenextweb.com\/news\/src=\"\/><\/noscript><\/p>\n<div class=\"channel-cta-input\">\n<h2 class=\"channel-cta-title\"><span class=\"ez-toc-section\" id=\"Hi_there_EV_nerd\"><\/span>Hi there, EV nerd!<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"channel-cta-tagline\">Subscribe now for a weekly recap of our favorite mobility stories<\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><span style=\"font-weight: 400;\">A look at the current status of maritime cybersecurity reveals an industry slow to prevent cyberattacks and struggling to keep up with the technical advances of cyber criminals. While cybercrimes present a number of unique challenges for the industry, Europe is leading the way as a valuable testbed to secure the seas by identifying cybersecurity vulnerabilities and preventing future attacks.\u00a0<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cybersecurity_and_industry_40_at_La_Marina_de_Valencia\"><\/span><strong>Cybersecurity and industry 4.0 at\u00a0 La Marina de Val\u00e8ncia<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" class=\"wp-image-1391501 size-featured_img js-lazy\" alt=\"The maritime Port 4.0 project is the brainchild of the Valencia 2007 Consortium and Telefonica Tech.\" width=\"796\" height=\"560\" sizes=\"auto, (max-width: 796px) 100vw, 796px\" https:=\"\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-796x560.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-280x197.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-192x135.jpeg 192w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-384x270.jpeg 384w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea.jpeg 1181w\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: The Port 4.0 project includes a cybersecurity Living Lab directed by the Innovation and Cybersecurity &amp; Cloud Lab at Telef\u00f3nica Tech. Image credit: La Marina de Val\u00e8ncia\" data-title=\"Share The Port 4.0 project includes a cybersecurity Living Lab directed by the Innovation and Cybersecurity &amp; Cloud Lab at Telef\u00f3nica Tech. Image credit: La Marina de Val\u00e8ncia on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share The Port 4.0 project includes a cybersecurity Living Lab directed by the Innovation and Cybersecurity &amp; Cloud Lab at Telef\u00f3nica Tech. Image credit: La Marina de Val\u00e8ncia on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>The Port 4.0 project includes a cybersecurity Living Lab directed by the <span style=\"font-weight: 400;\">Innovation and Cybersecurity &amp; Cloud Lab at Telef\u00f3nica Tech. Image credit: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.lamarinadevalencia.com\/news\/1\/430\/la-marina-de-valncia-concluir-su-proyecto-urbanstico-ms-ambicioso-con-la-humanizacin-del-entorno-del-tinglado-2.html\">La Marina de Val\u00e8ncia<\/a><\/span><\/figcaption><noscript><img loading=\"lazy\" class=\"wp-image-1391501 size-featured_img\" https:=\"\" alt=\"The maritime Port 4.0 project is the brainchild of the Valencia 2007 Consortium and Telefonica Tech.\" width=\"796\" height=\"560\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-796x560.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-280x197.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-192x135.jpeg 192w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea-384x270.jpeg 384w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/aerea.jpeg 1181w\"\/><\/noscript><\/figure>\n<p><span style=\"font-weight: 400;\">The Port 4.0 project is the brainchild of the Valencia 2007 Consortium and Telefonica Tech. La Marina is home to around 1,000 recreational boating moorings previously managed manually (think wet paper and clipboards). Now there\u2019s an <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a> that allows boat owners to manage their vessels and bookings remotely and in real-time.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The owners of the moored boats now also enjoy digitised electricity and water supply services. This tests 5G communications, signature and certification platforms, proprietary identity systems, blockchain, and cloud repositories. Anonymized data is generated and made accessible to select scientific and technical communities through an API for R&amp;D purposes. And it\u2019s a powerful way of testing the level of security of new tech in the wild.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to Sergio de Los Santos, Director of Innovation and Cybersecurity &amp; Cloud Lab at Telef\u00f3nica Tech, \u201cbeing able to test our <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> in real use cases, solving complex and specific problems thanks to our innovation, is a unique opportunity.\u00a0<\/span><\/p>\n<blockquote><p><span style=\"font-weight: 400;\">The consequences can be dire if the logistics of these operations, already digitalised, can be compromised by an attacker who gains access to the protocols. This threat poses a real and costly risk to the industry.