By Nir Ayalon, CEO, Cydome
The world’s economy is heavily reliant on goods and therefore the supply chain. In turn, the global supply chain relies, almost entirely, on the maritime industry, with an estimated 90% of the world’s goods being moved by sea. In 2019, 1.2 million people operating 98,000 vessels, moved 11 billion tons of cargo with a combined value of $11 trillion USD. The shipping industry serves many markets, from metal, agriculture to textiles and gas, meaning that the world as we know it, is heavily dependent on the good working order of the maritime industry. Therefore, governments around the world, as well as shipping companies, need to do everything in their power to protect the movement of goods across the sea.
As innovation in technology pushes forward, more and more industries become increasingly connected and reliant on networks and IT infrastructure. Digitalisation, for example, has brought enormous improvements and efficiencies to the market, but has also left industries, in particular the maritime industry, open to potential attacks. Cyberattacks are one of the main issues in the market due to a few factors, some being:
- Cybercriminals can act from anywhere in the world as long as they have a computer.
- Large sums of money can be gained by the attacker.
- Ships are vulnerable due to a lack of adequate cybersecurity and their lone position in the sea.
In the last three years, it is estimated that cyberattacks in the shipping industry have increased by 900%, and on vessels specifically by 400% in just the first few months of the pandemic. To put the size of the threat of cybercrime into context, if it was to be measured as a country, it would be the third largest economy after the U.S. and China. In the U.S. alone, cyber activity cost the economy between $57 billion and $109 billion in 2016, or upwards of 0.58% of gross domestic product.
The shipping industry needs to be treated as the backbone of the economy and protected accordingly through appropriate regulations and first-class technology because, as it stands, companies in this space are reluctant to disclose attacks, which leads to weakened protection. Considering the ramifications cybercrime has within the global economy, any breach can have catastrophic consequences.
Looking at the Suez Canal incident earlier in 2021, where Ever Given became lodged and blocked the passage of other ships, we can start to understand the scale of the damage one incident can have across the economy. Global supply chain disruptions cost large companies an average of $184 million per year, and the Suez Canal incident cost the world near to $10 billion in trade for each day it was stuck. We also need to consider that the Suez Canal accounts for the passage of only around 30% of the world’s goods. The numbers would be vastly different if, for example, cyber criminals would start attacking some of the biggest ports in the world, which could happen as a repercussion of an attack on a vessel.
In fact, the maritime trade infrastructure has many components that are liable to attack, if missing the cybersecurity requirements:
- The ship – nowadays a vessel has many, if not all components, connected to the internet. These on-board computers can also be interconnected with other components of the ship. Therefore, an attack can spread to the entire vessel, making it liable to hijacking.
- The shore – if the shipping companies’ offices are attacked, there is a high chance of the attack extending to the entire fleet.
- Network provider – attacking a network provider can give cyber criminals access to hundreds of shipping companies and, therefore, thousands of ships. It is not uncommon for them to be providing services to over 6000 vessels in more than 600 different maritime entities.
- Machinery manufacturer – Machinery on ships can have a connection to the manufacturer for routine updates and checks. If the manufacturer is a victim of cybercrime, the ransomware can spread to the entire ship.
As seen above, ships that are not adequately protected are vulnerable, and because of that, the maritime supply chain and the economy are as well. Any attacks on a ship can extend much wider to attacks on the shore, which can then bounce to the entire fleet. Another possible avenue for attack is the ransomware on a ship bouncing into the port on the ship’s entrance due to the inadequate cybersecurity of the vessel.
To protect the global economy, the maritime industry and governments worldwide need to tighten regulations and force companies to protect the wider industry. Given the increase of cyberattacks, the world is in danger of keyboard pirates putting trade down on its knees with a few clicks. The danger to the economy can even go beyond the trade of goods with attackers targeting tankers, which can result in environmental disasters on a large scale.
With its very specific problems and requirements, a vessel’s protection needs to be built with the ship in mind and comprise of cybersecurity for both IT and OT systems. When looking for a solution, companies need to make sure these are the best in the industry and that they heavily invest in continuous innovation – as cybercrime evolves constantly so should the cybersecurity solutions. Another important detail is that the solution is easy to use even for people that are not trained in IT as often the crew will have to be the one to check and maintain it. If they cannot use it, the cybersecurity solution becomes obsolete.
Ship-wide security is not only important, but also vital nowadays when any given hack can impact the entire economy, going beyond the initially attacked company. Any company falling victim to cybercrime will impact other businesses too as a result of an interdependent supply chain.