Most maritime professionals expect cyber-attacks to disrupt ship operations in the coming years, with more than three quarters believing an incident is likely to force the closure of a strategic waterway. A survey of 801 industry professionals by class society DNV found that more than half also expect cyber incidents to cause ship collisions, groundings, and even result in physical injury or death.
Although the maritime industry has focused on improving IT security in recent decades, DNV said the security of operational technology (OT), which manages, monitors, controls, and automates physical assets such as sensors, switches, safety and navigation systems, and vessels, is a more recent and increasingly urgent risk. Three-quarters of those surveyed believe that OT security is a significantly higher priority for their organization than it was just two years ago; however, just one in three in the industry are confident that their organization’s OT cyber security is as strong as its IT security. “The maritime industry is still thinking IT in an era of connected systems and assets,” said Svante Einarsson, head of maritime cyber security advisory at DNV. “With ship systems being increasingly interconnected with the outside world, cyber-attacks on OT are likely to have a bigger impact in the future.”
According to DNV’s analysis, while the age of connection brings new threats, it also brings new opportunities. Almost all maritime professionals agreed the future of the industry relies on an increase in connected networks, and that connected technologies are helping the industry reduce emissions. “Cyber security is a growing safety risk, perhaps even “the risk for the coming decade,” warned Knut Ørbeck-Nilssen, CEO Maritime at DNV. “But crucially, it is also an enabler of innovation and decarbonization. Because as we pursue greener, safer, and more efficient global shipping, the digital transformation of the industry is deeply dependent on securing these inter-connected assets. Making it vital that we work collaboratively to strengthen our collective cyber security.”
Most maritime professionals told DNV that they believe that regulation provides the strongest motivator to unlock much-needed cyber security funding. Majority said that it will drive investment in cyber security, but only just over half are confident in the effectiveness of cyber security regulation and in their ability to meet requirements. The research further found that just 36% of maritime professionals agree that complying with cyber security regulation is straightforward and almost half (44%) say that regulatory compliance requires technical knowledge that their organization does not possess in-house. “Regulation only sets a baseline for cyber security. It doesn’t guarantee security. Rather than taking it as our goal, the maritime industry should use it as a foundation, on which to further improve and adapt to the changing threat landscape,” noted Svante Einarsson, head of maritime cyber security advisory at DNV.
The class society also noted that barely three in 10 of those asked believed that organizations are effective at sharing information and lessons learned around cyber security threats and incidents. “This lack of transparency is reflected in the belief of the majority that the maritime industry lacks standards for building an effective, repeatable approach to cyber security. Our research indicates that the industry needs to take big steps forward in openly sharing cyber security experiences – the good, the bad and the ugly – to collectively create security best practice guidance for a safer, more sustainable maritime sector,” added Einarsson.