<\/span><\/p>\n<\/blockquote>\n<p><span style=\"font-weight: 400;\">Maritime organisations\u2019 distributed and global nature makes them an appealing target for cybercriminals. Vessel downtime is expensive. This increases the likelihood of a ransomware payout to avoid disruption. And the problem is only getting bigger.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Maritime_digitisation_expands_the_attack_vector\"><\/span><strong>Maritime digitisation expands the attack vector\u00a0<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">As ships get bigger, with more automation, fewer crew members, and more connectivity, the attack surface expands. A modern maritime vessel involves a complex plethora of digital and hardware devices. This opens <\/span><span style=\"font-weight: 400;\">the potential for cyber attacks<\/span><span style=\"font-weight: 400;\"> both onshore and offshore.<\/span><\/p>\n<p>\u00a0<\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" class=\"size-full wp-image-1391503 js-lazy\" alt=\"\" width=\"1014\" height=\"1000\" sizes=\"auto, (max-width: 1014px) 100vw, 1014px\" https:=\"\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg.png 1014w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-213x210.png 213w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-137x135.png 137w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-96x96.png 96w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-274x270.png 274w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-796x785.png 796w\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: The impact of manipulated loading data can be devastating. Image source: Pentest Partners\" data-title=\"Share The impact of manipulated loading data can be devastating. Image source: Pentest Partners on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share The impact of manipulated loading data can be devastating. Image source: Pentest Partners on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a><span style=\"font-weight: 400;\">The impact of manipulated loading data can be devastating. <\/span><span style=\"font-weight: 400;\">Image source: <\/span><a rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size: 16px;\" href=\"https:\/\/www.pentestpartners.com\/\"><span>Pentest Partners<\/span><\/a><\/figcaption><noscript><img loading=\"lazy\" class=\"size-full wp-image-1391503\" https:=\"\" alt=\"\" width=\"1014\" height=\"1000\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg.png 1014w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-213x210.png 213w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-137x135.png 137w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-96x96.png 96w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-274x270.png 274w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/pic.jpg-796x785.png 796w\"\/><\/noscript><\/figure>\n<p><span style=\"font-weight: 400;\">For example, manipulating loading data so that the actual cargo weight is inaccurate can potentially damage a boat or cause it to tip \u2013 particularly perilous if it is carrying cargo such as explosives.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Hacking can be as simple as bringing onboard an infected USB drive or as complex as an attack on the internet router or satellite modem.\u00a0<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" class=\"wp-image-1391495 size-full js-lazy\" alt=\"yachts conduit for cyber attack \" width=\"2000\" height=\"1125\" sizes=\"auto, (max-width: 2000px) 100vw, 2000px\" https:=\"\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1.png 2000w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-280x158.png 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-240x135.png 240w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-480x270.png 480w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1536x864.png 1536w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-796x448.png 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1592x896.png 1592w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1200x675.png 1200w\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: Modern luxury yachts offer multiple points of entry and attack for enterprising cybercriminals. Image source: Stefan Gerling, Hack the Sea, DEFCON 2021\" data-title=\"Share Modern luxury yachts offer multiple points of entry and attack for enterprising cybercriminals. Image source: Stefan Gerling, Hack the Sea, DEFCON 2021 on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share Modern luxury yachts offer multiple points of entry and attack for enterprising cybercriminals. Image source: Stefan Gerling, Hack the Sea, DEFCON 2021 on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>Modern luxury yachts offer multiple points of entry and attack for enterprising cybercriminals. Image source: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/github.com\/ObiWan666\/maritime\/blob\/master\/HackTheSeaVillage-DEFCON28-swiming-ITandOT.pdf\">Stefan