Blackberry on Navigating Cyber in the Maritime Sector

Share
Addressing maritime cybersecurity requires a comprehensive and nuanced approach
VP of Threat Research & Intelligence at BlackBerry Ismael Valenzuela explains the threats facing systems at sea in the maritime sector

Nearly 90% of world trade traverses maritime routes. Yet with growth in geopolitical tension, they are witnessing increasing form of attacks. 

Baring any physical attacks seen, the world has witnessed a surge in DDoS targeting such critical infrastructure, focusing on the sector's digital security not just a technical challenge, but a global economic imperative.

As digitalisation transforms shipping operations, the industry finds itself increasingly exposed to sophisticated cyber threats that can disrupt entire supply chains and compromise critical infrastructure.

To find out more what the maritime sector can do to keep it self safe, we spoke with Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry.

smael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry

The digital transformation of maritime vulnerabilities

The maritime sector's technological journey has been marked by rapid digital integration, introducing unprecedented cybersecurity complexities. Ismael explains that early digital adoptions, such as electronic navigation systems, initially created basic vulnerabilities that threat actors quickly learned to exploit.

"Threat actors are quickly adopting new, AI-enabled techniques to increase the volume and sophistication of their attacks," Ismael noted, highlighting the dynamic nature of maritime cyber risks. Modern maritime systems present multiple attack surfaces.

Operational technology often lacks robust authentication mechanisms, while connectivity challenges in remote maritime environments further complicate cybersecurity efforts.

Youtube Placeholder

The long operational lifespan of maritime systems - typically spanning 10-30 years - creates additional security challenges.

Ismael elaborated on this point, explaining that "Attackers only need to flood networks with legitimate-looking commands to gain entry. Hidden under the lack of detection systems, crews may not notice they have been boarded until the momentum of the attack has carried the vessel off course."

Economic and operational consequences

Cyberattacks in maritime contexts extend far beyond mere technological disruptions. They represent significant economic and safety risks. Navigation system compromises can lead to catastrophic scenarios like collisions or groundings, while attacks targeting critical systems might trigger environmental disasters.

The financial implications are substantial. Valenzuela highlighted a compelling example: Brunswick Corporation experienced a cyberattack that disrupted operations for nine days, resulting in an US$85m material impact. Similarly, shipping giant Maersk suffered an estimated US$300 million loss from the 2017 NotPetya ransomware attack.

"The ripple effect of cyberattacks at sea are significant, with economic and global consequences," Ismael explained.

GPS spoofing or jamming can lead to potentially fatal navigation errors, while attacks on engine controls or ballast waste management systems increase the risk of environmental catastrophes.

Strategies for enhanced maritime cyber resilience

Addressing maritime cybersecurity requires a comprehensive and nuanced approach. Industry collaboration emerges as a critical strategy.

The International Maritime Organisation's 2021 resolution mandates shipowners and operators to incorporate initiatives that allow for collective information sharing.

"Implementing advanced technological solutions like intrusion detection systems and encryption protocols can protect critical systems from unauthorised access," Ismael explained.

Moreover, he stressed the significance of human factors: "Maritime companies must foster a culture of cybersecurity awareness with regular training and drills to equip crews with the skills needed to recognise and respond to potential threats."

"The ripple effect of cyberattacks at sea are significant, with economic and global consequences," 

Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry

The future of maritime cybersecurity lies in proactive risk management. Zero-trust strategies, network segmentation, and continuous access control represent critical components of a robust defence mechanism.

"The maritime sector advancing towards digitalisation necessitates prioritising strong cybersecurity and proactive risk management," Ismael concluded

As global trade continues to rely increasingly on digital maritime infrastructure, cybersecurity is no longer an optional enhancement but a critical operational necessity.


Explore the latest edition of Cyber Magazine  and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 


Cyber Magazine is a BizClik brand

Share

Featured Articles

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Managed detection service now protects 26,000 organisations as demand rises for round-the-clock threat monitoring and incident response capabilities

Netskope Data Shows Phishing Success Rate Tripled in 2024

Cyber Security

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security

Gartner: How to Align Risk Management and Governance in 2025

Operational Security