The shipping industry is facing a sharp rise in cyber attacks as geopolitical disputes prompt state-linked hackers to target trade flows.
Shipowners, ports and other maritime groups faced at least 64 cyber incidents in 2023, a review of company, media and academic reports by researchers at the Netherlands’ NHL Stenden University of Applied Sciences has found. A decade earlier, there were three, and zero in 2003.
Over 80 per cent of identified incidents since 2001 with a known attacker originated in Russia, China, North Korea or Iran, according to data from the university, which trains mariners.
“The international rules-based order . . . the great system [that benefited shipping] since the second world war is under threat like never before,” said Guy Platten, secretary-general at the International Chamber of Shipping, which represents shipowners controlling about 80 per cent of the world’s commercial fleet.
Recent state-linked attacks have underlined how conflicts in Ukraine to the Middle East have destabilised globalisation via disruptions in shipping, which delivers over 80 per cent of internationally traded goods.
Shipping experts have warned that an industry that has for centuries faced physical security threats was woefully underprepared for online piracy.
“IT spend in the maritime sector is pretty low,” said Stephen McCombie, a maritime IT security professor at NHL Stenden. “[Shipowners] are looking for people with maritime knowledge and cyber security knowledge [but] that is a very small group.”
Experts warn that an attack risked further chaos at a time when shipowners are already struggling with the impact of global conflicts on trade routes.
The increasing digitisation of ships, as well as the use of internet devices that have only recently been widely enabled at sea by low Earth orbit satellites, was creating new opportunities for cyber attacks, said Tom Walters, a shipping lawyer at law firm HFW who has helped clients deal with such incidents.
He warned that an attack on a ship’s systems had the potential to create a disruption on a similar scale to the Baltimore bridge crash this year, which closed one of the US’s busiest ports, forcing carmakers to reroute shipments and leaving insurers facing multibillion-dollar claims.
Notable cyber incidents have included an attack in 2020 on Iran’s Rajaee Port, which handled nearly half of the country’s foreign trade, and an attack that last year took down the website of the port of Rotterdam, Europe’s largest.
Danish shipowner AP Møller-Maersk, which controls about 15 per cent of the world’s container shipping capacity, was unable to take customer orders and had to reroute ships after IT systems were taken offline by the NotPetya malware attack, which was attributed to Russian agents after affecting businesses globally in 2017.
McCombie said cyber criminals were also “seeing an opportunity” to extort money. They “understand these industries need to keep going” and shipowners are therefore more likely to pay ransoms to get systems back online.