Gerling<\/a>, Hack the Sea, DEFCON 2021<\/figcaption><noscript><img loading=\"lazy\" class=\"wp-image-1391495 size-full\" https:=\"\" alt=\"yachts conduit for cyber attack \" width=\"2000\" height=\"1125\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1.png 2000w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-280x158.png 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-240x135.png 240w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-480x270.png 480w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1536x864.png 1536w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-796x448.png 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1592x896.png 1592w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/download-1-1200x675.png 1200w\"\/><\/noscript><\/figure>\n<p><span style=\"font-weight: 400;\">The opportunities are huge. And there are a variety of different methods. Here are some of the most common:<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Ransomware_Give_me_all_your_money\"><\/span><strong>Ransomware: Give me all your money<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Ransomware is malware that threatens to publish or block access to data and computer systems until a ransom fee is paid. The maritime industry has been no stranger to ransomware attacks. The world\u2019s largest shipping and logistics companies have suffered ransomware attacks, including <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.presstelegram.com\/2018\/07\/24\/long-beach-port-terminal-hit-by-ransomware-attack\/\"><span style=\"font-weight: 400;\">COSCO<\/span><\/a><span style=\"font-weight: 400;\"> from China and <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.freightwaves.com\/news\/cma-cgm-cargo-flowing-despite-ransomware-attack\"><span style=\"font-weight: 400;\">CMA CGM<\/span><\/a><span style=\"font-weight: 400;\"> from France.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In February this year, port facilities in Belgium, Germany, and the Netherlands were targeted by <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.euronews.com\/2022\/02\/03\/oil-terminals-disrupted-after-european-ports-hit-by-cyberattack\"><span style=\"font-weight: 400;\">a large-scale ransomware cyberattack<\/span><\/a><span style=\"font-weight: 400;\"> that delayed operations at oil terminals and crippled their loading and unloading systems.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Even passenger vessels aren\u2019t immune. In June 2021, the largest <\/span><span style=\"font-weight: 400;\">ferry<\/span><span style=\"font-weight: 400;\"> service to Martha\u2019s Vineyard island in the US was targeted by <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.yahoo.com\/entertainment\/ferry-marthas-vineyard-targeted-ransomware-211300775.html\"><span style=\"font-weight: 400;\">a ransomware attack<\/span><\/a><span style=\"font-weight: 400;\"> affecting the ticket booking service and website.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Notably, most ransomware attacks go unreported, with companies opting to pay the money (which leaves no guarantee attackers will release their data or resist the urge for a future attack). There is no formal legal requirement to<\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/us-cert.cisa.gov\/forms\/report\"> <span style=\"font-weight: 400;\">report ransomware attacks<\/span><\/a><span style=\"font-weight: 400;\"> increasing the challenge of preventing further attacks by monitoring cybergangs.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In addition to a paid ransom\u2019s financial gain, criminals may steal data they can sell on the black market:<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" class=\"wp-image-1391499 size-featured_img js-lazy\" alt=\"maritime data for sale by hackers on the dark web\" width=\"796\" height=\"607\" sizes=\"auto, (max-width: 796px) 100vw, 796px\" https:=\"\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-796x607.webp 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-276x210.webp 276w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-177x135.webp 177w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-354x270.webp 354w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb.webp 1000w\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: Data from a shipping company is available for sale on the dark web. Source: Flashpoint\" data-title=\"Share Data from a shipping company is available for sale on the dark web. Source: Flashpoint on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share Data from a shipping company is available for sale on the dark web. Source: Flashpoint on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>Data from a shipping company is available for sale on the dark web. Source: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/flashpoint.io\/\">Flashpoint<\/a><\/figcaption><noscript><img