The ongoing conflict in the Red Sea highlights how vital maritime choke points are for the free movement of global trade. Simultaneously, the situation also emphasizes the emerging non-conventional maritime risks to the communications lines that pass through these points. One non-conventional threat emerging in the Indo-Pacific region that needs urgent attention is maritime cybersecurity.
The maritime sector, considered the backbone of the global economy, is now increasingly dependent on operational technology (OT) and information technology (IT) systems, such as industrial control systems and satellite communications. This digitalization increased the sector’s cybersecurity risks – with implications for national security.
The maritime sector covers critical organizations and institutions, ranging from ports and the shipping industry, to ships and satellites. With technology proliferation and the adoption of emerging technologies, the vulnerability to cyber risks and threats has grown.
Maritime Cyber Risks
The International Maritime Organization (IMO) defines maritime cyber risk as a “measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.” Maritime cybersecurity includes the systems overseeing ships’ operating software, navigation information, and traffic monitoring. However, the current cyber infrastructure available onboard civilian ships is not lacking in defensive cyber capabilities and tools.
Maritime sector cyber threats have become serious due to the complex operationalization of IT and OT systems. These systems can be the subject of ransomware, malware, phishing, and man-in-the-middle (MITM) attacks. The motives behind such attacks can vary from traditional applications like naval warfare to espionage, to non-state causes like cyber terrorism, and hacktivism. Maritime cyberattacks can thus act as an instrument of foreign policy or be undertaken by criminal groups or individuals.
This threat extends to onshore and offshore maritime assets. Ports particularly are prominent targets for cyberattacks aimed at disrupting goods flow and supply chains. These disruptions have huge economic impacts; the NotPetya cyber attack of 2017 led to a loss of $300 million for the Danish shipping firm Maersk alone. A 2019 Cyber Risk Management report estimated that a hypothetical Chinese cyberattack on a major port in the Indo-Pacific would cause damage between $40 billion and $110 billion.
In December 2023, an Australia-owned defense shipbuilder was targeted by a ransomware attack trying to exfiltrate confidential information. Another attack on DP World, Australia’s largest port operator, led to the suspension of operations for three days, impacting 40 percent of goods flow in and out of the country. In 2023, Japan’s biggest Nagoya Port was attacked by Russian hackers Lockbit 3.0.
Among all the existing threats, ransomware presents major risks to the maritime sector, particularly the transportation system, supply chain management, and logistics. Ransomware allows hackers to engage in double extortion, making ransom demands for recovery and demanding money to refrain from leaking sensitive data. Even software supplier companies like DNV have been targeted with ransomware, impacting 1,000 vessels via ShipManager software.
Permeability into systems and insecure and outdated equipment make maritime commercial shipping easy targets. Apart from just the IT systems, routers are also prone to exploitation by hackers. CISCO and Fortinet routers used in maritime assets have been exploited for their software vulnerabilities.
Cyberattacks can compromise navigation and monitoring and control systems, which can be leveraged to disrupt information sharing between ships and on-shore teams. Cyberattacks could also be used to gain control of onboard systems including water treatment, communications, and the engine room. In this process, the risk of sensitive and confidential system leaking becomes high.
Lack of training of crews in IT systems is the leading reason for lax cybersecurity onboard ships. Organizations such as the IMO, BIMCO, the International Chamber of Shipping (ICS), and the International Union of Marine Insurance (IUMI) have issued guidelines for the industry. Still, the sector suffers from a lack of awareness, education, and understanding of cybersecurity risks in the broader maritime sector.
This is due to many factors, including the fast adoption of emerging technologies coupled with the lack of dedicated government policies, targeted safety guidelines, and regional discussions in multilateral organizations. It seems that the regulatory and policymaking sectors are struggling to keep up with the threats.
India and Maritime Cybersecurity
In India, cybersecurity still does not attract the attention it needs – let alone cybersecurity of the maritime domain and its assets. India aspires to develop mega ports, modern port infrastructure, and transshipment hubs per its Maritime India Vision (MIV) 2030 and Amrit Kaal Vision 2047. This would require increased automation and better management systems and facilities. Increased interconnectedness with online systems, in turn, would make India’s maritime critical infrastructure more vulnerable to cyberattacks.
To address the emerging maritime cyber risks, India must look at maritime cybersecurity as a different segment, taking into consideration the severe risks linked to targeted cyberattacks on its shipping industries, ports, vessels, and the crew aboard.
As geopolitical tensions mount, Indian ports and maritime industries will see more cyberattacks from adversaries, particularly with antagonizing projects such as the India-Middle East-Europe Economic Corridor, which threatens traditional trade routes. In 2022, India’s JNPT was targeted by a cyberattack that crippled its automated system, and forced the system to return to offline methods, exposing the vulnerabilities.
Further improving India’s logistics performance in the international shipment category requires more robust, secure, and safe digital systems at its ports as well as tracking applications like Sagar-Setu made for ease of doing business. To address this India must formulate a comprehensive policy for its maritime domain.
On the military front, some important issues for India are cyber espionage, ransomware, and data exfiltration. In addition, satellite communication (SATCOM) is another critical system that plays an important role in ship-to-ship and ship-to-land communication, GPS navigation, and tracking and is increasingly vulnerable to hijacking or attacks, as seen in recent incidents.
For this, the Indian Navy must ensure adherence to cybersecurity protocols, strict inspections, regular software upgrades, risk assessments, establishing best practices, and upgrading the necessary skills to deal with cyberattacks. Spreading awareness through seminars and workshops regarding avoiding, identifying, and reporting cybercrimes is another critical step that needs urgent attention, particularly with increasing attacks targeting Indian Navy personnel and their families.
In addressing the maritime cyber challenges, India can learn from the Danish Cyber and Information Security Strategy for the Maritime Sector. Based on the “principle of sector responsibility,” the strategy establishes a dedicated authority that oversees the cyber environment and security of its maritime infrastructure, assets and systems, working closely with private sector companies.
Overall, India needs to look at its maritime sector holistically – including ports, shipping industries, and the military – and formulate robust cybersecurity policies incorporating incident response plans, risk assessments, and guidelines for a safe cyber environment. The threat is only going to increase; India must be ready.