Seatrade Maritime is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Shipping industry expects cyber-attack deaths, collisions, and groundings

DNV A vessel sailing towards the viewer, thje left hand side of the vessel is constructed of code
Maritime cyber security needs more investment, better regulation, and sharing of incident experiences, according to a DNV report.

DNV published “Maritime Cyber Priority 2023,” a 29-page report from DNV which includes results from a survey of 801 maritime professionals covering the perceived threats, preparedness and challenges related to cyber security.

Respondents painted a bleak picture of the threat from cyber-attacks to the maritime industries, with 90% of respondents expecting disruption of ship/fleet operations from cyber incidents, 79% expecting theft of property/cargo, 76% expecting damage to port/cargo handling infrastructure and 72% expecting harm to the environment.

“According to our research, more than six in 10 industry professionals expect cyber-attacks to cause ship collisions (60%) and groundings (68%) within the next few years. More than three-quarters (76%) believe a cyber incident is likely to force the closure of a strategic waterway,” said the report.

Speaking to Seatrade Maritime News, Svante Einarsson, Head of Maritime Cyber Security at DNV, said that the survey results stack with his personal experience of speaking with customers about cyber risk.

The scale of cyber threats is expanding as systems that were once completely separated from the internet and networks – air gapped – are brought closer to networks through digitalisation of systems and processes.

“What we do see is, unfortunately, is that in the control system world—the systems on board that are responsible for bringing the vessel from A to B safely—they are lacking maturity in the sense of cybersecurity, especially in comparison to normal IT systems. That leaves loopholes and leaves potential scenarios open where actually the vessels can be at risk,” said Einarsson.

Such Operational Technologies (OT) can be protected by segregating systems to ensure that a successful cyber attack affects as few systems as possible, said Einarsson.

In his eight or so years in cybersecurity at DNV, Einarsson said his conversations with customers and shipowners have evolved from convincing IT managers that threats to OT exist, to customers asking how to assess risks to OT as remote connectivity is introduced and expanded.

“Although, not necessarily changing the readiness on cyber threats, but at least the maturity, the understanding and the awareness is there,” said Einarsson.

While awareness of cyber security issues is improving, the report said that the industry is not fully prepared for the threat and that investment is lagging behind what is necessary.

“Perception around investment is noticeably higher among professionals in freight transport than it is among passenger transportation and industry services professionals, perhaps due to the high-profile attacks on major container lines over the last decade, combined with the importance of connectivity in decarbonising this sub-sector. However, industry professionals across the board do not think their organizations are investing enough,” said the report.

Seven recommendations were put forward by the report, including considering cyber security as an enabler, treating cyber issues like safety issues, sharing insights across the industry, creating a more effective training strategy, maintaining fallback options for systems, and reframing regulation as a baseline from which to build cyber security.

Maritime Cyber Priority 2023 can be downloaded from DNV’s website.