loading=\"lazy\" class=\"wp-image-1391499 size-featured_img\" https:=\"\" alt=\"maritime data for sale by hackers on the dark web\" width=\"796\" height=\"607\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-796x607.webp 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-276x210.webp 276w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-177x135.webp 177w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb-354x270.webp 354w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/MaritimeMVWeb.webp 1000w\"\/><\/noscript><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Obfuscate_or_conceal_your_vessels_identity\"><\/span><strong>Obfuscate or conceal your vessel\u2019s identity\u00a0<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.marinetraffic.com\/blog\/ais-faq\/\"><span style=\"font-weight: 400;\">Automatic Identification Systems<\/span><\/a><span style=\"font-weight: 400;\"> (AIS) enable ships to transmit small parcels of data such as a vessel\u2019s type, identity, position, course, speed, and navigational status to improve maritime safety and avoid collisions. It provides a means to detect and prevent illicit activities at sea. AIS hacking also can misrepresent a ship\u2019s location.\u00a0<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" class=\"wp-image-1391500 size-featured_img js-lazy\" alt=\"AIS tracker \" width=\"796\" height=\"478\" sizes=\"auto, (max-width: 796px) 100vw, 796px\" https:=\"\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-796x478.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-280x168.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-225x135.jpeg 225w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-450x270.jpeg 450w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22.jpeg 1354w\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: An example of an AIS tracker in action. Credit: Marine Insight\" data-title=\"Share An example of an AIS tracker in action. Credit: Marine Insight on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share An example of an AIS tracker in action. Credit: Marine Insight on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>An example of an AIS tracker in action. Credit: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.marineinsight.com\/marine-navigation\/automatic-identification-system-ais-integrating-and-identifying-marine-communication-channels\/\">Marine Insight<\/a><\/figcaption><noscript><img loading=\"lazy\" class=\"wp-image-1391500 size-featured_img\" https:=\"\" alt=\"AIS tracker \" width=\"796\" height=\"478\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-796x478.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-280x168.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-225x135.jpeg 225w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22-450x270.jpeg 450w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Screenshot-2022-09-19-at-15.42.22.jpeg 1354w\"\/><\/noscript><\/figure>\n<p><span style=\"font-weight: 400;\">Naval vessels<\/span><span style=\"font-weight: 400;\"> are extremely attractive to cybercriminals. In June 2021, the AIS tracking of two UK and Netherlands Navy ships was <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/news.usni.org\/2021\/06\/21\/positions-of-two-nato-ships-were-falsified-near-russian-black-sea-naval-base\"><span style=\"font-weight: 400;\">hacked<\/span><\/a><span style=\"font-weight: 400;\">. AIS data transmitted that the vessel sailed from Odesa port to Sevastopol, within just <\/span><i><span style=\"font-weight: 400;\">two nautical miles <\/span><\/i><span style=\"font-weight: 400;\">of the Crimean port \u2013 an aggressive political act that would call for retaliation. But in reality, live camera feeds show that the vessels had never left port. A similar attack affected the <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.dn.se\/sverige\/falska-svenska-marina-fartyg-pa-natet-pekas-ut-pa-positioner-nara-ryssland\/\"><span style=\"font-weight: 400;\">AIS track of nine vessels<\/span><\/a><span style=\"font-weight: 400;\"> from the Swedish Navy in February 2021, making it appear that they consecutively left the naval base in Karlskrona late in the evening and sailed south into the Baltic Sea when they did not.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Bizarrely, AIS can also be turned off for vessel obscurity in unsafe areas inhabited by pirates, to mislead Port authorities, or conceal a vessel\u2019s identity or route or criminal activity. This allows vessels to engage in illegal fishing, carry illegal goods, circumvent international sanctions, or gain a financial advantage \u2013 for example, oil traders concealing the oil by switching off AIS. This could affect crude oil prices.