Future-Proofing the Maritime Sector

While there are a substantial number in the field who fail to recognize the need for change, the maritime industry is fast catching up to the cyber domain’s promises and threats. In recognition of this, in January 2021, the International Maritime Organization adopted regulations which incorporate cyber risk management into their safety management system processes in order to continue sailing.

As the wider transport sector integrates more and more connected devices into their operations, the stakes for setting standards could not be higher. According to the Maritime Cyber Priority 2023 report by Det Norske Veritas or DNV, 76% of maritime professionals believe that a cyber incident could close a major waterway, 60% believe it could cause a ship collision, and 56% believe it could cause injury or death.

These concerns are not an old sailor’s tale: last year’s ransomware attack on Norwegian Maritime Society DNV affected more than 70 organizations and 1,000 vessels. It took more than two months after the attack and a multinational investigation to return DNV’s system back online. Marquard & Bahls subsidiaries Oiltanking and Mabanaft also suffered cyberattacks in February 2022 which crippled their unloading facilities and forced vessels to reroute to different facilities instead.

Policymakers are becoming cognizant of the need to integrate cybersecurity into their policy frameworks. As Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger said during a roundtable with reporters: “These actions are part of the president’s strategy to secure our nation’s critical infrastructure online … to make good cybersecurity practices the norm across our nation’s pipelines, railways and airports.”

However, as the Cyber Priority 2023 report itself notes, “Regulation only sets a baseline for cyber security. It doesn’t guarantee security. Rather than taking it as our goal, the maritime industry should use it as a foundation, on which to further improve and adapt to the changing threat landscape.” The Allianz Risk Barometer 2024 report notes that ransomware attacks, data breaches and IT disruptions are becoming primary concerns for businesses – of which the maritime industry is no exception.

Organizations who wish to thrive in this interconnected world where even the smallest valves are network-enabled should stake the lead in building on these regulatory foundations. They should be willing to work with professionals and providers who can lend proactive, quality protection to their assets – and thus their bottom lines.