Maritime Cyber Vulnerabilities Exploited by Adversaries for an Edge in Unconventional Conflict
In March 2021, the container ship Ever Given grounded in the Suez Canal, causing a six-day blockage and an estimated $9.6 billion delay in goods each day. This incident served as a stark reminder of the potential for disruption in narrow transit points like the Suez Canal, Panama Canal, Kill Van Kull, and others.
Cyber threats have emerged as a significant concern in the maritime domain over the last decade. Irregular adversaries, including smaller forces acting as proxies for larger nation-states and near-peer competitors, are common in conflict in the littorals. The twenty-first century has seen near-coastal waters become the most active setting for discord in the maritime domain.
The US Department of Defense's primary maritime positioning, navigation, and timing (M-PNT) depends nearly entirely on GPS, making it vulnerable to jamming and spoofing. This vulnerability was highlighted in the Irregular Warfare Annex to the National Defense Strategy, which recognizes irregular warfare as a core competency for the entire joint force-both conventional forces and special operations forces.
Ransomware campaigns target shipping lines, ports, and maritime service companies, with a 400% increase in such attacks between February and June 2020. The shipping giant, Maersk, suffered an estimated $300 million in lost revenue due to a ransomware attack in 2017. Another notable attack targeted APM-Maersk, forcing the company to rebuild their entire network infrastructure of over 45,000 computers and 4,000 servers.
Cyber and other electronic threats have grown dramatically in the maritime domain. In addition to ransomware attacks, malware incidents have caused ships' electronic chart display and information systems (ECDIS) to malfunction, delaying ships' departures from ports by several days. The International Maritime Organization was also affected by a denial-of-service attack in September 2020.
Nations like Russia, Ukraine, and Western countries such as the USA have been involved in cyber operations and acts bordering on sabotage related to maritime infrastructure. However, the available information does not explicitly detail which nation has had a larger share in developing and using malware against shipping companies. There is evidence of Eastern European involvement in attacks on critical infrastructure like pipelines, and Western intelligence agencies are suspected in some attacks, indicating a complex attribution landscape without clear dominance of one nation in maritime-targeted malware.
The littoral zone is the frontier where territorial claims are tested, nations confront one another, and major political affairs unfold. In July 2021, there was a drone attack on an Israeli tanker off the coast of Oman that left two dead, which the United States and Israel have attributed to Iranian proxies.
To address these cybersecurity challenges, the US government issued an executive order in 2020 to strengthen the PNT system, and a National Maritime Cybersecurity Plan was issued in 2021. Academics and practitioners have also proposed and implemented mitigations and solutions to the vulnerabilities in the maritime domain, including the return of analog technology training at the US Naval Academy.
The increasing complexity of navigation systems and their reliance on a global supply chain have made cyber vulnerabilities in the maritime domain a significant concern. As the world continues to rely heavily on shipping for goods and services, it is crucial to address these vulnerabilities to ensure the safety and efficiency of global trade.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
- Russia intends to manufacture approximately 79,000 Shahed drones by the year 2025, according to Ukraine's intelligence.
- Dynamic interplay of power and communication channels set the course for the network's new era