\u00a0<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"State-sponsored_attacks\"><\/span><strong>State-sponsored attacks\u00a0<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">As an industry, shipping is subject to state-sponsored attacks, sometimes as an intentional target and sometimes as a victim in a broader cross-industry attack such as the NotPetya attack that the CIA attributes to the <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/world\/national-security\/russian-military-was-behind-notpetya-cyberattack-in-ukraine-cia-concludes\/2018\/01\/12\/048d8506-f7ca-11e7-b34a-b85626af34ef_story.html\"><span style=\"font-weight: 400;\">Russian Military<\/span><\/a><span style=\"font-weight: 400;\">. Attacks like these are for political gain, whether to gain information illicitly or adversely impact another country\u2019s economy.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For example, in May 2020, Iran\u2019s busy Shahid Rajaee port terminal was <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.aljazeera.com\/news\/2020\/5\/19\/israel-cyberattack-caused-total-disarray-at-iran-port-report\"><span style=\"font-weight: 400;\">hacked<\/span><\/a><span style=\"font-weight: 400;\">. Computers regulating vessels, trucks, and goods flow crashed simultaneously. It resulted in a massive blockage of waterways and roads near the facility. It was allegedly by Israeli operatives in response to Iran\u2019s cyberattack against Israeli water supplies.\u00a0<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" class=\"wp-image-1391502 size-full js-lazy\" alt=\"\" width=\"877\" height=\"493\" sizes=\"auto, (max-width: 877px) 100vw, 877px\" https:=\"\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1.jpeg 877w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-280x157.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-240x135.jpeg 240w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-480x270.jpeg 480w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-796x447.jpeg 796w\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: Maritime company Maersk was hit by a lockerware attack that downed the company\u2019s digital infrastructure for over a month\" data-title=\"Share Maritime company Maersk was hit by a lockerware attack that downed the company\u2019s digital infrastructure for over a month on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share Maritime company Maersk was hit by a lockerware attack that downed the company\u2019s digital infrastructure for over a month on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>Maritime company Maersk was hit by a lockerware attack that downed the company\u2019s digital infrastructure for over a month<\/figcaption><noscript><img loading=\"lazy\" class=\"wp-image-1391502 size-full\" https:=\"\" alt=\"\" width=\"877\" height=\"493\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1.jpeg 877w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-280x157.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-240x135.jpeg 240w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-480x270.jpeg 480w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/apm-terminal-business_1024x576-1-796x447.jpeg 796w\"\/><\/noscript><\/figure>\n<p><span style=\"font-weight: 400;\">But perhaps the most infamous example of a state-sponsored attack was NotPetya. This military cyberattack masqueraded as a ransomware attack but, as Daniel Ng, CEO of UK maritime cybersecurity company <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cyberowl.io\/\"><span style=\"font-weight: 400;\">CyberOwl<\/span><\/a><span style=\"font-weight: 400;\"> explained, was actually a more aggressive lockerware attack, permanently wiping data. And it hit Copenhagen-based shipping giant A.P. Moller-Maersk, which moves about one-fifth of the world\u2019s freight, downing the company\u2019s digital infrastructure for over a month. This resulted in a financial loss between <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/phys.org\/news\/2017-08-moller-maersk-cyberattack-million.html\"><span style=\"font-weight: 400;\">$200 to $300 million range<\/span><\/a><span style=\"font-weight: 400;\"> and forced its IT team to <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/maersk-reinstalled-50000-computers-after-notpetya-attack\"><span style=\"font-weight: 400;\">reinstall the software<\/span><\/a><span style=\"font-weight: 400;\"> on its entire infrastructure, including 45,000 PCs and 4,000 servers.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Activists\"><\/span><strong>Activists\u00a0<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">More common in industries like oil and gas and logging, activists can also cause maritime chaos by tweaking navigational data. In February this year, \u200b\u200bhacking group Anonymous renamed Russian president Vladimir Putin\u2019s yacht \u201cFCKPTN\u201d by vandalising maritime tracking data. They also made it look like the <\/span><span style=\"font-weight: 400;\">yacht<\/span><span style=\"font-weight: 400;\"> crashed into Snake Island, Ukraine, with the destination of \u201chell.