ISSN 2083-6473
ISSN 2083-6481 (electronic version)




Associate Editor
Prof. Tomasz Neumann

Published by
TransNav, Faculty of Navigation
Gdynia Maritime University
3, John Paul II Avenue
81-345 Gdynia, POLAND
www http://www.transnav.eu
e-mail transnav@umg.edu.pl
A Retrospective Analysis of Maritime Cyber Security Incidents
ABSTRACT: The maritime industry is undergoing a rapid evolution through the introduction of new technology and the digitization of existing services. At the same time, the digital attack surface is increasing, and incidents can lead to severe consequences. This study analyses and gives an overview of 46 maritime cyber security incidents from the last decade (2010-2020). We have collected information from open publications and reports, as well as anonymized data from insurance claims. Each incident is linked to a taxonomy of attack points related to onboard or off-ship systems, and the characteristics have been used to create a Top-10 list of maritime cyber threats. The results show that the maritime sector typically has incidents with low frequency and high impact, which makes them hard to predict and prepare for. We also infer that different types of attackers use a variety of attack points and techniques, hence there is no single solution to this problem.
Agius, M.: TM mum on whether cyber-attack affected ship, air registries, https://newsbook.com.mt/en/tm-mum-on-whether-cyber-attack-affected-ship-air-registries/, last accessed 2021/04/25.
Alcaide, J.I., Llave, R.G.: Critical infrast - doi:10.1016/j.trpro.2020.03.058
ASCStaff: Cyberattack on Clarkson’s shipbroker reaffirms industry’s vulnerability, https://www.logisticsmiddleeast.com/article-13696-cyberattack-on-clarksons-shipbroker-reaffirms-industrys-vulnerability, last accessed 2020/08/11.
Asplem, A.: Norwegian Maritime Cyber Resilience Centre (NORMA Cyber), (2021).
Athens Group: Cybersecurity – There Is No Silver Bullet, https://athensgroup.com/cybersecurity-there-is-no-silver-bullet/, last accessed 2020/08/11.
Aven, T.: On the meaning of a black swan in - doi:10.1016/j.ssci.2013.01.016
Azzopardi, K.: Transport Malta cyber attack investigation has not yet determined whether data was stolen, http://www.maltatoday.com.mt/news/national/105593/watch_transport_malta_cyber_attack_investigation_has_not_yet_determined_whether_data_was_stolen, last accessed 2021/04/25.
Bartlett, P.: Cyber security – more focus required, says expert, https://www.seatrade-maritime.com/technology/cyber-security-more-focus-required-says-expert, last accessed 2021/04/25.
BBC: Red Funnel ferry firm’s IT system hit by “malicious attack,” https://www.bbc.com/news/uk-england-hampshire-54368110, (2020).
Bøe, E., Jordheim, H.: Politiet etterforsker dataangrepet mot Hurtigruten, https://e24.no/i/7KPeEK, last accessed 2021/04/25.
Boyes, H., Isbell, R.: Code of Practice: Cyber Security for Ships. IET Standard, Department for Transport (UK) (2017).
Buurma, C., Sebenius, A.: Ransomware Shuts U.S. Natural Gas Compressor Facility for Two Days, https://www.carriermanagement.com/news/2020/02/20/203485.htm, last accessed 2021/04/25.
Caprolu, M., Pietro, R.D., Raponi, S., Sc - doi:10.1109/MCOM.001.1900632
Cary, A.: Update: Hacker demands $200K ransom from Tri-Cities port to unlock computer data, https://www.tri-cityherald.com/news/local/crime/article247251569.html, last accessed 2021/04/25.
Cimpanu, C.: Ransomware Infection Cripples Shipping Giant COSCO’s American Network, https://www.bleepingcomputer.com/news/security/ransomware-infection-cripples-shipping-giant-coscos-american-network/, last accessed 2021/04/25.
Cimpanu, C.: Shipping Firm Avoids Customer Data Dump in Last Year’s Hack & Ransom Incident, https://www.bleepingcomputer.com/news/security/shipping-firm-avoids-customer-data-dump-in-last-years-hack-and-ransom-incident/, last accessed 2021/04/25.
Cimpanu, C.: US Coast Guard discloses Ryuk ransomware infection at maritime facility, https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/, last accessed 2021/04/25.
Cimpean, D., Meire, J., Bouckaert, V., Casteele, S.V., Pelle, A., Hellebooge, L.: Analysis of Cyber Security Aspects in the Maritime Sector. (2011).
