The vulnerability of the marine industry to cyberattack seems to be one of our most common themes, along with CISA, of course. Willis recently examined the industry’s vulnerabilities in a recent blog post on WillisWire.
Ports and ships are increasingly moving towards more advanced computerized systems to help with everything from navigation, safety, efficiency, inspection and more. However, the systems being adopted we designed “for the needs of the 20th century rather than the threats of the 21st century,” making the highly integrated maritime industry exceptionally vulnerable to cyber attacks.
Mariners are adopting new e-navigation systems, electronic charts and automatic identification systems (AIS) to supplement radar to help avoid collisions (AIS systems are now mandated by the International Maritime Organization for ships of a certain size). However, these systems do not have sufficient cybersecurity features embedded, making it easy for criminals to gain access and disrupt shipping operations. WillisWire noted that hackers could conceivably “disable one or multiple ships transiting strategically important waterways such as the Panama Canal, greatly impacting world trade.”
Hackers have already proven they are capable of manipulating container release codes in ports, as they recently did in the Port of Antwerp. Additionally, it is not far-fetched to believe that hackers have the ability to shut down entire ports. A study “found that cyber-related disruptions at Long Beach or Los Angeles could impact 20% of the maritime transportation system in the US, removing about US$1bn a day from its economy for the duration of the attack.”