\u201d<\/span><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Now Putin\u2019s yacht is on the right track! \ud83d\ude09 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/FckPutin?src=hash&amp;ref_src=twsrc%5Etfw\">#FckPutin<\/a><\/p>\n<p>with love, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/Anonymous?src=hash&amp;ref_src=twsrc%5Etfw\">#Anonymous<\/a> \u2764 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/3T8BLAcVOA\">pic.twitter.com\/3T8BLAcVOA<\/a><\/p>\n<p>\u2014 Anonymous (@LatestAnonPress) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/LatestAnonPress\/status\/1498451214777921536?ref_src=twsrc%5Etfw\">March 1, 2022<\/a><\/p>\n<\/blockquote>\n<p><span style=\"font-weight: 400;\">There are also a plethora of cyberattacks where the potential is less clear. For example, in February this year, the Port of London Authority was hit by a Distributed Denial of Service (DDoS) <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/insurancemarinenews.com\/insurance-marine-news\/pola-hit-by-cyberattack\/\"><span style=\"font-weight: 400;\">cyber attack<\/span><\/a><span style=\"font-weight: 400;\"> by Iranian cybercriminals, <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.hackread.com\/pro-iran-altahrea-hit-port-of-london-website-ddos-attack\/\"><span style=\"font-weight: 400;\">allegedly<\/span><\/a><span style=\"font-weight: 400;\"> a politically motivated attack. It oversees the movement of more than 200,000 commercial and leisure vessels annually. It\u2019s unclear whether the act was political or a case of digital vandalism. It could also have been an effort to distract from a sneakier attack. Or the aim to disable systems that might detect such an attack.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Why_is_the_maritime_industry_so_slow_to_act\"><\/span><strong>Why is the maritime industry so slow to act?\u00a0<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The maritime industry has undergone a digital transformation for decades but lags behind other sectors when it comes to cybersecurity for various reasons.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There\u2019s good old \u2018security by obscurity\u2019, where companies fail at even the most basic inventory of their digital assets. There\u2019s the combinatorial complexity of legacy and modern equipment unable to guarantee security. This is because legacy equipment is out of warranty and cannot be patched.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Unlike the IT infrastructure, not all operational technology (OT) infrastructure has traditionally had a dashboard for operational visibility. Any anomalies, if detected, may be attributed to a system when they represent something more severe that then spreads to the IT network.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Kevin Bielicki, Analyst in Physical Security and Counter-terrorism at <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/flashpoint.io\/\"><span style=\"font-weight: 400;\">Flashpoint <\/span><\/a><span style=\"font-weight: 400;\">cybersecurity, notes that connectivity may be so perilous that you should \u201cdisconnect nothing unless you know what you do, always ask the captain before you do something.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The challenge of securing the seas is exacerbated by a lack of reliable end-to-end digitization. Ng shared that, for example, cargo vessels spend most of their time at sea, with only very short windows at port, during which they are otherwise preoccupied with loading and unloading goods.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ng explains, \u201cOften the ship managers will decide, they\u2019re just not even going to fix it. Or there\u2019s just not enough time to do it.\u201d And a vessel may get dry docked, in a position to dig deep into repair and updates, only every three years. This is due to waiting queues at docks. That\u2019s a long time between in-depth security updates.\u00a0<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Insider_jobs_are_also_part_of_the_mix\"><\/span><strong>Insider jobs are also part of the mix<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Insiders can also aid cybercriminals. A 2019 <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/red-goat.com\/wp-content\/uploads\/2022\/06\/Red-Goat-Insider-Threat-Report-2019.pdf\"><span style=\"font-weight: 400;\">study<\/span><\/a><span style=\"font-weight: 400;\"> by Red Goat Cybersecurity surveyed thousands of people across industry verticals and found a wealth of underreporting of suspicious activity. One shipping company employee recalled:\u00a0<\/span><\/p>\n<blockquote><p><span style=\"font-weight: 400;\">I\u2019ve seen Captains and others stealing, photographing documents, and selling them. I have even seen people get paid to try and plug little boxes into the<\/span> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Electronic_Chart_Display_and_Information_System\"><span style=\"font-weight: 400;\">Electronic Chart Display and Information System<\/span><\/a><span style=\"font-weight: 400;\"> (ECDIS). Thankfully nothing bad happened, but I\u2019m on a ship \u2013 if I report someone, I am stuck with them for months!