Coble, S.: Ransomware Attack on Shipping Giant, https://www.infosecurity-magazine.com:443/news/ransomware-attack-on-shipping-giant/, last accessed 2021/04/25.
CyberKeel: Maritime Cyber-Risks, https://maritimecyprus.files.wordpress.com/2015/06/maritime-cyber-risks.pdf, last accessed 2021/04/25.
Dragos, Inc.: Assessment of Ransomware Event at U.S. Pipeline Operator | Dragos, https://www.dragos.com/blog/industry-news/assessment-of-ransomware-event-at-u-s-pipeline-operator/, last accessed 2020/08/14.
Drougkas, A., Sarri, A., Kyranoudi, P., Zisi, A.: Port Cybersecurity: Good practices for cybersecurity in the maritime sector. (2019).
Dryad Global: Maritime Cyber Security & Threats March 2020 Week Three, https://dryadglobal.com/maritime-cyber-security-threats-2-2/, last accessed 2020/08/10.
ENISA: COVID19, https://www.enisa.europa.eu/topics/wfh-covid19, last accessed 2020/08/17.
Goud, N.: Cyber Attack on James Fisher and Sons, https://www.cybersecurity-insiders.com/cyber-attack-on-james-fisher-and-sons/, last accessed 2020/08/14.
Goud, N.: Ransomware attack on Norwegian Ship yard results in job loss to many, https://www.cybersecurity-insiders.com/ransomware-attack-on-norwegian-ship-yard-results-in-job-loss-to-many/, last accessed 2021/03/16.
GREAT: The Icefog APT: A Tale of Cloak and Three Daggers, https://securelist.com/the-icefog-apt-a-tale-of-cloak-and-three-daggers/57331/, last accessed 2020/08/10.
Greenberg, A.: The Untold Story of NotPetya, the Most Devastating Cyberattack in History, https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/, last accessed 2020/08/10.
Greenberg, M.D., Chalk, P., Willis, H.H., Khilko, I., Ortiz, D.S.: Maritime Terrorism. RAND Corporation (2006).
Grinter, M.: Maritime cyber-attacks up 900% in three years, http://www.hongkongmaritimehub.com/maritime-cyber-attacks-up-900-in-three-years/, last accessed 2020/08/10.
Hoo, K.J.S.: How Much Is Enough? A Risk-Management Approach to Computer Security. CISAC, Stanford University, UK (2000).
INTERPOL: Cybercrime: COVID-19 IMPACT, https://www.interpol.int/en/content/download/15526/file/COVID-19%20Cybercrime%20Analysis%20Report-%20August%202020.pdf?inLanguage=eng-GB, last accessed 2021/03/16.
ISO/IEC 27000:2018: Information technology - Security techniques - Information security management systems - Overview and vocabulary. ISO/IEC (2018).
Jones, K.D., Tam, K., Papadaki, M.: Th - doi:10.1049/etr.2015.0123
Knox, J.: Coast Guard Commandant on Cyber in the maritime domain, https://mariners.coastguard.dodlive.mil/2015/06/15/6152015-coast-guard-commandant-on-cyber-in-the-maritime-domain/, last accessed 2020/08/11.
Kovacs, E.: UN Maritime Agency Hit by “Sophisticated Cyberattack,” https://www.securityweek.com/un-maritime-agency-hit-sophisticated-cyberattack, last accessed 2021/04/25.
Kretschmann, L., Rødseth, Ø., Tjora, Å., Fuller, B.S., Noble, H., Horahan, J.: D9.2: Qualitative assessment. (2015).
Kristiansen, T.: DR: Kina hackede sig ind i Søfartsstyrelsen, https://shippingwatch.dk/Rederier/article7043149.ece, last accessed 2021/04/25.
Kristoffersen, P.B., Hartvigsen, T., Myrvang, P., Torjusen, A.: Digitale Sårbarheter Maritim Sektor. DNV-GL, Lysneutvalget (2015).
Lejon, J.: Kryptera.se Ransomware lista, https://kryptera.se/assets/uploads/2020/10/Ransomware-lista.pdf, last accessed 2021/03/23.
Lemos, R.: Coast Guard Warns Shipping Firms of Maritime Cyberattacks, https://www.darkreading.com/vulnerabilities---threats/coast-guard-warns-shipping-firms-of-maritime-cyberattacks/d/d-id/1335198, last accessed 2020/04/10.
