While the numbers are rising thanks to increasing use of digital platforms, there is still a reluctance in the industry to take preventative measures, leaving shipowners and operators even more vulnerable to these attacks. Here are 5 reasons why the maritime industry is more susceptible to cyber attacks than it might realise.
Lack of encryption
Global services firm, Marsh & McLennan Companies, believes that the lack of any inbuilt encryption or authentication code in navigation systems is an issue. It means that shipping could be seen as a soft target and this perception alone could be enough to provoke an attack.
Cyber hackers can take advantage of this open system by creating a non-existent vessel and assigning it static information such as name, identifiers, flag, ship type, even speed and direction. This ‘ship spoofing’ means that it appears as though a vessel is in a particular place, causing issues for automated systems that identify data and make inferences based on data collected from AIS.
Increased use of computer services
Marsh & McLennan Companies also reports that the maritime sector is relying more heavily on computerised systems that are not equipped to meet the needs of 21st Century threats. Ships and offshore units are becoming increasingly connected and are using more and more computer programs that connect to the internet and therefore increase their vulnerability. The systems like an open door waiting for hackers to walk through.
According to Futurenautics, in 2015 only 12% of crew received cyber security training and only 43% of crew were aware of cyber-safe policies or cyber hygiene guidelines provided by their companies. Additionally, 43% of crew had sailed on a vessel that had been infected with a virus or malware. Jordan Wiley, Campaign Director of Be Cyber Aware at Sea, says that human error is usually the reason cyber hacks occur.
There is also an increasing number of politically driven cyber attacks and espionage that crew members are not often aware of or understanding of the full damage potential.
It is expensive to safeguard against attacks
Companies believe that cyber security preventative measures are expensive and do not really believe it is always necessary. However, getting struck by a cyber attack is much more expensive. There is the perception that getting hit by an attack is very unlikely and therefore spending the money to get safe guard oneself is not always worth it. There have been few examples made public of maritime cyber attacks as well, which does little to help this perception. According to Captain Nitin Chopra, Senior Marine Risk Consultant at AGCS, cyber attacks are largely regarded as onshore issues, but their numbers have been increasing in recent years.
Stephen Hancock, cyber security expert at PA consulting Group, says that some businesses feel they are at a low risk because they have little valuable data and therefore do not strongly prioritise cyber security. Peter Hinchliffe, Secretary General at the International Chamber of Shipping agrees and says that the issue is only starting to be understood by the industry. Ships are getting more high tech, very rapidly, and more guidelines and contingency plans are required.