<\/span><\/p>\n<\/blockquote>\n<p><span style=\"font-weight: 400;\">Then, there\u2019s plain old reluctance. de Los Santos, asserts:<\/span><\/p>\n<blockquote><p><span style=\"font-weight: 400;\">Established models have been in operation for years, and change implies uncertainty as well as potential shutdowns that are unaffordable for industries in which every minute is translated into millions of euros loss. There\u2019s also a feeling that the introduction of new elements, even if they are to improve cybersecurity, means more uncertainty or potential points of failure (it goes against safety).<\/span><\/p>\n<\/blockquote>\n<h2><span class=\"ez-toc-section\" id=\"Cyber-SHIP_Lab\"><\/span><strong>Cyber-SHIP Lab<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">In 2019, the University of Plymouth launched <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.plymouth.ac.uk\/research\/cyber-ship-lab\"><span style=\"font-weight: 400;\">Cyber-SHIP Lab<\/span><\/a><span style=\"font-weight: 400;\">, a national centre for research into maritime cybersecurity. It is developed in partnership with equipment manufacturers, solution developers, shipping and Port operators, shipbuilders, classification agencies, and insurance companies.<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" class=\"wp-image-1391505 size-featured_img js-lazy\" alt=\"\" width=\"796\" height=\"534\" sizes=\"auto, (max-width: 796px) 100vw, 796px\" https:=\"\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-796x534.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-280x188.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-201x135.jpeg 201w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-402x270.jpeg 402w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship.jpeg 943w\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fshift%2F2022%2F09%2F28%2Fmartime-industry-drowning-from-cybercriminal-threat%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: The Cyber-SHIP Lab, is a UK center for research into maritime cybersecurity. that includes a unique hardware-based configurable test bed platform to replicate and risk-assess vulnerabilities.\" data-title=\"Share The Cyber-SHIP Lab, is a UK center for research into maritime cybersecurity. that includes a unique hardware-based configurable test bed platform to replicate and risk-assess vulnerabilities. on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share The Cyber-SHIP Lab, is a UK center for research into maritime cybersecurity. that includes a unique hardware-based configurable test bed platform to replicate and risk-assess vulnerabilities. on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>The Cyber-SHIP Lab, is a UK center for research into maritime cybersecurity. that includes <span style=\"font-weight: 400;\">a unique hardware-based configurable test bed platform to replicate and risk-assess vulnerabilities.<\/span><\/figcaption><noscript><img loading=\"lazy\" class=\"wp-image-1391505 size-featured_img\" https:=\"\" alt=\"\" width=\"796\" height=\"534\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-796x534.jpeg 796w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-280x188.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-201x135.jpeg 201w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship-402x270.jpeg 402w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/cyber_ship.jpeg 943w\"\/><\/noscript><\/figure>\n<p><span style=\"font-weight: 400;\">Their audience extends from students and government to manufacturers and companies who have experienced or are anticipating an attack. She explained, \u201cWe look at systems currently deployed, but also next-generation technology that hasn\u2019t hit shelves yet.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Earlier this year, the research department worked with the Bank of England. They wanted to test how some of the world\u2019s leading insurance firms would respond to a maritime cyber attack.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">They used a scenario where an individual or organisation gains access to the bridge system of commercial seagoing vessels. This caused physical damage to ships and ports. The maritime supply chain, accounting for 90% of world trade in goods, was heavily disrupted.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Companies are then asked to detail their response and the impact upon their clients across various industries.<\/span> <span style=\"font-weight: 400;\">It\u2019s the first time a maritime cyber incident has featured in the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">General<\/a> Insurance Stress Test, and Plymouth is the only university credited with helping to pull it together.