Lloyd’s List: Maritime Intelligence, https://lloydslist.maritimeintelligence.informa.com/, last accessed 2021/03/16.
Lubold, G., Volz, D.: Chinese Hackers Breach U.S. Navy Contractors - WSJ, https://www.wsj.com/articles/u-s-navy-is-struggling-to-fend-off-chinese-hackers-officials-say-11544783401, last accessed 2021/04/25.
Maritime Executive: Carnival Corporation Reports Ransomware Attack Accessed Data, https://www.maritime-executive.com/article/carnival-corporation-reports-ransomware-attack-accessed-data, last accessed 2021/04/25.
Maritime Executive: Hurtigruten Reports Passenger Data Exposed in Cyberattack, https://www.maritime-executive.com/article/hurtigruten-reports-passenger-data-exposed-in-cyberattack, last accessed 2021/04/25.
Maritime Executive: Naval Dome: Cyberattacks on OT Systems on the Rise, https://www.maritime-executive.com/article/naval-dome-cyberattacks-on-ot-systems-on-the-rise, last accessed 2021/04/25.
Maritime Executive: Ransomware Cripples IT Systems of Inland Port in Washington State, https://www.maritime-executive.com/article/ransomware-attack-cripples-systems-of-inland-port-in-washington-state, last accessed 2021/04/25.
Maritime Executive: Saipem’s Servers Hit by Cyberattack, https://www.maritime-executive.com/article/saipem-s-servers-hit-by-cyberattack, last accessed 2021/03/16.
Matson: Matson Reports Cyber Attack, https://www.omnitrans.com/matson-reports-cyber-attack/, last accessed 2021/04/25.
Nesheim, D.A., Rødseth, Ø., Bernsmed, K., Frøystad, C., Meland, P.H.: D1.1 Risk Model and Analysis. (2017).
Nguyen, L.: Collaboration in the Shipping Industry: Innovation and Technology, https://informaconnect.com/epaper-collaboration-in-the-shipping-industry-innovation-and-technology/, last accessed 2021/04/25.
NSM: Helhetlig digitalt risikobilde 2019. (2019).
NSM: RISIKO 2020. (2020).
O’Dwyer, R.: IMO latest to fall victim to cyber attack, https://smartmaritimenetwork.com/2020/10/01/imo-latest-to-fall-victim-to-cyber-attack/, last accessed 2021/04/25.
Polychronis, K.: Cybersecurity at Sea. In: Otto, L. (ed.) Global Challenges in Maritime Security. p. 243 Springer International Publishing (2020).
PST: Nasjonal trusselvurdering 2020, https://www.pst.no/alle-artikler/trusselvurderinger/nasjonal-trusselvurdering-2020/, last accessed 2021/04/25.
Redden, J.: Covid-19 has increased the chances of marine industry cyberassaults, https://www.workboat.com/offshore/covid-19-has-increased-the-chances-of-marine-industry-cyberassaults, last accessed 2021/04/25.
Reynolds, Z.: Australian defence shipbuilder Austral victim of Iranian cyber attack, https://safetyatsea.net/news/news-safety/2018/australian-defence-shipbuilder-austral-victim-of-iranian-cyber-attack/.
Safety4Sea: 2018 Highlights: Major cyber attacks reported in maritime industry, https://safety4sea.com/cm-2018-highlights-major-cyber-attacks-reported-in-maritime-industry/, last accessed 2021/04/25.
Safety4Sea: Hurtigruten hit by cyber-attack, https://safety4sea.com/hurtigruten-hit-by-cyber-attack/, last accessed 2021/04/25.
Safety4Sea: Vard shipbuilder experiences ransomware attack, https://safety4sea.com/vard-shipbuilder-experiences-ransomware-attack/, last accessed 2021/04/25.
Schnelle, S.: Kartlegging av maritime hybride trusler. Kan bruk av stordata og sosial nettverksanalyse bidra til økt maritim situasjonsbevissthet? Forsvarets Høgskole (2018).
Secureworks: GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry, https://www.secureworks.com/research/gold-galleon-how-a-nigerian-cyber-crew-plunders-the-shipping-industry, last accessed 2020/08/11.
Security: Maritime Industry Sees 400% Increase in Attempted Cyberattacks Since February 2020, https://www.securitymagazine.com/articles/92541-maritime-industry-sees-400-increase-in-attempted-cyberattacks-since-february-2020?v=preview, last accessed 2020/08/10.