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In early September, Lloyd\u2019s of London <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/assets.lloyds.com\/media\/35926dc8-c885-497b-aed8-6d2f87c1415d\/Y5381%20Market%20Bulletin%20-%20Cyber-attack%20exclusions.pdf\"><span style=\"font-weight: 400;\">announced<\/span><\/a><span style=\"font-weight: 400;\"> that their insurance policies would stop covering losses from specific nation-state cyber attacks and those that happen during wars from March 31, 2023. This can massively drive up the cost of insurance policies and leave the shipping industry significantly out of pocket.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As Lisa Forte, an analyst at Red Goat cybersecurity firm, <\/span><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/09\/06\/lloyds_cyber_insurance_policy\/\"><span style=\"font-weight: 400;\">wrote<\/span><\/a><span style=\"font-weight: 400;\">, \u201cit\u2019s heinously tricky to definitively attribute attacks to particular groups or provide proof of state sponsors. Is there hope for the ships of the future?\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In the short term, no. I asked Ng if I was a rich person and bought a brand spanking new high-tech boat with the latest software if it would be secure. He laughed, \u201cnot even close.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But fortunately, the tides are turning. The International Association of Classification Societies has developed two Unified Requirements (URs) on cyber resilience. They are mandatory for vessels constructed from January 2024:\u00a0<\/span><\/p>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/iacs.org.uk\/download\/14104\"><b>UR E26<\/b><\/a><span style=\"font-weight: 400;\"> aims to secure IT and OT equipment during a ship\u2019s design, construction, commissioning, and operational life. Vessels regulations cover equipment identification, protection, attack detection, response, and recovery.<\/span><\/p>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/iacs.org.uk\/download\/14105\"><b>UR E27<\/b><\/a><span style=\"font-weight: 400;\"> aims to ensure system integrity is secured and hardened by third-party equipment suppliers. This UR provides requirements for cyber resilience of onboard systems, equipment, and the user interface, as well as product design and development requirements for new devices before their onboard implementation ships.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, as Ng notes, this excludes the 70,000-odd vessels currently operating.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In the US, a reauthorization bill called the \u201c<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.congress.gov\/bill\/117th-congress\/house-bill\/6865\">Coast Guard Authorization Act of 2022<\/a>\u201d is currently being pushed, requiring the Coast Guard to massively update their efforts on maritime security. Its focus includes data gathering and management for studying cyber threats. It also calls for limits on the procurement of specific Chinese technologies.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Kimberley Lam is hopeful that we can meet all the threats in the upcoming years head-on and be prepared. However, she remains concerned about the influx of nation-state threats. She asserts: \u201cWe are seeing the start of this, and if this trends to more intelligent attacks in a world with more autonomy and complex systems, this is a danger.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">And in case of the next attack, it\u2019s a matter of when not if.\u00a0<\/span>\n                        <\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/news\/martime-industry-drowning-from-cybercriminal-threat\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Securing the seas when the maritime industry&#8221;s drowning&#8221; Over the last decade, the maritime industry has undergone a digital transformation to increase efficiencies, save money, gain greater insights into vessels and cargo, and develop new business models. But digitization has created a playground for cybercriminals who are benefiting from the industry\u2019s security shortfalls across cargo&#8230;<\/p>\n","protected":false},"author":1,"featured_media":496817,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/shift?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2022\/09\/Untitled-design-8.png&signature=4fb07e2e06a83c4e8558899a590055c8","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-496816","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/496816","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=496816"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/496816\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/496817"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=496816"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=496816"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=496816"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}