Sfakianakis, A., Drougkas, A., Douligeris, C., Marinos, L., Lourenço, M., Raghimi, O.: ENISA threat landscape report 2018 - 15 top cyberthreats and trends. (2019).
Shauk, Z.: Malware on the offshore rig: Danger lurks where the chips fail, https://www.houstonchronicle.com/business/energy/article/Malware-on-the-offshore-rig-Danger-lurks-where-4470723.php, last accessed 2021/04/25.
Shen, C., Baker, J.: CMA CGM confirms ransomware attack, https://lloydslist.maritimeintelligence.informa.com/LL1134044/CMA-CGM-confirms-ransomware-attack, last accessed 2021/03/16.
Singh, H.: Cyber Security in Maritime Industry. University of Oslo (2019).
Taleb, N.N.N.: The Black Swan: The Impact of the Highly Improbable. Random House Publishing Group, New York (2010).
Tam, K., Jones, K.: Cyber-Risk Assessment for Auto - doi:10.1109/CyberSecPODS.2018.8560690
Tam, K., Moara-Nkwe, K., Jones, K.: A Conceptual Cyber-Risk Assessment of Port Infastructure. Presented at the 2021 World of Shipping Portugal. An International Research Conference on Maritime Affairs , Parede, Portugal January 29 (2021).
Toogood, D.: Red Funnel siffers “malicious attack” on IT systems causing major disruption, https://www.islandecho.co.uk/red-funnel-suffers-malicious-attack-on-it-systems-causing-major-disruption/, last accessed 2021/04/25.
Torbati, J., Saul, Y.: Iran’s top cargo shipping line says sanctions damage mounting, https://www.reuters.com/article/us-iran-sanctions-shipping-idUSBRE89L10X20121022, (2012).
UNCTAD: Review of Maritime Transport 2020, https://unctad.org/webflyer/review-maritime-transport-2020, last accessed 2021/04/25.
Vold, L.B.: Den Norske Krigsforsikring for Skib, https://www.warrisk.no/, last accessed 2021/04/25.
Volz, D.: Chinese Hackers Target Universities in Pursuit of Maritime Military Secrets, https://www.wsj.com/articles/chinese-hackers-target-universities-in-pursuit-of-maritime-military-secrets-11551781800, (2019).
Walker, J.: AIDA Cruise Ships Under Cyber Attack - Are Costa Ships Also Affected?, https://www.cruiselawnews.com/2020/12/articles/cyber-attacks/aida-cruise-ships-under-cyber-attack-are-costa-ships-also-affected/, last accessed 2021/04/25.
Walker, J., Spencer, J.: Cyber Marine: Risks & Loss Scenarios, http://www.marineclaimsconference.com/imcc-docs/docs/Cyber%20workshop.pdf.
Wallace, T., Mesko, F.: The Odessa Network Mapping Facilitators of Russian and Ukrainian Arms Transfers, https://globalinitiative.net/analysis/the-odessa-network-mapping-facilitators-of-russian-and-ukrainian-arms-transfers/, last accessed 2021/04/25.
Warrick, J., Nakashima, E.: Officials: Israel linked to a disruptive cyberattack on Iranian port facility, https://www.washingtonpost.com/national-security/officials-israel-linked-to-a-disruptive-cyberattack-on-iranian-port-facility/2020/05/18/9d1da866-9942-11ea-89fd-28fb313d1886_story.html, (2020).
Weldemichael, A.T., Schneider, P., Winner, A.C.: Maritime Terrorism and Piracy in the Indian Ocean Region. Routledge (2017).
Windward: AIS Data on the High Seas: An Analysis of the Magnitude and Implications of Growing Data Manipulation at Sea. (2014).
Wohlin, C.: Guidelines for Snowballing i - doi:10.1145/2601248.2601268
Citation note:
Meland P.H., Bernsmed K., Wille E., Rødseth Ø.J., Nesheim D.A.: A Retrospective Analysis of Maritime Cyber Security Incidents. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, Vol. 15, No. 3, doi:10.12716/1001.15.03.04, pp. 519-530, 2021

Other publications of authors:

File downloaded 188 times

Important: TransNav.eu cookie usage
The TransNav.eu website uses certain cookies. A cookie is a text-only string of information that the TransNav.EU website transfers to the cookie file of the browser on your computer. Cookies allow the TransNav.eu website to perform properly and remember your browsing history. Cookies also help a website to arrange content to match your preferred interests more quickly. Cookies alone cannot be used to identify you.
Akceptuję pliki cookies z tej strony